WashU 2FA—a two-factor (or two-step) authentication service provided by Duo, an industry leader in cyber security services—adds a second layer of security to your WUSTL Key account when accessing the many WashU systems, which contain sensitive personal information. By verifying your identity through the use of a second device, hackers and identity thieves are prevented from logging in these systems, even if they know your WUSTL Key ID and password and you’ll be alerted immediately if someone tries to log in using your credentials.
When must I use WashU 2FA?
2FA (provided by Duo) will soon be expanding to include the student population. This expansion is needed to further reduce the impact of phishing and other malicious campaigns which are engineered to steal student’s personal and sensitive information. All students will be required to use 2FA when accessing most WashU systems and services from off-campus networks.
WashU 2FA Support & Questions
Please contact the WashU IT Service Desk at 314-933-3333.
WashU 2FA extends protection to most WUSTL Key enabled sites, allowing users to opt-in to two-factor authentication while logging into websites that don’t currently require 2FA authentication.
Below are a few examples of these supported sites:
- Office 365 Outlook Web App (email on the web)
- Blackboard (for students)
How It Works
- Enrollment in WashU 2FA is simple. Visit the WashU 2FA enrollment wizard.
- Choose when you want the protection applied.
- The default setting is Only when off campus – remote locations such as a business or residential internet connection. However, you have the option to choose Always – from all sign-in locations, both on and off campus.
- Select Save Changes.
- Under the Information section, select Enroll in WashU 2FA to enroll your device in Duo.
- Under the Choose your Device Type section, select the type of device you would like to enroll and select Continue.
- We recommend using a smartphone for the best experience, but you can also enroll a landline telephone or iOS/Android tablet.
- Finally, follow the prompts based on the device you have chosen to enroll, and that’s it! You can enroll an unlimited number of devices.
Duo Mobile App
When enrolling a smartphone, you have the option to also install the Duo Mobile app. Duo Mobile runs on your smartphone and helps you authenticate quickly and easily. Without it you will still be able to log in using a phone call or text message, but for the best experience, we recommend that you use Duo Mobile. Follow the platform-specific instructions on the screen to install Duo Mobile.
After installing our app:
- Return to the enrollment window and select I have Duo Mobile installed. Once enrolled in Duo, you’ll log in to the WashU system as usual with your WUSTL Key ID and password. This is the first step of authentication.
- Next, you’ll verify your identity using the device you’ve enrolled with Duo. This is the second step of authentication. This will eliminate extra steps, taken in the past, to ensure better security.
For information on using Duo with cell phones that are not smartphones and landline telephones, visit the Using Duo With Any Cell Phone or Landline Quick Guide.
What is Duo Security?
How does two-factor authentication (2FA) work?
Two-factor authentication commonly works by asking for something you know (your password) in combination with something you have (your mobile phone) to confirm your identity across a variety of account activities–such as accessing your accounts from new devices, verifying transactions, or recovering your accounts.
What university systems will require WashU 2FA?
Use of WashU 2FA is required: when accessing WUSTL Key Single Sign-on (SSO) from any non-trusted network and when accessing the WashU CFU User VPN login portal from any network.
Who is required to enroll?
The WashU 2FA service is for current WashU employees, students, and anyone (parents, university partners, vendors, visitors and/or contractors) who may access the services listed above.
Can I opt-out of WashU 2FA?
No, enrollment for access to identified systems is mandatory.
Can I use multiple devices with WashU 2FA?
Yes! You can enroll your mobile phone, your landline phone, and your tablet.
Can I use WashU 2FA on my mobile phone or tablet without incurring any data or text message costs?
Yes. Open the Duo app on your smartphone or tablet and select the Duo key icon in the upper right-hand corner of the screen to generate a passcode. Generating passcodes does not send any kind of message or use data and you can generate passcodes even when you are not connected to a network. Using Duo to generate passcodes will not incur any data or text messaging costs.
I will be traveling and won’t have reliable cellular network access. Can I still use WashU 2FA?
Yes. In the Duo mobile app, simply click the key on the upper right-hand side of the screen or select the Generate Passcode button on Microsoft OS devices to generate a numeric passcode that you can use without a network connection. Alternatively, you can use the Duo text passcodes feature to generate a list of single-use passcodes that you can use if you won’t have access to your phone at all.
Will Duo see my login credentials?
The second factor of authentication is separate and independent from your username and password. Duo never sees your password.
Can the system handle international phone numbers?
Yes. Duo accepts international phone numbers.
Why does it say my device is registered to someone else?
Duo 2FA devices cannot be registered to more than one person. If you are trying to add a device (such as a home phone) that is shared with someone else, and that device has already been registered to another person, you will receive an error message.
How long after registration will the birth year requirement in HRMS disappear?
WashU 2FA Duo registrations are refreshed every 24 hours.
What if I lose my phone?
Lost or stolen mobile computing devices must be reported to the Privacy Office or the Information Security Office immediately. This shall occur before the user of the device cancels the service with the provider. You can review the Mobile Device Security Policy here. You must also log in to the WashU 2FA service and unenroll the device.
What if I got a new device with a new phone number and no longer have my old one?
Please call the WashU IT Service Desk 314-933-3333 to verify information and have the old device removed.
What if I got a new device using the same phone number?
- Visit the enrollment wizard to access the enrollment wizard.
- Scroll down and select manage enrollment.
- Choose an authentication method other than Send Me a Push
- Select add another device and then Continue.
- Select your device type and then Continue.
- Enter your phone number.
- Select the checkbox next to: (XXX) XXX-XXXX This number already exists, replace it?
- Select Continue.
- Choose your device type and then Continue.
- The next screen will prompt you to download the Duo app to your new phone.
- If you have not installed the app, install it on your new phone and then select I have Duo mobile installed.
- If you have already installed the app, immediately select I have Duo mobile installed.
- After you select I have Duo Mobile installed, you will have to activate Duo on your new phone by scanning the barcode on your computer screen.
- Your new mobile device connection is complete.
Can I transfer my DuoMobile app from one device to another??
While the app transfers from device to device, the configuration of each device is specific and will need to be reactivated on new devices.
I do not have cell or wireless service; can I still use 2FA?
In the DuoMobile App there is a key next to WashU2FA- clicking this key has a hidden code. You can request to be texted codes (list of 10) prior to leaving cell service and they can be used in order. You can also call the WashU IT Service Desk and request a one-time use one-hour expiring bypass code.
|Mobile Push||Mobile Passcode||Phone Code||SMS Text Message||Temporary Passcode|
|Enroll a smartphone (recommended)||X||X||X||X|
|Enroll a tablet||X||X|
|Enroll a basic cell phone||X||X|
|Enroll a landline phone||X|
|Call the WashU IT Service Desk (314) 933-3333||X|