IT Services is pleased to announce the availability of two-step login procedures for faculty and staff access to key networks and applications. Use the information on this page to get an overview of the program, and refer to the pages in the links in the left-hand column for guides and detailed instructions.
Attention UC San Diego Health team members: Due to licensing structures and privacy rules, the UC San Diego and UC San Diego Health instances of Duo function independently of each other. For example, to access systems via the dropdowns above, like Instruction Tools and Research Tools, you’ll need to read the information herein and register your devices on the UC San Diego instance. Learn more at this link about what it’s like to use two-step login at multiple institutions.
At a Glance:
How it works:
Step 1: Enter username and password like normal
Step 2: Verify your identity via push notification, phone call, or passcode
Available for: Faculty and staff. Voluntary through 2018; required starting January 30, 2019.
Enabling two-step login is the single most important measure UC San Diego can take to protect networks and applications from hackers and other malicious actors.
Login credentials are more valuable than ever and are increasingly easy to compromise. Credentials can be stolen, hacked or even guessed – and you may not even know when someone else is using your account. Two-step login increases account security by preventing anyone but you from accessing your account – even if they know the password.
About Two-Step Login
Two-step login is an added layer of protection for you and the university. Upon entering your credentials, you’ll need to verify your identity through a second step. As you'll read below, the second step can be completed via a free phone app, phone call, entering a passcode or token.
You’re probably already familiar with two-step login, which is alternately known as two-factor authentication or multi-factor authentication. An example would be when you log in to a site and are then required to enter a code sent via text message, phone call or email.
Using Two-Step Login powered by Duo
UC San Diego has chosen Duo Security to manage the two-step login process. Two-step login kicks in once you've entered your username and password as normal. Duo's technology facilitates the second step of the login process.
UC San Diego Health, UCLA, UC Berkeley, Indiana University, Stanford and other major universities use Duo for their two-step login needs.
And, before you ask...you won't need to establish a new username or password to use two-step login and Duo, nor will you have to change any existing passwords.
Duo provides multiple options to complete the second step to confirm your identity:
Duo Push
Receive a push notification (or pop up) message straight to your phone or tablet. Tap the green Approve button and you're logged in! This works on iPhone and iPad, Android devices and Windows phones. You can use a personal or university-issued cell phone.
Top tip: Before initiating a push notification, make sure your device is close at hand and unlocked!
Note that using a personal cellphone is by no means required. Read on for other options!
Step 1: Enter login and password like normal
Step 2: Tap Approve and you're in!
Phone Call
Receive an automated phone call to your cellphone, office line or home phone. Tap or push any number and you're in (if using office line, be sure to activate tones if necessary). Note that when you register a cellphone for push notifications, it is also registered to receive calls for two-step login.
You can also use a cellphone - personal or university-issued - to take calls without having to install the app. During the device registration process, just choose Landline (but enter your cell number).
Passcode
Enter a passcode code, which can be generated in multple ways:
The Duo app automatically generates anytime-use passcodes; see image below for example.
You can also request a token from the Service Desk at servicedesk@ucsd.edu or 858-246-4357.
Availability: VPN Connections and Single Sign-On Logins
Two-step login is available now! Upon registering a device, you can immediately start using it for VPN connections and single sign-on (SSO) logins. Other systems and applications will be added at future dates.
Voluntary Now; Required Starting January 30, 2019
Staff and faculty use is voluntary but encouraged starting immediately. Starting January 30, 2019, two-step login will be required.
You can tell Duo to remember your computer for seven days. Therefore, you'll only need to complete the two-step login procedure once a week or so. Note that this applies per machine. For example, if you set your work computer to remember for seven days, you'll still have to complete two-step login if you use your home computer later that day.
This is not recommended for use on public or shared computers.
Bypass During Optional Phase
During the optional period, use of two-step login is optional. If you don't have your authentication device handy or you're just in a hurry, you can bypass two-step login.
Recommended: Push Notification as Primary, and at Least One Backup
When you sign up to use two-step login, you can select multiple verification methods.
Receiving push notifications through the Duo app is the recommended primary method of setting up your two-step login. It offers the simplest, most direct method to log in: Enter your username and password as usual, tap the Approve button on your phone, and you’re in. No waiting for a call or text, no having to type in a secondary code.
It is also highly recommended to set a backup method. You can
Register a backup cellphone, office line or home phone
Install the Duo app on a tablet and register it for Duo Push
Text yourself 10 single-use passcodes
Note that you'll want to register your backup methods right away. To register an alternate method, you'll first have to verify your identity using an existing two-step method. In other words, if you forget your cellphone or it's out of battery, you'll need to have already registered a different device or have saved single-use codes somewhere.
