Do I need a smartphone to use 2FA?
You do not need a smartphone to use 2FA. 2FA also works with cell phones, landline phones, tablets, and hardware tokens. Although using the 2FA Duo Mobile app on a smartphone makes it easy to receive Duo Push notifications from WebAccess and to generate passcodes, it is just one of the ways you can use 2FA.
Why do I need to enroll more than one device?
It’s important to enroll more than one device in 2FA in case you misplace or something happens to your only enrolled device. For example, if you accidentally leave your cell phone at home, you could use your landline office phone as a backup way to log in to WebAccess. Keep in mind, you can enroll smartphones, cell phones, landline phones, tablets, and hardware tokens in 2FA.
Can I unenroll or opt out of using 2FA?
All Penn State faculty and staff members are required to use 2FA to log in to WebAccess. Faculty and staff members will not be able to unenroll in 2FA without losing access to such WebAccess-protected sites as eLion and the Employee Self-Service Information Center (ESSIC). Penn State students and retirees—unless they are required to use 2FA-protected sites, systems, and services—will be able to unenroll in the service if they choose.
I’m an employee who will be retiring soon. Will I still need to use 2FA?
You will need to use 2FA to log in to WebAccess for as long as you are a faculty or staff member. When you leave Penn State, your affiliation with the University will change and you will no longer be required to use 2FA. However as a retiree, you still might need to log in to such WebAccess-protected sites as the Employee Self-Service Information Center (ESSIC). To access these sites, you will need to stay enrolled in and use 2FA.
I’m going to be traveling abroad. Can I still use 2FA?
Yes, you can use 2FA while traveling abroad. You can use your smartphone or cell phone, enroll a new international phone, or buy a hardware token (before you leave) to use 2FA abroad. For smartphones, you can use the 2FA Duo Mobile app to generate passcodes to log in to WebAccess-protected sites. While cellular service is not needed to generate passcodes with the app, you will need Internet access. You can also request to have 10 one-time use passcodes sent to your smartphone or cell phone via text message.
Will the hardware token I currently use for two-factor authentication work with the Duo Security 2FA service?
Because 2FA uses Gemalto tokens from Duo Security (Penn State’s 2FA provider) you will not be able to enroll or use existing Vasco or other kinds of departmental tokens with the 2FA service. If you are an advisor or faculty member who currently uses a Vasco token to log in to eLion, for example, you will no longer need to use the Vasco token after you have enrolled in the 2FA service (since you will begin using the device you enrolled in 2FA to log in to WebAccess-protected sites). Keep in mind, some individuals may still need to use Vasco or departmental tokens to access certain local systems, depending on the local integration of the system.
I’m in a location with poor cell coverage. How can I use 2FA?
In locations where cell coverage is not available, you can use the 2FA Duo Mobile app (which requires an Internet connection) to generate a passcode. Another option is to request 10 one-time use passcodes to use when you don’t have cell coverage. Landline phones and hardware tokens also work with 2FA.
I have a Windows tablet, but it does not seem compatible with 2FA. What should I do?
Windows tablets with a mobile operating system (including Windows Mobile and Windows Phone) will work with 2FA. However, certain Windows platforms (including those with full operating systems) are not supported by Duo Security, the University’s 2FA provider. If your tablet does not have an app store and is not supported, you can use a smartphone, cell phone, landline phone, or hardware token with 2FA.
How do I avoid getting locked out of 2FA?
As a security measure, you will be locked out of 2FA after ten consecutive attempts to log in to WebAccess using 2FA fail. Here are some suggestions for how to avoid getting locked out:
- Make sure you’re attempting to authenticate to a properly enrolled device that is currently available to you.
- Open the 2FA Duo Mobile app and approve the Duo Push notification when you request authentication.
- Log out of your computer daily to prevent your machine from trying to automatically authenticate to certain sites and systems.
If you do get locked out of 2FA, contact the IT Service Desk at 2FAsupport@psu.edu for assistance.
Can I use 2FA with such third-party accounts as Google and Dropbox?
Yes, you can use 2FA with third-party accounts. If you use a smartphone with 2FA, the 2FA Duo Mobile app can integrate with such accounts as Google and Dropbox. Learn more at the guide.duo.com/third-party-accounts.
How do I get help with 2FA?
If you need assistance related to 2FA, contact your local IT service desk, call 814-865-4357, or send an email to firstname.lastname@example.org. A website with answers to commonly asked questions about 2FA is also available.