When you log in to a Boston University Web page that requires two-factor authentication, a login screen like this will be displayed.


  1. Enter your BU login name and Kerberos password.
  2. Then press the Continue button.
  3. If you have not yet registered a device to serve as the second factor in the required two-factor authentication process, you will be directed to this enrollment screen. Read more about enrolling a device.
    Grey window prompting device enrollment as second factor for two-factor authentication, with settings button in top left corner.
  4. If you have already enrolled one or more devices, you will be directed to the Two-step Login window.
  5. Regardless of the method you choose (instructions follow), note the Remember this device for 30 days checkbox on the authentication screen. This feature, which we believe many will find useful, is described in the Remember this Device section below.
  6. Select the contact method to be used for authentication by clicking on the Device drop-down arrow.
    Grey two-step authentication window with "Remember device" checkbox and "Device" drop-down for selecting contact method.
    Authenticator options include:

    1. Duo Push: this option is recommended and is selected by default. Using this option results in a challenge being sent to your smart phone or tablet.
    2. Phone call: a call is placed to the phone number you specified during enrollment.
    3. Passcode: this field can be used in concert with the Duo mobile app or the SMS message option.
    4. SMS message : click this hyperlink to send a text message to the mobile phone you specified during enrollment. Any mobile phone that can receive an SMS text message can be used for this authentication method.

Remembering a Device

If you check the Remember this device for 30 days checkbox, you will not be prompted to provide second factor authentication only if you log in via the same computer and browser you are using when you check the box.


For example, suppose you checked this box yesterday when you logged in using Firefox on your laptop. When logging in from your laptop today, you decide to use Internet Explorer. Because this browser does not match that in use when you checked Remember yesterday, you will be prompted to authenticate.

If you select this option, you will receive a prompt again when the 30-day period expires.