Secure Your Brown Account with Two-Step Verification

In today’s world, a password alone is not enough.

Two-Step verification for Brown accounts is available for all students, staff, and faculty. This feature, which uses a product called Duo, will protect your Brown account even if someone is able to access or guess your password. It combines something you know (your password) with something you have (a phone or code).

Two-Step Verification is now required for all staff, undergraduates, graduate students, postdocs, and Brown-paid faculty. The deadlines were: 1/21 staff, 2/10 graduate students, 2/23 undergraduate students, 3/9 Brown-paid faculty and post-docs. Emeriti and unpaid clinical faculty can enable Two-Step voluntarily.

Quick Links

How it Works

You probably recognize the Brown Single Sign On page below from Workday, Canvas, or Banner. After enabling Two-Step, when you log in to a page like this, you’ll be prompted to authorize your login in one of several ways, such as tapping a notification on your smartphone, answering a phone call, or entering a pre-generated code. You can authorize your web browser for thirty days to make this process more convenient; you will not be prompted again in that browser until the thirty day period has passed. In most cases, attackers don't have your computer, so even with this added convenience you remain protected against outside attacks.

Get Started

Since most members of the Brown community are already required to use Two-Step, the following articles are most relevant:

After this initial setup, you will receive a prompt on your requested phone on your next login. On a smartphone, this will be a push notification, and on a landline or older phone, an automated phone call. If a phone isn't convenient, you can enter a bypass code instead or request a token keychain from the IT Service Center.

Other Documentation:


If you'd like assistance with setup and use of Two-Step Verification, you can:

  • Contact your department computing staff (such as DCC or ITSC)
  • Contact the IT Service Center

But why??

You might be wondering, "why is Brown making me do this? Technology is difficult enough!" Here's why: we see an alarming number of compromised accounts at Brown. Brown is taking these measures to protect your bank account, intellectual property, private data, and to shield against security risks such as data breaches. We chose Two-Step Verification because it was more convenient and more effective than making everyone on campus change their passwords every thirty days! Once you get used to it, we hope you will agree.


Note: The two-step we're discussing above does not apply to your email. If you also want to enable two-step for your email, Google offers a separate but similar feature that you can enable. Again, this is optional and not the two-step described above.

Written by on