New, Easy-to-Use Two-Step Authentication Replacement for Printed List
Monday, February 2, 2015
In December 2014, University IT rolled out the new Two-Step Authentication service powered by Duo Security. The enhanced service offers more options than previously available, along with the ability to dynamically select which option to use when prompted for two-step authentication. To take advantage of the new two-step capabilities, go to the Accounts application and click the Two-Step Auth tab. We strongly encourage users to register their smartphones and at least one backup device (e.g., desk phone). Once a smartphone is registered in the new system, all four methods are available: push notification (simply click Approve or Deny in the Duo app), passcode (similar to Google Authenticator), text message, and phone callback. These four methods accommodate all situations, including times when network and/or cell phone coverage is unavailable.
Many members of the Stanford community are currently using the “printed list” option, which was needed by those without a cell phone or who preferred not to receive text messages. University IT is working to phase out printed lists by May 2015, providing a better and much simpler alternative: hardware tokens. Hardware tokens are the size of a car key fob, don’t require a cellular or Internet connection, produce unlimited codes, and last more than four years. The first token is provided for free, and if it is damaged or lost, a replacement will be issued for a $25 fee. When prompted for two-step authentication, you simply press a button on the token and a 6-digit code appears in the token window. You then type that numerical code into the prompt to complete the authentication process.
On February 9th, University IT will begin distributing these hardware tokens via temporary distribution centers at several locations across campus and at Porter Drive, prioritizing those who are currently using printed lists. Email notifications will be sent to printed list users informing them of the dates, times, and locations of the distribution centers. Stanford recipients must remember to bring their Stanford or government issued ID; you cannot pick up a hardware token for someone else. For off-site users, tokens will be shipped via US mail.
Once the initial distribution of tokens has been completed, the ID Card Office will handle token distribution at their new Tresidder office site. If the token is ever lost, damaged, or stolen, the owner can stop by the ID Card Office to get it replaced for a $25 fee.
More information and instructions about the new two-step authentication system can be found at the Two-Step Authentication webpages.