Two-Step Login works like this:

Step one: Enter your HawkID and HawkID password to start the process.

Step two: Use a mobile phone or other device in your possession to complete your login.

ITS strongly recommends the Duo Mobile app (available for smartphones and tablets) for all users. It’s the fastest, easiest, most affordable, and most flexible option available.

 

First, you enter your HawkID and password to access an application (Employee Self-Service, MAUI, ICON, MyUI, Office 365, etc.) with Two-Step Login enabled. Next, if you have Duo Push notifications enabled with the Duo Mobile app, it will automatically send you a push notification to approve.

This image shows the Duo verification prompt for the mobile app including the verification code. It also includes a link for "other options" to sign in using Duo.

If you do not have Duo Push enabled, or if you click Other Options, then you will be presented with a list of Duo authentication methods to choose from. Next, you will have the option to trust the browser if it is your device.

screenshot of other options menu for duo authentication with devices listed

Next, you will have the option to trust the browser if it is your device.

screenshot of duo remember me feature

 

Available methods vary depending on the device you select.

  • “Duo Push” will send a push notification to the Duo Mobile app on the device you’ve selected. Tap “Accept” in the app to complete the login (or tap “Deny” to decline). Verified Duo push will display a code on the webpage to be entered into the Duo mobile app. This will only be implemented for university websites. We recommend using push notifications to the Duo App as your primary login method—they'll save you time and save the university any charges associated with phone call and text methods.
  • "Duo Mobile passcode" allows you to enter a passcode from the Duo Mobile app on the device you've selected.
  • "Text message passcode" will send you a one-time passcode via text message to the device you've selected.
  • “Phone call” triggers a voice call to the device/phone number you’ve suggested. Answer the call and follow the instructions to complete the login: Press "1" to complete authentication or "9" to cancel authentication and report the authentication attempt as fraud. Note that authentication by phone call results in a charge to the university—we recommend using push notifications to the Duo Mobile app as your default login method, reserving phone calls for backup purposes.
  • “Bypass code” requires you to enter a passcode given to you by the ITS Help Desk.

Clicking "Yes, this is my device" will identify the computer and web browser you’re using as a trusted device. You’ll be able to login with only your HawkID and password whenever you use the same computer/browser combination over the next 30 days.

Important note: If you receive a Two-Step Login verification request when you’re not attempting to log in, be sure to deny the request. It could indicate that an unauthorized user is trying to access your account.

Compare Two-Step Login Methods

The Two-Step Login method you choose may depend on where you are, what device you’re using, and whether you have a phone/internet connection.

 

Here’s a rundown of all the available methods:

 

MethodDevice(s)BenefitsLimitations
Duo Mobile app (recommended method)Smartphone, tablet
  • Easy and fast—one tap or code completes push logins
  • Reliable—app can generate on one-time passcode when no phone or internet access is available
  • No geo limits—can be used when traveling abroad, with or without an internet connection
  • Economical—avoids charges to associated with other methods
  • Requires installation on your device (the app is free)

Passcode sent by text message (SMS)

 

Smartphone, cellular phone, tablet
  • Doesn’t require installing additional apps
  • Few geo limits—works wherever you can receive text messages
  • Results in charges to the university—use push notifications to the Duo Mobile app to save time and money
  • Text-message or connection charges also may apply
  • Requires phone or internet connection
  • Requires retyping codes, introducing risk of error
Phone callSmartphone, cellular phone, landline phone
  • Doesn’t require installing additional apps
  • Works with traditional landline phones and voice over IP (VOIP) computer phones
  • Excellent backup option
  • Results in charges to the university—use push notifications to the Duo Mobile app to save time and money
  • Calling or connection charges also may apply
  • Smart phones and cellular phones require phone connection
  • Landlines require close proximity to phone
  • Shared phone numbers can’t be used
  • International phone numbers aren’t supported
One-time passcodeToken device
  • Alternative option for users who don’t have a phone
  • Device must be purchased and configured by support staff
  • Finite battery life—will require replacement
Printed list of codesNo device
  • No-tech option for users who don’t have a phone or token device
  • Must have list available when you need to log in
  • Codes can only be used once—expired codes will trigger account lockout

 

How to Generate Backup Codes

Accessing Backup Codes When You Don't Have Cellular or Wi-Fi Service

You don't need pre-generated backup codes if you have your enrolled mobile smartphone with you, but don't have cellular or wireless service. The app generates one-time codes for you in standalone (no network) situations.  

To generate a single login passcode using your mobile smart phone:

  1. Open the app on your phone, and tap "Show" to the right of the Passcode.
  2. Enter the code displayed in the app on the application login screen.

This code generator works for all installed accounts, such as the HawkID login, the HealthcareID Login for UIHC, and for personal accounts that you have added into your app.

Preparing Backup Codes in Advance

You may have instances where you need to access a service that requires Two-Step Login, but you don't have access to one of your enrolled devices to complete the second step of your login. In these cases, you can enter a pre-generated passcode that you either print or save digitally in order to log in.

Notes: These codes must be generated ahead of time in the two-step login enrollment system in order to use them, and to access the two-step login enrollment system, you must be on campus or remotely accessing a computer that is on the campus network.

To generate a list of two-step login backup passcodes: 

  1. Log in to Two-Step Login enrollment site with your HawkID and password.
  2. Click the button to generate a list of backup codes at the bottom of the page.
  3. Print the page and keep it in a safe place (such as your wallet).

IMPORTANT: Every time you generate passcodes, both in the enrollment application and/or having them sent to you in text message, ALL PREVIOUS CODES are immediately invalidated. This means you can only have 10 pass codes that are available for your use at any given time.

If you need to enroll your phone in Duo Two-Step and are unable to come to campus or access a campus computer, contact the ITS Help Desk at 319-384-4357 for assistance.

 

Last updated
Article number
4951