In today’s world, a password alone is not enough.
Two-Step verification for Brown accounts is available for all students, staff, and faculty. This feature, which uses a product called Duo, will protect your Brown account even if someone is able to access or guess your password. It combines something you know (your password) with something you have (a phone or code).
Two-Step Verification is now required for all staff, undergraduates, graduate students, postdocs, and Brown-paid faculty. The deadlines were: 1/21 staff, 2/10 graduate students, 2/23 undergraduate students, 3/9 Brown-paid faculty and post-docs. Emeriti and unpaid clinical faculty can enable Two-Step voluntarily.
How it Works
You probably recognize the Brown Single Sign On page below from Workday, Canvas, or Banner. After enabling Two-Step, when you log in to a page like this, you’ll be prompted to authorize your login in one of several ways, such as tapping a notification on your smartphone, answering a phone call, or entering a pre-generated code. You can authorize your web browser for thirty days to make this process more convenient; you will not be prompted again in that browser until the thirty day period has passed. In most cases, attackers don't have your computer, so even with this added convenience you remain protected against outside attacks.
- Set Up Two-Step Verification If Auto-Enrollment Occurs - if you are being prompted to set up Two-Step for the first time as you are logging into a Brown service
- Add Phones and Devices for Two-Step Verification in MyAccount - if you already are using Two-Step, but want to add an additional phone / tablet
After this initial setup, you will receive a prompt on your requested phone on your next login. On a smartphone, this will be a push notification, and on a landline or older phone, an automated phone call. If a phone isn't convenient, you can enter a bypass code instead or request a token keychain from the IT Service Center.
- Two-Step FAQ
- Use Two-Step when Traveling
- Additional documentation is listed at brown.edu/go/twostephelp
- Contact your department computing staff (such as DCC or ITSC)
- Contact the IT Service Center
You might be wondering, "why is Brown making me do this? Technology is difficult enough!" Here's why: we see an alarming number of compromised accounts at Brown. Brown is taking these measures to protect your bank account, intellectual property, private data, and to shield against security risks such as data breaches. We chose Two-Step Verification because it was more convenient and more effective than making everyone on campus change their passwords every thirty days! Once you get used to it, we hope you will agree.
Note: The two-step we're discussing above does not apply to your email. If you also want to enable two-step for your email, Google offers a separate but similar feature that you can enable. Again, this is optional and not the two-step described above.