Two-Step Login works like this:
Step one: Enter your HawkID and HawkID password to start the process.
Step two: Use a mobile phone or other device in your possession to complete your login.
ITS strongly recommends the Duo Mobile app (available for smartphones and tablets) for all users. It’s the fastest, easiest, most affordable, and most flexible option available.
Once you enter your HawkID and password to access an application (Employee Self-Service, MAUI, ICON, MyUI, Office 365, etc.) with Two-Step Login enabled, you’ll see a window that lets you choose your second-step method:
Available methods vary depending on the device you select.
- “Send Me a Push” will send a push notification to the Duo Mobile app on the device you’ve selected. Tap “Accept” in the app to complete the login (or tap “Deny” to decline). We recommend using push notifications to the Duo App as your primary login method—they'll save you time and save the university any charges associated with phone call and text methods.
- “Call Me” triggers a voice call to the device/phone number you’ve suggested. Answer the call and follow the instructions to complete the login: Press "1" to complete authentication or "9" to cancel authentication and report the authentication attempt as fraud. Note that authentication by phone call results in a charge to the university—we recommend using push notifications to the Duo Mobile app as your default login method, reserving phone calls for backup purposes.
- “Enter a Passcode” requires you to enter a passcode generated by or sent to the device you choose (or from a list you’ve previously received). You can generate a one-time passcode using the Duo Mobile app or a token device. Or you can click “Text me new codes” to receive a list of codes via text message. (Each code can be used only once, and generating a new list invalidates any unused codes you’ve previously received.)
Checking the “Remember me for 30 days” box will identify the computer and web browser you’re using as a trusted device. You’ll be able to login with only your HawkID and password whenever you use the same computer/browser combination over the next 30 days.
Important note: If you receive a Two-Step Login verification request when you’re not attempting to log in, be sure to deny the request. It could indicate that an unauthorized user is trying to access your account.
The Two-Step Login method you choose may depend on where you are, what device you’re using, and whether you have a phone/internet connection.
Here’s a rundown of all the available methods:
|
Method |
Device(s) |
Benefits |
Limitations |
|
Duo Mobile app (recommended method) |
Smartphone, tablet |
|
|
|
Passcode sent by text message (SMS)
|
Smartphone, cellular phone, tablet |
|
|
|
Phone call |
Smartphone, cellular phone, landline phone |
|
|
|
One-time passcode |
Token device |
|
|
|
Printed list of codes |
No device |
|
|
If you get a new phone or need another set of 10 passcodes for Duo:
1. Enter your HawkID and Password at the HawkID login screen
2. Click the Enter a passcode button
3. In the blue banner at the bottom of the window click the Text me new codes button
Your mobile phone will then be sent a text message containing 10 Duo passcodes. These will replace any passcodes you received previously and each can only be used once.
Accessing Backup Codes When You Don't Have Cellular or Wi-Fi Service
You don't need pre-generated backup codes if you have your enrolled mobile smartphone with you, but don't have cellular or wireless service. The app generates one-time codes for you in standalone (no network) situations.
To generate a single login passcode using your mobile smart phone:
- Open the app on your phone, and tap "Show" to the right of the Passcode.
- Enter the code displayed in the app on the application login screen.
This code generator works for all installed accounts, such as the HawkID login, the HealthcareID Login for UIHC, and for personal accounts that you have added into your app.
Preparing Backup Codes in Advance
You may have instances where you need to access a service that requires Two-Step Login, but you don't have access to one of your enrolled devices to complete the second step of your login. In these cases, you can enter a pre-generated passcode that you either print or save digitally in order to log in.
Notes: These codes must be generated ahead of time in the two-step login enrollment system in order to use them, and to access the two-step login enrollment system, you must be on campus or remotely accessing a computer that is on the campus network.
To generate a list of two-step login backup passcodes:
- Log in to Two-Step Login enrollment site with your HawkID and password.
- Click the link for generate a list of backup codes in the paragraph text at the top of the page.
- Print the page and keep it in a safe place (such as your wallet).
IMPORTANT: Every time you generate passcodes, both in the enrollment application and/or having them sent to you in text message, ALL PREVIOUS CODES are immediately invalidated. This means you can only have 10 pass codes that are available for your use at any given time.
If you need to enroll your phone in Duo Two-Step and are unable to come to campus or access a campus computer, contact the ITS Help Desk at 319-384-4357 for assistance.