Two-factor authentication requires something you know (your Clemson password) and something you have (like a mobile phone, landline phone or a smartphone app) as an added layer of security to prevent anyone else from accessing your account. Two-factor authentication is the most effective method of account takeover prevention, helping to protect both you and the Clemson community.
Passwords are essential for security and privacy, but they are often not enough. They can often be stolen, guessed, and hacked -- you might not even know who else has your password and is accessing your account. Two-factor authentication adds a second layer of security to your account to make sure that it stays safe, even if someone else knows your password, by using your phone or other device to verify your identity. You will be alerted right away (on your phone - mobile or landline - or tablet) if someone tries to log in using your password. This prevents anyone but you from accessing your accounts.
All Clemson students, faculty, and staff will be required to enroll in Duo in order access 2FA protected applications.
Duo's self-enrollment process makes it easy to register your phone or tablet and install the application on your device. You can complete your enrollment at https://www.clemson.edu/2fa . We suggest doing this on a device other than the one you plan to register. After completing the process, you can test the authentication process by visiting https://www.clemson.edu/2fa/check .
FAQs and Tips
You can use a landline or a tablet. Duo also lets you link multiple devices to your account, so you can use your mobile phone, a landline and/or tablet. In fact, we suggest that you enroll more than one device for redundancy in the event a device is lost.
Contact the Help Desk via email (ITHelp@clemson.edu) or call 864-656-3494 immediately if you lose your phone or suspect that it has been stolen. The device will be disabled for authentication and you will be assisted in enrolling another phone/device. While it is important that you contact the Help Desk if you lose your phone, remember that your password will still protect your account.
If you get a new phone you will need to re-activate Duo Mobile. This can be done through our Device Management Portal at https://2fa.clemson.edu/. When accessing the portal, you will need to complete the two-factor authentication process. If you have a second device, you can use it to authorize. Otherwise, you will need to choose the option to have Duo call or send passcodes via text to your phone before you can re-activate Duo mobile. Once you have authenticated, under the Device Management tab, if you click "Device Options" for the device that needs to be reactivated, you should see the option appear below. Once you have clicked on that, it will give you a new QR code to scan with your device.
The CCIT Support Center will have Duo D-100 hardware tokens available for $20. These devices are the preferred alternative to a mobile device or phone because they will work for any situation or application. In the event an employee does not have a suitable mobile device or landline, it is our suggestion that the department purchase this token for their employee. If the employee later leaves, the token and be returned to the department and assigned to another user.
Alternatively, you are welcome to purchase a personal YubiKey to be used for 2FA. A list of model prices and feature comparisons can be found on the vendor's website here: https://www.yubico.com/products/yubikey-hardware/. Please be aware the U2F version of the YubiKey only functions in Chrome or Opera web browsers. Native application like Cisco AnyConnect will not work with the U2F YubiKey. If you purchase another model that supports event-based HOTP, a Duo admin will need to enroll the device for you. This can be done in the CCIT Support Center.
Yes. To receive a passcode to your phone in a text message, you should choose the "Enter a Passcode" option when authenticating, and a blue bar across the bottom should give you the option to text you codes.
If you choose to receive text codes, you will be sent one message with 10 different codes. The codes are one time use each. This way, next time you go to log in, you can just enter one of the codes that you were given via text. Once you have used up all 10 codes, you can start the process over again by clicking the blue button to send new text codes.
You will have five chances to authenticate a request. After the fifth chance, your two-factor authentication will be deactivated and you will not be able to access the system you are attempting to log into.
Deny the request and report the incident to the Help Desk immediately via email (ITHelp@clemson.edu) or by calling 864-656-3494.
Your account will lock when there are too many failed attempts to authenticate. The lockout should clear automatically in 15 minutes, so you can either wait, or contact the Help Desk at 864-656-3494 for assistance with your account.
No. Two-factor authentication adds a second layer of security to our online accounts. In an effort to keep your personal account information secure, we are requiring two-factor authentication on selected services.
If you travel internationally and need access to resources protected by Duo, you may wish to set your two-step verification method to Duo Mobile Passcode. Using Duo Mobile Passcode (available for smartphone or tablet), you can generate authentication codes even if you don't have an Internet, wi-fi, or cellular connection. Please note that if you're traveling internationally (or have an international phone number) and are using text messages as your method of two-step verification, you may be subject to your carrier's roaming charges for SMS messages. Use of SMS is not recommended for international travelers.
Please keep in mind it is important to enroll more than one device (such as a smartphone and desk phone) in 2FA to avoid difficulties authenticating if you lose or don’t have your only enrolled device with you.
To add multiple devices:
- Please log into 2fa.clemson.edu and authenticate with your current device.
- Then, under the "Manage Devices" tab, under your current device there should be a plus symbol that says "Add Another Device".
You will need to click that and go through the steps to set up an additional device.
- Once you have another device enrolled, you should now see a drop down under menu that says "Default Device".
If you have your settings to automatically send you a push or call, the device you select here will be the one it will go to.
If you use devices interchangeably, it is best to set your "When I log in" preference to "Ask me to choose an authentication method". Then when you log in to a system that requires Duo, you will see a dropdown to choose which device to authenticate with, so you will be able to choose the appropriate device, and then click push, passcode, or call, depending on your preferred method of authentication.
Duo, Clemson’s partner in 2FA, will never ask for your user ID and password. If you receive such a request, do not respond.
We recommend that you have two devices registered with Duo in case one device is unavailable. In the event that you can't access your account due to your device(s) being unavailable, please contact the CCIT Support Center at 864-656-3494 for a temporary bypass code to allow access to your accounts.