On this page:
As part of an improved and simplified Cardinal Key experience, we are introducing a new browser experience for two-step authentication.
- You’ll see a few screen changes, but everything will work much the same as now and will stay just as easy to use.
- The core functionality of Duo Mobile isn’t changing. You’ll still be able to receive a Duo push and do anything the current version of the app does.
- With the new screens, you'll see a changed URL in the address bar. Currently, when you need to verify, the prompt displays within the Stanford login webpage with a login.stanford.edu URL. After the update, you’ll be directed to a webpage hosted with a duosecurity.com URL.
- With the change, you'll always be prompted for your last-used authentication method and can no longer set a default method.
Changes to the login experience
- If you use Cardinal Key, the Stanford login screen you’re familiar with will be replaced by a “Select a certificate” pop-up when it's time to authenticate. If you see the pop-up shown below, simply select OK. This pop-up prompt replaces the Stanford login screen.
Note: Those who are not yet using Cardinal Key will continue to enter a SUNet ID and password on the Stanford login screen, as usual.
- For websites and applications that require two-step authentication, you’ll see a revised browser-based prompt to verify your two-step authentication.
Note: Instead of showing the Duo prompt within a page hosted by the application [login.stanford.edu], the link will now redirect to a page hosted by Duo at [duosecurity.com] to show the Duo prompt and then redirect back to the protected application after completing the two-factor authentication.
- When prompted for Two-Step Authentication, you will always be offered your last-used authentication method. If you choose Push as an authentication method, a login request will be sent to your device.
- To choose a different authentication method from what is provided initially in the prompt, you can select Other options to choose one of the other options that may be available to you.
- Your next steps are the same as before. Open the Duo Mobile app on your device. You may see a message saying that you have a request waiting, displayed at the top of your screen. Tap the message.
- Tap Approve to authenticate. If you get a request you were not expecting, tap Deny.
- Once you have authenticated, you might see a screen that asks if you want to trust the browser. You’ll have the option to select “Yes, trust browser.” This takes the place of the “Remember Me” screen.
- If you click Yes, trust browser the browser will automatically remember you, and you will not be prompted to authenticate for that application or service for the next 90 days.
- If you select No, do not trust this browser, you will still authenticate and continue onto your desired site; however, you will be prompted to re-authenticate each time you log into an application on that browser.
- Remember, public or shared computers shouldn’t be saved as trusted browsers.
Changes to devices & settings
The new prompt does not offer a way to configure a default authentication device (see "Universal Prompt" on the Duo support webpage). Therefore, you can no longer set a default authentication method by navigating to accounts.stanford.edu and selecting the "Two-Step" tab.
Instead, you will always be prompted for your last-used authentication method. If you select an option and authenticate with it, you will automatically be prompted with it until you authenticate with a different method. To choose a different authentication method from what is initially provided in the prompt, select “Other options."
Duo Mobile is one of the multi-factor authentication tools Stanford uses to keep our systems safe and secure. To learn more about your two-step authentication options, visit the Two-Step Authentication website.
If you have questions or need assistance with the new interface, please submit a Help request.