In response to the phishing scam that redirected employee payroll deposits in December, 2013, and at the request of President Brown, Information Services & Technology has implemented a high-security login process for BUworks that requires a second method to confirm the identity of the person logging in.

Referred to as two-step or two-factor authentication, this process, which uses Duo Security, asks individuals logging in to confirm their identity using a smartphone, via text, via automated voice calls, or on a secured kiosk (for certain staff).

Help with Duo is available! Use the “Get Help” button above, call the IT Help Center directly at 617-353-4357, or contact your local IT administrator.

Troubleshooting and frequently asked questions

Duo allows you to remember a device for 30 days. You can approve any computer that you commonly use and will not be required to provide two-factor authentication confirmation until next month. For example, if you have a desktop and a laptop, you can approve both computers as trusted devices and not have to confirm your identity with a phone until the following month.

You are encouraged to set up Duo on more than one phone in case you forget a phone at home or are not at your office phone. When you are doing your initial setup, you may add as many phones as you like (landline and/or mobile). After that, when you are logging in you can choose which line Duo will send the authentication request to (via smart phone app, SMS text message, or phone call depending on what you chose).

Yes, you can use the Manage Devices feature to add, remove, or change the devices that Duo can use to verify who you are. Note that, when an administrator adds your device, you will not need to go through the setup screen – we will send you the needed codes directly from Duo Security.

If you get a new phone, even if the Duo app is restored from a cloud backup, it will lose its association with your account. If the phone number of your new phone is the same, you can still authenticate using the phone call or sms option, but the push option will not work until re-activated.

You can re-activate your new phone with the Manage devices option. First, ensure that you still have access to any of the phone numbers enrolled in Duo. Set the authentication option to Phone Call and then select Manage devices. The phone you chose should ring, and you will need to answer, and hit any key to authenticate. From here, you can select the phone number of your new phone (assuming it’s the same phone number) and under Actions, select Activate Duo Mobile. This will prompt you to scan in a new QR code from the Duo app. If you have difficulties with this process, you can submit a ticket to the IT Help Center or call for immediate assistance – 617-353-4357.

The Duo smart phone app is designed to work internationally. If you install the app, it can generate the required code without need of either a telephone signal or data plan, and it can do this anywhere in the world. If you have a signal and data plan, the app makes two-factor authentication as easy as a pushing a single button, but if you don’t have one of those two things, you can use the app to generate a six digit code and enter that manually.

The “Remember your device for 30 days” option uses a persistent cookie. If you clear cookies after you log off of the browser, the device will not be remembered and you will have to confirm your identity again when logging in.

You can contact the IT Help Center. They will verify your identity and provide a temporary passcode. We encourage you to then go into manage devices and add an additional phone.

Contact the IT Help Center immediately and we will lock your Duo account to prevent malicious activity.

Logging in with Duo requires that JavaScript is enabled. If it is not, your attempt to log in will fail and your screen will look like this:

If you encounter this issue, disable any JavaScript blocking plugins or browser settings (or include an exception for scripts from duosecurity.com) and attempt to log in again.

If you are logging in to the mainframe (legacy system/3270) and currently use a physical token, you would continue using your current token on those systems even when enrolled in Duo. We are working on implementing Duo for the mainframe and will notify you when we have more information.

If you don’t have a cell phone, Duo allows you to use your landline phone. You would receive an automated phone call that requires you to hit any button to confirm your identity.

The Duo smart phone app provides options that work without a data plan, a texting plan or even a connection, if necessary. The app can generate the required code without need of either a telephone signal or data plan, and it can do so anywhere in the world. If you have a signal and data plan, the app makes two-factor authentication as easy as a pushing a single button, but if you don’t, you can use the app to generate a six digit code and enter that instead.

About Duo and two-factor authentication

Once your group has been automatically enrolled in Duo, you will be required to use two-factor authentication.

Unfortunately, experience has shown that people are not as good at recognizing malicious email as you might think. Every day, members of the BU community fall prey to these kinds of scams. We have to take steps to ensure that we are more than just a single click away from having our paycheck stolen or becoming a victim of identity theft.

We encourage you to contact us with feedback, or with questions or concerns about the project in general. The Vice President of Information Services & Technology and the Information Security & Business Continuity governance committee for IS&T can be reached directly at duo@bu.edu.

First, Duo will require a second method of confirmation for a person logging in to view or edit sensitive data. Individuals will be asked to confirm their identity using a smartphone app, via text message to a device, via automated calls to a mobile or landline phone, or using a secured kiosk (for certain staff).

The login screen you’re used to seeing at www.bu.edu/buworkscentral/ will change slightly. Also due to the transition, Web Login-secured applications, including those linked from BUworks Central, will require you to log in again. These other applications do share the same login credentials as many applications at BU, so logging in more than twice during a session is very unlikely.

More and more applications to be compatible with the high-security login process so that you’ll be required to log in less often while using web applications.

No. Duo provides a great deal of flexibility and you do not need a smart phone to use it.

The recommended smart mobile phone option makes two-factor authentication extremely easy, but a lot of other easy options exist as well. Duo can send a text message to a regular cell phone or place a voice call to your office landline phone or cell phone.