What is Two-Step Login?
Two-Step Login provides an extra layer of security on websites and services like MyUI, ICON, Office 365, and Employee Self Service.
Two-Step Login uses multifactor authentication to protect your academic, personal, or financial information:
- Step 1: You enter your Hawk ID and password to start your login.
- Step 2: You verify your identity and complete your login using a device only you control—usually your phone.
What is Duo Security?
The university uses Duo Security tools—including the Duo Mobile app—to manage the Two-Step Login process. You may hear the system referred to as either “Two-Step” or “Duo.”
Push notifications to the Duo Mobile app are the safest, fastest, and most reliable way to complete your logins.
Why is Two-Step Login required?
Passwords provide only so much protection—even the strongest ones can be stolen. Requiring login verification from a phone or other device prevents hackers from accessing your accounts and pretending they’re you.
You probably already use multifactor authentication with your bank or even your social media accounts. Your academic and employment records, bank account numbers, and other sensitive data stored in university systems deserve the same protection.
At best, account compromises are a temporary inconvenience. At worst, they let others steal your identity or even your money. The risk is real—Two Step Login offers essential front-line security.
Frequently Asked Questions
Past 90 Days
The issue has been resolved.
There are issues logging into services such as ICON, Wiki, Employee Self-Service, Clarity Connect (call center phone systems across campus), Virtual Desktop, MAUI, MyUI, Duo two-step login, Zoom, Cherwell, and eduroam. ITS staff are investigating.
The issue is resolved.
ITS is getting reports of many services being down and the networking team is working to identify the issue.
This issue has been resolved.
Users are reporting issues authenticating with Duo Two-Step login. Upon login the Duo Two-Step page shows an error or that the service is under heavy load. Support staff are working to resolve the issue.
On Tuesday, August 1, ITS will enable Universal Prompt for Two-Step Login with Duo. The Universal Prompt will provide a more secure and streamlined experience. The following updates will occur:
- Updated visual appearance: Universal Prompt will be visually redesigned with a simplified interface.
- Automatic Duo push: If you have the Duo app set up for push notifications, it will automatically send a Duo push notification to your device without needing to select anything. After Universal Prompt is enabled, Duo will automatically select the most secure option you have set up--Duo push being the most secure.
- Last-used authentication method: Universal Prompt remembers your last-used authentication method (e.g., Duo push, security key, text or phone call, etc.) and displays that option by default. To see other available login methods, simply select “Other options” from the prompt.
- Trusted browser: The check box for “Remember me for 30 days” will be replaced by a popup to “Trust this browser.” If selected, trusted browser sessions last 30 days. Selecting “No, do not trust browser” will not create a trust session. You won't be asked to trust that browser again for 15 days.
Visit Changes coming to your login experience Aug. 1 to read more about the upcoming changes and review screenshots of the new login experience or read the full details on universal prompt on Duo's documentation page.
Beginning Sept. 21, students, staff, and faculty not yet enrolled in Two-Step Login (Duo) for multifactor authentication will receive notice that they must enroll to continue accessing systems like MyUI, ICON, and Office 365.
Most campus users have already enrolled in Two-Step Login. This change affects only those who haven’t yet enrolled.
Affected users will have a 30-day grace period to enroll. They’ll see Two-Step enrollment prompts when logging into MyUI or ICON (Office 365 does not support similar notices) but can bypass the prompts to access these systems.
After the grace period, users who haven’t enrolled will receive new prompts when logging into MyUI, ICON, and Office 365. They’ll be informed that they must enroll in Two-Step to access these systems.
Affected users also will receive targeted email communications about the change.
Some users experienced an issue when trying to access UI apps/services where they saw an error message indicating they needed to enroll in Duo, even if the user was already enrolled. Affected services included Office 365 and Employee Self Service (HRIS). ITS investigated the issue and users should no longer be affected by this error message.
If any user is still affected by this issue, the user should try clearing cache and cookies before trying again.
ITS will migrate database instances underlying the IAM platform to new servers. Some IAM services will be impacted during the maintenance window, including:
- Identity updates in response to upstream changes will be paused
- Access Management will be unavailable
- Select IAM APIs will be unavailable
- Account Center actions (password reset, Duo enrollment, account request/invite, new account setup) will be unavailable
- Online ID card request will be unavailable
An outage period of approximately 60 minutes is expected during this window.
Effective Sept. 15, Two-Step Login phone-authentication methods will change. Users who select the “call-me” option to authenticate their logins will be prompted to press “1” to complete authentication or “9” to cancel authentication and report it as fraudulent.
As a part of an ongoing effort to enhance security on campus, beginning August 1, 2020, Two-Step Login will be required to access several electronic research administration services, including: UIRIS, eIACUC, eCOI, HawkIRB, eIBC, eDSP, and myPortal.
ITS will complete upgrades during this maintenance window. The HawkID password reset tool (https://hawkid.uiowa.edu) and Duo admin tools will be unavailable.
To increase security measures and reduce phishing on campus, Two-Step Login with Duo Security will be enabled for Office 365 web services for users currently enrolled in Two-Step on June 25.
Expected user experience:
- https://office365.uiowa.edu will prompt for Duo two-step login during each visit. It is possible to select “Remember me for 30 days.”
- Most connected clients (OneDrive for Business, Outlook, Mobile Email, Skype for Business, etc.) will not prompt for Duo two-step login. These clients already have cached credentials that should remain valid. Some of these clients will prompt for Duo in the future during an event such as a HawkID password change.
- Some client software tools (Outlook for Windows, Thunderbird, Android Mail, Skype for Business) are not currently compatible with Duo two-step login. We’ve configured the system to allow these clients to function without Duo.
To increase security measures on campus, UI Anywhere VPN users will be required to use Two-Step Login/Duo to verify and complete their VPN connections starting May 16. Find instructions for logging into the VPN using Two-Step Login for more information.
Duo has resolved this issue.
We are currently experiencing latency issues with Duo multi-factor authentication. The vendor is working to resolve these issues as quickly as possible.
This issue has been resolved.
There is currently an issue with DUO Two Step Authentication. ITS is working to resolve the issue.
Two-factor authentication will be unavailable due to a vendor database capacity upgrade.
The vendor has fixed the latency problems and service has been fully restored. Please contact the ITS Help Desk if you have any further issues using this service.
The two-step login service is experiencing latency issues. After login there is a delay before you can access the service.
This issue is resolved. Please contact the ITS Help Desk if you experience any further issues using the Two-Step login service.
Users are reporting issues authenticating with Two-Step login. Upon login the Two-Step page that appears is blank. Support staff are working on the issue.
Maintenance is scheduled for the Two-Step Login service. We expect the service to continue working as expected during this time.
This issue has been resolved. Please contact the ITS Help Desk if you experience any further issues using the Two-Step login tools.
We are currently experiencing issues with Two-Step login (Duo) for text messaging and phone calls. Support staff are working on the issues.
We are currently experiencing issues with the Duo Two-Step Login service. ITS support staff are working with the vendor to fix this problem as quickly as possible.
The Duo-Two Step authentication service using phone calls is not working. Customers receive a message saying "Error during call: Insufficient telephony credits." when trying to place a call for authentication. ITS support staff are working to resolve this problem as quickly as possible.
We will update this notice as soon as more information is available.