Multi-factor Authentication at Northwestern

Multi-factor authentication (MFA) provides an extra layer of security before logging in to an online service. MFA helps you ensure that you are the only person who can access your account(s), even if someone steals your password. You will log in using your Northwestern NetID/Password and as a second step, reconfirm your identity using a verification device of your choosing, like a phone or tablet.

MFA is critical in preventing unauthorized access to personal and institutional information if your password is compromised. Northwestern IT and IT staff across schools and departments are working to integrate MFA into all services utilized by the Northwestern community.

Security Features and Benefits

  • Protects sensitive data, even if a NetID password has been compromised
  • Helps mitigate phishing attacks by preventing access to sensitive information
  • Conveniently functions worldwide via a variety of device types
  • Flexible verification options meet multiple scenarios

Get Started

You will need to register your device(s) to use MFA. Download the Duo App and register online in minutes!

Once registered, the login process is simple. Visit the IT Knowledge Base to learn more about using Duo Multi-factor Authentication.

Notification Types

Below are the ways you can choose to verify your identity when logging in to MFA-enabled University systems. To help you choose which option fits your situation, see the MFA Notification Comparison. It offers usage scenarios and notification options to fit each scenario.

Duo Mobile Push (Recommended)

The Duo app is a one-touch verification solution compatible with every mobile device, including tablets and smartwatches. This is the recommended method for verifying your identity. All it requires is an active internet connection. Click Send Me a Push to send a prompt to your registered phone. Open Duo Mobile and tap Approve to log in.

Its use is especially important for those who travel, as it can be used over wireless anywhere in the world. The Duo app also offers the option to use stored passcodes when wireless access is not available.

Northwestern IT recommends using the Duo Mobile App and selecting the "push" notification type because it is the fastest, most convenient, and most cost-effective option.

Passcode

In situations where you don't have good cell phone reception, have poor internet access, or don't have the ability to receive an international call, your best option is to use the passcode method. This method has the added benefit of being completely free since it does not use your cellular data package.

Hardware Token

A Duo MFA token a small, battery-powered device that you can attach to a keychain. Pressing a button on the token generates a code on the built-in display. Please note the hardware token does not require cellular or internet service to receive Duo-generated passcodes.

Only when a mobile phone cannot be used for MFA should a token be requested. Using a mobile phone to access Duo Mobile push notifications is the most secure way to authenticate into University systems.

Phone Call

Click Call Me to send a phone call to your registered phone. Answer the call and press any key on your phone to approve and log in. Make sure you save this phone number (847-467-9000) as one of your contacts (with a name like Northwestern Duo) so you can recognize it!

MFA Notification Comparison

To request a consultation for your particular scenario, contact the Northwestern IT Service Desk or your school or department technical support representative.


*Recommended

"Remember Me"

You have the option to check a "Remember me" box, which will bypass the need to use MFA for subsequent logins for 30 days. You will, however, still need to use your NetID and NetID password for each login. Understand how "Remember me" works.

Manage Your Registered Devices

You can manage your registered device(s*) at any time, including:

  • Adding a phone or other device as a backup in case your primary phone is unavailable
  • Changing your primary device to receive notifications
  • Changing your notification type
  • Reactivating the Duo Mobile app on your device

The University continues to be proactive in using various technologies to protect further personal employee data and the data of the entire University community. As members of the University community, it is everyone's responsibility to take steps to protect your NetID password that will ultimately protect access to sensitive information on Northwestern administrative and departmental data systems.

Was this helpful?
0% helpful - 1 review

Details

Article ID: 1901
Created
Wed 7/20/22 3:33 PM
Modified
Tue 12/13/22 11:02 AM

Related Services / Offerings (1)

Northwestern offers many ways to help your IT system authenticate or authorize users. This includes Active Directory, LDAP, Single Sign-On (SSO), Multi-Factor Authentication (MFA), Shibboleth, SAML, and others.