Topics Map > University of Chicago > IT Services > Accounts, Identity, & Security
2Factor Authentication (2FA) - Enrollment Guide
This article provides a step-by-step guide for users enrolling in 2Factor Authentication (2FA).
2Factor Authentication adds a second layer of security to your CNetID or University account.
Use this step-by-step guide to enroll in 2Factor Authentication (2FA).
Enroll in 2Factor Authentication
- To enroll in 2FA, visit the 2Factor Authentication website, 2FA.uchicago.edu, and opt in by clicking Go to 2Factor.
Log in using your CNetID and password. This is the first layer of security or first factor of 2Factor Authentication.
If you have not previously enrolled in 2FA, you will be prompted to click Register a Device.
Register your smartphone for 2FA by selecting Mobile Phone. Then click Continue near the bottom of the screen.
If you do not have a smartphone, you may choose to register an alternative device, such as a tablet, a landline, or a hardware token. For more on hardware tokens, please see our 2Factor Authentication (2FA) FAQ.
On the next screen, enter the mobile phone number for the device you are registering with 2FA. Click Continue when finished.
Select your device's operating system and click Continue.
After selecting the operating system for your device, you will be prompted to download the Duo Mobile App to your phone, either through the App Store (iPhone) or Google Play Store (Android).
Confirm you have installed the app on your phone by checking the box on the bottom of the screen. Then click Continue.
The Duo Activation Code appears on the next screen. Open the Duo Mobile app on your smartphone and scan the Quick Response (QR) code.
To scan the QR code, press + plus in the upper-right corner of the app. Simply hold up your phone and scan the QR code from your computer screen using your smartphone camera.
When the QR code is scanned correctly, you will see an acknowledgment (shown below) that your device has been successfully registered. You may immediately enroll another device by clicking Enroll Another Device.
If you choose not to enroll another device at this time, click Done. Note that we strongly encourage registering more than one device in 2FA in case you lose or forget your device. See What if I lose my phone? to learn what to do if your device(s) is missing.
Log In With 2Factor Authentication
As with all University of Chicago sites that use Shibboleth (or Single-Sign-On), you will be prompted to enter your CNetID and password. With 2FA enabled, this becomes your first factor.
You are then directed to the Duo login prompt screen. This second factor is independent verification that you are who you say you are through the device you have enrolled or registered with 2FA. Select your device of choice (if you have more than one enrolled) and your preferred method of notification (a phone call, push notification, etc.) Refer to step 5 of this section for an explanation of these notification methods.
The first factor: CNetID and Password
The second factor: Device Notification
Note: if you check the box found on the bottom of this screen, you will also be given the option to have your browser remember you for 30 days.
If you have a smartphone, Duo Push provides one-tap authentication on your device and is the preferred form of notification for smartphones. Refer to step 5 in this section for more information about notification methods.
Select Phone call to send a call to your phone; simply answer the call and press any button on your phone to verify you have received the call.
- If you wish to use a Passcode, you may request that a set of ten unique passcodes be sent via text message to your registered device from the 2FA Manage Devices screen. Please note that you must have your passcode before you attempt to access a site that is protected with 2FA. Passcodes also work within the Duo Prompt screen. Because a passcode you use once cannot be used again, you must keep track of which passcodes have been used. For more information on how 2FA passcodes work, please see the 2Factor Authentication (2FA) FAQ.
Pushes a login request to your phone (if you have Duo Mobile installed and activated on your iPhone, Android, or BlackBerry device). Just review the request and tap Approve to log in.
Authenticate via phone callback.
Log in using a passcode, either generated with Duo Mobile, sent via SMS, generated by your hardware token, or provided by an administrator.
Click Send SMS passcodes to get a new batch of passcodes.
If you have chosen to use Duo Push notification, a login request is sent to your phone. Select the Approve button on your phone to authenticate. Authenticating through 2FA allows you to have secure access to all of your usual university sites and applications that use Shibboleth without needing to log in again.