Two-Step Authentication (also known as 2-step Authentication, or 2SA) is an industry standard that adds a second layer of security to help prevent anyone other than you from accessing your sensitive information. This is accomplished using two types of authentication to verify your identity when logging into a system - something you know (username\password) and something you have (phone or a token). This helps prevent someone from logging in to your account, even if they know your password.


Why is this so important? Passwords can be stolen or compromised through Phishing, Cracking, Guessing, or Malware. Kutztown has seen a sharp rise on the number of attempts to steal user credentials over the last few years. Stolen credentials are often used access and acquire data, send out SPAM, and to trick others by sending email from a trusted account.


What are the options for 2SA?

  1. The DUO Security App as the easiest and quickest way to verify your account. This app works well in areas that do not provide good cellular or wireless service.
  2. Text message (SMS)
  3. Phone call
  4. Hardware token


KU IT recommends using a PIN, swipe, or biometrics to login to your phone to protect access to your second factor authentication method.

 

This article shows how to setup 2SA with the DUO Security app for the first time. Please be sure you have your mobile device when completing this process.


First Time Setup for Mobile App

 

  1. Download and install the Duo Mobile app from the Google Play or Apple App Store on your phone.



  2. On a computer, go to the enrollment page at https://app.kutztown.edu/2sa. Log in with your KU credentials.



  3. Click on “Start up.” You will be prompted to select a device. Click on “Mobile phone” and then click “Continue.”


  4. Enter your 10-digit phone number. Check the box to confirm your phone number as entered and click “Continue.” On the next screen, select your phone’s operating system and click “Continue.”


  5. Click “I have Duo Mobile installed” to continue.



  6. Open the Duo Mobile app on your phone and tap the “+” option in the upper right corner. This will add your account to Duo.

    If prompted, allow the app to access your camera and scan the QR code display on your computer screen.



  7. Verify your device and phone number and then click “Continue to login.”



  8. Choose an authentication method. Choose Send me a push.”

 

 

This completes the setup process. Whenever you log into a service that requires 2 step authentication, you will be required to verify your identity on your device.


Frequently Asked Questions (FAQs)


How long does it take to setup?

Setting up 2 Step Authentication for the first time only takes about 2-3 minutes.


Will I need to use 2 Step Authentication every time I login?

2 Step Authentication policies are developed to balance the safety and security of the University with availability to University resources. Depending on the type of resource you are accessing and your location, 2 Step Authentication may only need to be used occasionally.


Do I need a smartphone?
No, if you do not have a smart phone or do not wish to install the DUO mobile app on your phone, you can use text messages, phone calls, or a hardware token to receive passcodes. To setup 2 Step Authentication without the DUO mobile app, see our article 2 Step Authentication - No Mobile (for Faculty and Staff). If you would like to learn more about hardware tokens, please contact the IT Help Center.


Can I add a second authentication option?
Yes, login to the DUO Self-Service Portal at https://app.kutztown.edu/2sa. Select the "Add a new device" option (under the KU logo) to add additional devices or manage your existing devices.


I got a new phone (same number). How do I reactive the DUO mobile app?
If your new phone has the same number, you can still use the call or text options to get started. Then use the DUO Self-Service Portal to reactive the app. Do this by selecting "My Settings & Devices."


My DUO security passcode is not working. Is says incorrect or invalid passcode. What should I do?

If you receive an "incorrect passcode" or "invalid passcode" error during authentication, your device may be out of sync.

To re-sync your device, try to authenticate with one new passcode on each attempt within a 5 minute period. The first two attempts will generate an "invalid passcode." This is expected. On the third attempt, you should be able to successfully authenticate.


My DUO security passcode is not working and now my account is locked out. What should I do?

If you receive a message that your account has been locked, this is due to too many attempts being made and your device is likely out of sync. Please wait 10 minutes and then try to re-sync your device.

To re-sync your device, try to authenticate with one new passcode on each attempt within a 5 minute period. The first two attempts will generate an "invalid passcode." This is expected. On the third attempt, you should be able to successfully authenticate.


How can I use 2 Step Authentication if I don't have a good cell phone signal or WiFi?

If you have wifi, but no cellular signal, the DUO Mobile App Push Notifications work great. If there is no wifi or cellular signal, using DUO Mobile App Passcodes also works.


What happens if my DUO mobile app gets uninstalled?
Go to the Apple App Store or Google Play Store and reinstall the DUO Mobile App. Login to the DUO Self-Service Portal at https://app.kutztown.edu/2sa. Select the "Add a new device" option (under the KU logo) to setup the device again. If you need assistance, please contact the IT Help Center.


What if my phone is stolen?
If your phone is missing or stolen, contact the IT Help Center immediately. Your phone can be removed and temporary access can be granted until the phone is replaced


What if my phone is broken or needs to be replaced?

KU IT Help Center can help you bypass 2 Step Authentication or issue a temporary security token until your phone is replaced.  Once your phone has been replaced use the Duo Self Service Portal by logging in at https://app.kutztown.edu/2sa and selecting “My Settings & Devices” found under the KU Logo.

What if I am traveling out of the country?

The DUO Mobile App provides 6-digit passcodes that work while you are in areas that have little or no connectivity. If a smartphone with the DUO mobile app is not an option, you can request a security token from the IT Help Center before your departure.