Protect Your SAS Accounts with Two-Step Verification

  • Faculty & Staff
  • Students & Alumni

 password + proof = access

 

***Duo Two-Step verification system is being upgraded to the Duo Universal Prompt on November 14, 2023. Click here for more information.***

 

The Two-Step Verification service will drastically reduce the risk of compromised data and nefarious use of your accounts. Because a login from a new computer requires not just a password but a verification code that is delivered to your smartphone it is much harder for malicious, unauthorized users to gain access.

Please see below for instructions on how to set up Two-Step for various accounts here at Penn.

If you are not already, we strongly suggest that you enroll in Duo Push. Duo Push is the most convenient method of Two-Step verification: the user receives a popup message on their phone much like in the image above. They would simply press "approve" instead of needing to enter any numbers.  Click here for setting up Duo Push for the first time.  Click here for setting up Duo Push on a replaced phone.

To set up Duo Push for the first time:

  1. Navigate to this website: http://upenn.edu/manage-twostep
  2. Sign in with your Pennkey
  3. Click next until you get to Select an Option for Two-Step Verification. Select Duo Mobile
  4. Enter a phone number, then click Add phone number
  5. Confirm the phone number is correct and click Yes, it's correct
  6. Download Duo Mobile from the Apple App Store or Google Play store
  7. Open Duo Mobile on your smartphone, tap Add Account, then select Use a QR Code
  8. Allow Duo Mobile to access your camera if asked, then point the camera at the QR code (you don't have to take a picture of it)
  9. You have now set up Duo Mobile for Two-Factor authentication

 

To set up Duo Push on a replaced phone:

  1. Navigate to this website: http://upenn.edu/manage-twostep
  2. Sign in with your Pennkey
  3. Approve the push on your old phone.  If no push comes through or you no longer have your old phone, click Other Options. Select either Text Message passcode or Phone Call to whichever would work with phone numbers available to you. If no phone number listed will work, contact your LSP here
  4. Select Yes this is my device if this is your own machine
  5. In the Duo Security window, you should see phone_push, as well as some phone numbers and hardware tokens. Click I have a new phone within the phone_push box
    1. A new window should open that says "Let's set up your phone". Click Get Started
    2. If you haven't done so already, download the Duo Mobile app from the Apple App Store or Google Play store. Then click next in the Download Duo Mobile window
    3. You should now see a QR code, open the Duo Mobile app on your device, tap Add Account (if you have no other profiles) or the plus (+) sign (to add an additional profile to already existing Duo profiles)
    4. Select Use QR code in the Duo Mobile app and point your device's camera at the QR code on your screen. The Duo-Protected University of Pennsylvania account appears in your Duo Mobile app. Tap Save
    5. You now have Duo Mobile Two-Step set up with your Pennkey and your device. Click Continue, you can skip for now for adding more verification methods

For more information, click here for guidance from ISC for all UPenn faculty and staff - https://www.isc.upenn.edu/how-to/two-step-verification-enrollment-instructions

 

Two-Step Verification for Pennkey and O365:

Two-Step Verification is required for all SAS Faculty and Staff. It's easy to use, and it dramatically increases the security of your PennKey and PennO365 protected accounts. 

For a user-friendly introduction to Two-Step see: https://www.isc.upenn.edu/two-step-quick-start.

You can sign up for Two-Step at: https://twostep.apps.upenn.edu/ or ask your LSP to help with the setup process.

You can find more PennO365 Two-Step information here: https://computing.sas.upenn.edu/penno365/two-step

If you have additional questions, please contact your Local Support Provider (LSP).

Two-Step Verification for Google@SAS:

To add another layer of security to your Google@SAS or personal Gmail account you can enroll in Google Two-Step Verification here.