General Multi-Factor information and a list of protected services can be found here.
Frequently Asked Questions:
How does Multi-Factor Authentication protect an account?
In addition to knowing a password – MFA will require acknowledgement with second-factor (something you have) whenever you login to a protected server or service.
This extra step prevents a bad actor from accessing your Whitman account – even if they have your password. This verification is requested only after you successfully enter your password – so you are aware when you should expect the verification step.
How often will I see this extra step?
Most people will be asked to verify once per day for MyWhitman access.
Some people who access high-risk systems will need to verify each time they access those systems.
You will not be asked to verify access every time you check your email. Access to Gmail and other Google services request verification the first time you access from a new device and only periodically (weeks) on devices you use regularly.
Is it safe to install the Duo Mobile app?
The Duo Mobile app is a secure app designed to protect your privacy.
Your protected data and your passwords are never transmitted to the Duo two-factor system; only your username is transmitted to facilitate the two-factor authentication process.
Duo Mobile has no more access or visibility into your phone than any other app. Duo Mobile cannot:
- read your emails
- read your texts
- track your location
- see your browser history
- see your pictures
- remotely wipe your phone
Duo Mobile may ask to use your camera upon initial setup to facilitate the QR scan – alternatively, you can have an activation link emailed during setup.
More information can be found here: https://help.duo.com/s/article/4683
Does this impact my cellular plan?
There is no cellular communication necessary when you are on a wifi network. Since most people are on Whitman's wifi network, there is no need for cellular signal or data communication.
Even when on a cellular network, the data used is minuscule – less than receiving an email or loading a single Instagram photo.
What if I forget my phone at home?
If you forget your phone at home you can still gain access to Whitman services that require a second factor.
The WCTS Help Desk can issue you a temporary bypass code that can be used in place of using your phone to verify your login. These codes are generally time-limited, but we can work with you to make sure you're good for the workday.
The Help Desk staff will need to verify your identity before they can issue you a temporary code.
Can I generate my own backup codes?
Yes! You can self-generate a list of pass codes for later use (when you may not have your phone).
- Instead of selecting "send me a push -- select "enter a passcode"
- from that screen click "text me new codes"
- you will receive a set of 6 codes that can be stored in a secure location for later use -- these can be used in place of your phone
Can I use my office phone to verify login?
Yes. You can add your landline or office phone as a secondary option. Upon login you would choose that device from a dropdown menu at the Duo prompt; your office phone will ring asking you to verify login.
This is only recommended if you have a private workspace and individually-assigned phone number – not shared phone lines/numbers.
To configure your landline phone:
- Instead of selecting "send me a push" -- click on "add a new device" on the left navigation list
- You will need to verify with a phone call to your already-registered device or use a passcode
- Duo will then walk you through the process for adding a landline phone
- Future Duo verifications can use the landline by selecting that device from the available options on the top area of the Duo prompt screen
**note - the Duo push mechanism is the recommended and preferred method for verification. This option should be considered an option should your smartphone or fob be unavailable.
What if I get a new phone?
You can 'add a new device' as a second factor at any time. This is useful if you replace your device -- either from a loss, or when you purchase a new phone.
If your previous device was configured for an iCloud or direct Google Play backup, the Duo app on your new phone may offer to restore your setup. If not, you simply need to add your new phone as an additional device.
To add your new device - start by connecting to a Whitman MFA service - for example: <https://my.whitman.edu> enter your Whitman username and password to login
- when prompted for the Duo 2nd factor select "Add new device" on the left
- this will ask you to verify you have control of the device - select Call Me**
- once verified, you will be walked through registering your new device -- similar to the initial setup when you were first enrolled with Duo.
** if your new phone has a different phone number, you will need to contact WCTS to start a fresh Duo enrollment - or have access to an existing passcode see previous tip above.
more information can be found here: https://guide.duo.com/add-device
I don't have a smartphone.
For phones where the Duo Mobile app cannot be installed, you can:
- have a text message sent with a one-time-use code
- receive a phone call asking for verification
- have Duo text you a set of passcodes to use for future logins
- use a USB security key
- use fob that generates one-time-use passcodes.
Please contact the Information Security Office <email@example.com> to discuss using a security key or fob.
I don't want to use my phone; or my phone is not compatible with the app.
The Duo Mobile app is the preferred mechanism for verifying logins – as it is the most secure and the most convenient.
If you choose to not – or cannot – use your smartphone for this verification step – please refer to the options listed above in "I don't have a smartphone."
Please contact the Information Security Office <firstname.lastname@example.org> to discuss your situation and coordinate which second factor solution will work best.