Two-Step Login works like this:

Step one: You enter your HawkID and HawkID password to start the process.

Step two: You use a mobile phone or other device in your possession to complete your login.

ITS strongly recommends the Duo Mobile app (available for smartphones and tablets) for all users. It’s the fastest, easiest, most affordable, and most flexible option available.

Once you enter your HawkID and password to access an application (Employee Self-Service, MAUI, ICON, MyUI, Office 365, etc.) with Two-Step Login enabled, you’ll see a window that lets you choose your second-step method:

Screen shot showing options for Two-Step Login confirmation

Available methods vary depending on the device you select.

  • “Send Me a Push” will send a push notification to the Duo Mobile app on the device you’ve selected. Tap “Accept” in the app to complete the login (or tap “Deny” to decline). We recommend using push notifications to the Duo App as your primary login method—they'll save you time and save the university any charges associated with phone call and text methods.
  • “Call Me” triggers a voice call to the device/phone number you’ve suggested. Answer the call and follow the instructions to complete the login. Note that authentication by phone call results in a charge to the university—we recommend using push notifications to the Duo Mobile app as your default login method, reserving phone calls for backup purposes.
  • “Enter a Passcode” requires you to enter a passcode generated by or sent to the device you choose (or from a list you’ve previously received). You can generate a one-time passcode using the Duo Mobile app or a token device. Or you can click “Text me new codes” to receive a list of codes via text message. (Each code can be used only once, and generating a new list invalidates any unused codes you’ve previously received.)

Checking the “Remember me for 30 days” box will identify the computer and web browser you’re using as a trusted device. You’ll be able to login with only your HawkID and password whenever you use the same computer/browser combination over the next 30 days.

Important note: If you receive a Two-Step Login verification request when you’re not attempting to log in, be sure to deny the request. It could indicate that an unauthorized user is trying to access your account.

The Two-Step Login method you choose may depend on where you are, what device you’re using, and whether you have a phone/internet connection.


Here’s a rundown of all the available methods:






Duo Mobile app (recommended method)

Smartphone, tablet

Easy and fast—one tap completes push logins


Reliable—app can generate on one-time passcode when no phone or internet access is available


No geo limits—can be used when traveling abroad, with or without an internet connection


Economical—avoids charges to associated with other methods

Requires installation on your device (the app is free)

Passcode sent by text message (SMS)


Smartphone, cellular phone, tablet

Doesn’t require installing additional apps


Few geo limits—works wherever you can receive text messages

Results in charges to the university—use push notifications to the Duo Mobile app to save time and money


Text-message or connection charges also may apply


Requires phone or internet connection


Requires retyping codes, introducing risk of error

Phone call

Smartphone, cellular phone, landline phone

Doesn’t require installing additional apps


Works with traditional landline phones and voice over IP (VOIP) computer phones


Excellent backup option

Results in charges to the university—use push notifications to the Duo Mobile app to save time and money


Calling or connection charges also may apply


Smart phones and cellular phones require phone connection


Landlines require close proximity to phone


Shared phone numbers can’t be used


International phone numbers aren’t supported

One-time passcode

Token device

Alternative option for users who don’t have a phone

Device must be purchased and configured by support staff


Finite battery life—will require replacement

Printed list of codes

No device

No-tech option for users who don’t have a phone or token device

Must have list available when you need to log in


Codes can only be used once—expired codes will trigger account lockout


Article number: 
Last updated: 
June 18, 2019