Barnard College Barnard College

Multi-Factor Authentication (MFA)

Barnard Login page with MFA

What is MFA?

Multi-factor authentication requires that you validate your identity via a separate mechanism, in addition to your password, before giving you access to a given application.  This provides an extra layer of protection for you; even if someone manages to guess or steal your password, they won't be able to login into an MFA-protected application as you.

What is Duo?

Duo is a service (and application) that Columbia and Barnard use for multi-factor authentication.

How do I get started with Duo?

You can get a head start by downloading the Duo mobile app to your iOS or Android device.  (If you already have the app because you use it with Columbia, you don't need to download it again!  You'll just be adding a Barnard profile to your existing Columbia one.).  We have step-by-step directions for setting Duo up as well.

Duo authentication methods

  • Duo Push: Sends a notification to a registered mobile device.  This is the quickest and most convenient, works both over cellular and wifi networks, and is free of charge; you just need to install the Duo app on your phone or tablet. BCIT recommends this method; please only proceed to the others if you do not have a smartphone or tablet that can use the Duo app.
  • SMS message: Sends a text message to a registered phone number.  Depending on your phone plan, you may be charged for each authentication message.
  • Phone call: Makes a phone call to a registered phone number. Depending on your phone plan, you may be charged for each authentication call.
  • Duo Mobile Passcode: Enter a one-time passcode generated by the Duo Mobile app to authenticate. You do need to have the Duo app installed on your mobile device, but your phone or tablet doesn't need to be connected to the Internet or a cell network to get the passcode, so this option might be useful when traveling.
  • Security Keys: A security key is a dongle that plugs into your USB port. Once you register it in your Duo profile, when tapped (or, for some models, when the button is pressed) it sends a response back to Duo to validate your login. There are several inexpensive models available that are compatible with Duo; BCIT has tested Yubico's YubiKey 5 and verified that it works in the Barnard environment. These work for all web applications, but not for the desktop PulseSecure client. BCIT provides only best-effort support for this authentication method.
  • Apple Touch ID: You can use the Touch ID on your Apple macOS device to authenticate. Requires an Apple device with TouchID; and only works with Chrome, not other browsers. BCIT has tested this method but does not provide support for it.

I don't have a smartphone; how can I use Duo?

There are several options for non-smartphone access - please reach out to BCIT to discuss what option is best for you.

Step-by-Step directions for setting up the Duo App

  1. Download and install the Duo app from the Apple App Store/Google Play Store. If you already have the app installed, you do not need to download it again. You will only need to  add the Barnard profile to your existing app.
    1. iOS - Duo Mobile on the App Store 
    2. Android - Duo Mobile on Google Play
  2. After logging into a Barnard application that uses MFA such as Email/Google Workspace or WebVPN/Pulse Secure: Click on Start Setup > Mobile phone > Continue > Input your cell phone number and check the box that this is the correct phone number.  
  3. Continue > select Mobile Phone or Tablet (as appropriate) > Continue
  4. Select: I have Duo Mobile> Activate through the app on your cellphone and follow the instructions.
  5. You will need to open the Duo Mobile app on your phone or tablet,  click on the plus sign (+) in the top right corner of the  app (top right hand corner) and then scan the barcode with your phone, this should create a Barnard profile in Duo. Then click Continue on the computer screen.
  6. On the next page, choose ‘Automatically send this device a Duo Push’. This will make your process seamless every time you use Duo. BCIT recommends you select this setting. Then click SaveSkip to step 8. If you do not see this window, continue to step 7.
  7. You might already have Duo setup and need to change the Duo push setting to automatically send you a push on your phone at every logon. This will make it easier instead of having to click on “Send Me a Push” every time. In the Duo Security window, click on ‘Settings’ > ‘My Settings & Devices’.  To change these settings, you must accept the Duo authentication request on your mobile app that is sent when you click on this link.
  8. At the Duo Security window, click on ‘Send Me a Push’. You can choose to check ‘Remember me for 12 hours’ to stay logged in. You will not have to do this the next time you login if Duo automatic push has been set up.
  9. The Duo Push notification will show up on your phone screen, tap where indicated to view the available actions: Approve or Deny. Select ApproveIf you do not see notification after a few seconds on your mobile device, open the Duo Mobile app to acknowledge the login request.