Goshen College has implemented two-factor authentication for employees to add a layer of protection whenever you sign in with your GC account credentials.
Why are we doing this?
Passwords are becoming easier and easier to compromise and phishing is one of the top social engineering threats that users face. Passwords can be stolen, guessed, or hacked, and many times you may not realize that someone is accessing your account or has breached your data.
The two-factor authentication service we are using, Duo Security, adds a second layer of security and keeps your account secure even if your password is compromised. It does this by using something that you know, such as your login credentials, and something that you have, such as a mobile device. When you log in, Duo will prompt you to approve the login with your mobile device. If someone is attempting to login as you, Duo will alert you immediately on your mobile device so that you can deny the login. This additional form of authentication is completely independent from your username and password. In other words, Duo never sees your password.
How It Works
- Enter in your username and password
- Verify your identity via the selected Duo authentication method
- Securely log in
Watch this brief video for more general information of how DUO will add this extra layer of security to your GC account. https://duosecurity.wistia.com/medias/653b7tkma3
How Do I Get Started?
An email was sent to your GC email account from
“Duo Security <email@example.com>” with the subject line of
“Duo Security Enrollment” that contains instructions on how to get started. If you cannot find this message, please contact the Help Desk to have another one sent to you. Follow the instructions in the email message, and then use the below setup instructions to navigate through the rest of the setup process.
Frequently Asked Questions
Q: How do I set up a device for Duo, and what options are available?
A: The ITS department recommends using the Duo Mobile app on your phone, as it provides the quickest, most user-friendly experience via a push notification to your smart phone. If you do not have a smart phone, contact the Help Desk for additional options.
The following links will guide you through adding your smart phone to Duo:
Q: Can I have more than one device for Duo?
A: Although Duo allows you to add multiple devices, ITS recommends that you only use your smart phone for Duo authentication. If you have questions about this, please contact the Help Desk.
Q: What if I don’t have access to my smart phone?
A: In the event that you do not have access to your smart phone, contact the Help Desk at (574) 535-7700 for assistance.
Q: Do I have to use Duo every time I log in?
A: No. Applications that utilize Duo do require authentication for every log in. By default, this will include both username and password as well as Duo two-factor. However, for your convenience, and in alignment with industry standards, ITS recommends using the “Remember me” option for Duo. When the “Remember me” box is checked, you will not be prompted for Duo two-factor authentication for 30 days as long as you are logging in on the same computer and browser. If you need to use another computer or browser to log in, you will need to use Duo Mobile to provide the two-factor authentication on that computer/browser.
Q: What systems or services will I be using Duo for two-factor authentication?
A: Currently you will be using Duo two-factor authentication for accessing your GC Google account. It is on our roadmap to also add it for anyone connecting to their office computer via RDP (Remote Desktop Protocol), connecting to a virtual computer, or logging into Jenzabar, Moodle, or Salesforce. Additional services may also be added in the future.
If you need setup assistance, or have questions, contact the Help Desk at (574) 535-7700, or firstname.lastname@example.org
Add a mobile phone to Duo
Mobile Phone Instructions:
- Go into your GC email account and open the message from “Duo Security <email@example.com>” with the subject line of “Duo Security Enrollment”. (If you can’t find that email message, contact the Help Desk to have another one sent to you.)
- In that email message, find “To begin, click this link to enroll a phone, tablet, or other device:” and click on the provided link.
- You will be directed to a setup page. Click on the “Start Setup” button.
- Select “Mobile Phone” as the type of device that you will be using for your two-factor authentication.
- Enter in your cell phone number.
- Click the box to verify that the phone number you entered is correct.
- Click Continue.
- Choose which type of phone you have.
- On your phone, go to the App Store if it is an iPhone, or the Google Play store if it is an Android.
- Search for Duo Mobile and install the application onto your phone.
- Open the Duo Mobile app on your phone.
- The first time you open the app, you will be prompted to allow notifications. Tap “Allow.”
- Tap the “Add Account” button.
- You may be prompted to allow Duo Mobile access to your camera. Tap “OK” so that you can scan a QR code.
- Your camera will activate on your phone.
- Return to your computer screen and click the “I Have Duo Mobile Installed” button. This will display a QR code to be scanned by your phone.
- With the Duo app open on your phone and the camera engaged, point your phone to your computer screen to scan the QR code. (Don’t scan the below image…it is just an example.)
- Once the QR code is successfully scanned, a green check mark will display over the QR code on your computer screen.
- Click Continue on the computer screen.
- In the next screen, leave the When I Log In drop-down option selected as “Ask me to choose an authentication method.”
- Click Finish Enrollment.
- You should now see a message on your computer screen telling you that the enrollment was successful.
- You have now completed the enrollment process and are ready to start using Duo for two-factor authentication when signing in with your GC credentials. The next time that you log in with your GC credentials, Duo will send a push notification to your phone. Tap on Approve to approve the login request to get logged in.
Approving a Login Request With Duo
- When you log in with your GC credentials, you will be shown a window where you can select “Send Me A Push,” and there may be an option that you can select to remember you for a certain number of days.
Click on Send Me A Push
- Duo will send a push notification to your phone.
- Tap the notification that appears on your phone’s lock screen.
- The Duo application will open on your phone. Tap the Approve button to allow your login to complete.
Denying a Login Request
- If you receive a push notification on your phone, and you are not trying to log in, tap the notification that appears on your phone’s lock screen.
- Tap the Deny button to prevent the login from occurring.
For assistance, please contact the Help Desk at (574) 535-7700.