Multi-factor Authentication is an added layer of security when signing in to your °Ä²Ê¿ª½± accounts that is increasingly vital to protecting you, your data, and °Ä²Ê¿ª½±'s data online.
Multi-factor authentication is required for all °Ä²Ê¿ª½± students, faculty, and staff for both °Ä²Ê¿ª½± network/SSO accounts and °Ä²Ê¿ª½± email/Gmail accounts. Enrolling is easy, and provides you a significant new layer of security.
°Ä²Ê¿ª½± Multi-factor Authentication
When signing in to °Ä²Ê¿ª½± resources online, users have always been asked to provide a username and password. However, this single method of authentication creates a single point of failure — if a malicious party obtains a user's password through phishing, hacking, or brute force guessing, that account is compromised.
Multi-factor authentication adds an additional layer of security by verifying not only that the user knows a password, but that the user also has access to a registered device, like a personal smartphone.
How it Works
1. Enroll
Enroll in multi-factor authentication, registering one or more devices to serve as authenticators (at least two devices is recommended). How to enroll
2. Sign in Normally
When signing in to °Ä²Ê¿ª½± systems protected by multi-factor authentication, you will enter your username and password normally.
3. Verify Your Identity With Your Registered Device
The multi-factor authentication service will prompt you to verify your identity using a registered device. This may entail responding to a notification sent to that device, or entering a code found only on that device.
How to Enroll
You have two °Ä²Ê¿ª½± accounts; enroll in multi-factor for both to protect yourself.
Although you may not realize it, you use two different accounts to access University resources. Each has its own multi-factor authentication option — to fully protect yourself, you should enroll in multi-factor authentication for both:
Your °Ä²Ê¿ª½± network account grants you access to a wide array of services and platforms around the University. These include the °Ä²Ê¿ª½± Portal, the University directory, the campus calendar, Tableau, and many more. Any time you log in using the °Ä²Ê¿ª½± sign-in interface, you're using your °Ä²Ê¿ª½± network account.
Your network account can be protected with Duo multi-factor authentication.
Your Google account grants you access to a wide platform of Google-based services, including your @colgate.edu Gmail account, Google Drive, Google Docs, Google Sites, and many more. Any time you sign in using the Google sign-in interface, you're using your Google account.
Your Google account can be protected with Google 2-Step Verification.
Although you may not realize it, you use two different accounts to access University resources:
- °Ä²Ê¿ª½± Network Account: Your °Ä²Ê¿ª½± network account grants you access to a wide array of services and platforms around the University. These include the °Ä²Ê¿ª½± Portal, the University directory, the campus calendar, Tableau, and many more. Any time you log in using the °Ä²Ê¿ª½± sign-in interface, you're using your °Ä²Ê¿ª½± network account.
°Ä²Ê¿ª½± Network accounts can be protected by Duo.
- Google Account: Your Google account grants you access to a wide platform of Google-based services, including your @colgate.edu Gmail account, Google Drive, Google Docs, Google Sites, and many more. Any time you sign in using the Google sign-in interface, you're using your Google account.
Google provides a proprietary multi-factor authentication option called .
In order to protect both of these accounts, each of their respective multi-factor authentication systems must be activated.
Duo specifically protects your °Ä²Ê¿ª½± network account, whereas Google 2-Step Verification protects your °Ä²Ê¿ª½± Google account.
In order to protect all of your °Ä²Ê¿ª½± accounts and data, you must activate both of these multi-factor authentication systems.
If you lose a device that is enrolled in your Duo and/or Google accounts, please contact the ITS Service Desk so that they can ensure it has been safely removed from your account.
ITS strongly encourages that you enroll more than one device as an authentication option with both Duo and Google. By doing so, you ensure that you can access your accounts, even if one of your authentication devices becomes unavailable.
°Ä²Ê¿ª½± recommends that users register a smartphone as their primary authenticating device.
However, both Duo and provide multiple other options for devices that may be used as authenticators.
If you are not using a smartphone as your authenticating device, ITS encourages you to contact the ITS Service Desk to discuss the best alternatives to suit your needs.
Duo Multi-factor Authentication FAQs
Google's 2-step verification has been required since the fall of 2021.
°Ä²Ê¿ª½±'s Google accounts are not part of the authentication system protected by Duo. However, users seeking the protection multi-factor authentication may .
For questions, or to request assistance, contact the ITS Service Desk.
This second factor of authentication is separate and independent from your username and password — Duo never sees your password.
Using Duo Push with the Duo app uses a very small amount of data — less than 2KB per notification; if you're connected to WiFi, it will not impact your data plan at all. Using Duo Passcode via the mobile app does not use any data.
When using the text message (SMS) option, your text message rates will apply, and the University will also incur a small cost per text message requested. For this reason, the University strongly encourages users to utilize the Duo Push or Passcode options via the mobile app.
For a full look at the implications of the various device options, see Add and Manage Duo Devices.
If you're travelling internationally, Duo authentication can work without cellular service or a wifi connection.
We always recommend in all circumstances, and particularly while travelling to use the Duo app on a Smartphone or Tablet. When prompted at sign-in, choose the Enter a Passcode option. To generate the passcode, open the Duo Mobile app on your phone and tap the "°Ä²Ê¿ª½±" entry. A passcode will be presented to you, even without wifi or cellular service.
Alternatives to the preferred option above include a Hardware token or obtaining a ByPass Code (can be used in extreme cases). For more information, contact the ITS Service Desk.
Refer to for more information on SIM cards, phone numbers, and changing phone.
It is best to review the options above prior to leaving the country. Work with the ITS Service Desk to be best prepared for your travel.
Yes, Google 2-Step Verification has been required since October 2021.
Google provides this page outlining the various .
Google recommends that users utilize the Google Authenticator app, listed on the page linked above.
The ITS Service Desk can assist should you forget your device.
- To check your status, begin by visiting
- Then Click "Security" on the left-side navigation panel
- Scroll down to the section: "Signing in to Google" and confirm that 2-Step Verification is on.
Ask for Help
If you are unable to find the information you need in the documentation available online, the ITS Service Desk is available to assist.