Commonly Asked Questions

Questions about 2FA?

To ease the transition to 2FA, below are answers to some of the most commonly asked questions. If you can’t find the answer to your inquiry here, visit the Get Help page for more documentation.

What is two-factor authentication (2FA)?

2FA is a form of security that protects an account with two layers of authentication. The first layer is a PIN number or password, something that you know. The second factor is something that you physically have, such as a device. For example, a bank account uses 2FA for security by requiring both a PIN and a debit card. The university’s 2FA provider is a company named Duo Security (Duo for short).

After you enroll in 2FA, when you log in to any 2FA-protected website or service, you will enter your username and password (something you know) as you do today, and then use your smartphone or another device (something you have) to verify your identity.

Why is 2FA required?

Requiring 2FA is an important part of ongoing efforts to secure the online identity and personal information of all Northeastern account holders, as well as protect the university’s research, intellectual property, and institutional data.

Who is required to use 2FA?

Northeastern University community members who have an account to access university systems and services online are required to enroll in 2FA. These community members should expect to use 2FA to log in to an increasing number of the university’s most frequently used sites.

Can I use multiple devices with 2FA?

Yes. You are encouraged to enroll at least two devices (such as a smartphone, tablet, and/or office landline phone) with 2FA to avoid difficulties with verifying your identity if your only enrolled device is unavailable.

Is 2FA required for all of the online service and systems I use at Northeastern?

No. You will only be prompted to use 2FA when logging in to a 2FA-protected service or system. The university will continue to add frequently used online services and systems to the list of those protected by 2FA. 

Can I use 2FA with my email and all of my other applications?

Most newer applications support modern authentication methods, including 2FA, while most older email applications will not work for Office 365 email in Northeastern’s environment. To help ensure your applications are compatible with the university’s 2FA requirement, you should make sure you are running Office 2016 or newer and upgrade if you are not.

There are known issues with Mac Mail on MacOS Mojave that, while it does support 2FA, may require users to remove and then re-add their accounts to authenticate properly. Users of Mac Mail on High Sierra or earlier will need to upgrade to a new version of macOS or use Outlook Web Access.

What is Duo and Duo Mobile?

Duo is the company that provides the 2FA service used by the university. Duo Mobile is the app that can be downloaded and installed on smartphones and tablets. The app provides push notifications and passcodes, two of the methods that can be used to verify your identity when logging in to any 2FA-protected service or system.

How do I add a new device?

Sign in to the Northeastern 2FA website, click into the Duo Device Management Portal, and select one of the methods of confirming your identity. Once you have verified your identity, you can register your new cell phone, tablet, landline phone, or token by clicking “+ Add another device.”

How do I activate 2FA on my new device?

You can activate 2FA on your new device using one of the following methods, depending on your particular situation.

I am replacing my cell phone, but not changing operating systems or phone numbers.

  1. Go to the Northeastern 2FA website and click “Duo Device Management Portal to manage your 2FA options.”
  2. Authenticate and find your phone number in the list of registered devices. Select the gear next to your number and “Re-Activate.”
  3. A prompt will ask you to download the Duo app from the App Store or Google Play. If you have already downloaded the app, select the checkbox at the bottom of the page.
  4. Launch the app on your device. Use the in-app camera to scan the barcode that appears on your computer monitor.

I am getting a new device with either a different operating system or a different phone number than my old device.

  1. Go to the Northeastern 2FA website and click “Duo Device Management Portal to manage your 2FA options.”
  2. Authenticate and find your phone number in the list of registered devices.
  3. Select the gear next to your number and “Delete Device.”
  4. Add your new device as if you were adding a device for the first time.

What if I lose my cell phone?

Contact ITS immediately if you lose your cell phone or suspect that it’s been stolen. A member of the IT Service Desk will disable 2FA and help you log in using another cell or landline phone or hardware token. While it’s important that you contact ITS if you lose your cell phone, remember that your password will still protect your account. 

How do I re-enable push notifications for Duo on my iPhone?

To re-enable push notifications on your iPhone if they have been disabled, go to Settings on your iPhone and select “Notifications.” From there, you can re-enable push notifications for the application.

Can I still use 2FA if I don’t have reliable cellular network or internet access on my cell phone?

Yes. Open the Duo Mobile app on your smartphone and expand the Northeastern University entry to receive a six-digit passcode. On the Duo verification screen in your web browser, select “Enter a Passcode,” type the six-digit code into the “Passcode” field, and hit “Log In.” This option will work without an internet connection and/or cellular data service (e.g., when traveling on an airplane or internationally).

Can international phone numbers be used in Duo?

Yes. All international phone numbers are supported in Duo.

Can Duo Mobile be used while traveling abroad?

Duo Mobile can generate passcodes anywhere, including other countries, even if the device running it doesn’t have an internet connection or can’t get cell service. Duo Mobile can authenticate in other countries via Duo push, phone call, or request new SMS passcodes provided the device has internet connectivity or a network signal.

However, there are considerations to be aware of, depending on the mobile operating system being used, when traveling to China. Learn more about using Duo Mobile in China.

Can I use Duo without incurring any additional data or text messaging costs?

Yes. Open the Duo Mobile app on your smartphone and expand the Northeastern University entry to receive a six-digit passcode. Generating passcodes does not send any kind of message, use data, nor incur any data or text messaging costs. You can generate passcodes even when you are not connected to a network. 

How do 2FA text passcodes work?

You may choose to have a set of 10 passcodes sent to your registered smartphone from the “Manage Devices” screen from the Northeastern 2FA website. Simply find your smartphone from the list of your registered phones and click “Text Passcodes.” A list of 10 one-time-use passcodes will be sent to your phone via text. To use a passcode, click “Passcode” at the Duo Prompt screen and then click “Login” to continue.

You can print out the list of passcodes to keep in a secure location for your use any time you don’t have access to your registered devices. It is important that you keep track of which codes you use because each passcode can only be used once and in the order they are listed.

Do I have to verify my identity using 2FA every time I log in to a 2FA-protected service or system?

When logging in to a 2FA-protected website, you can elect to have Duo remember you for 30 days. To enable, simply select the “Remember this device for 30 days” checkbox that is located near the bottom of the Duo verification screen. Once enabled, you will not be required to verify your identity for 30 days.

Please note, this setting is available per device and web browser, meaning you will need to select the option on each device and web browser you use, as applicable. Also, certain web browser privacy settings (e.g., disabling cookies) may interfere with this setting.

Do I still need to change my password regularly if I use 2FA?

Yes. It’s recommended that you use 2FA and change your password regularly to enhance your security.

Additionally, if you suspect your account or password has been compromised, immediately contact ITS. You can change your password by visiting myNortheastern and clicking “Account Settings.”

What do I do if I get a notification from Duo that I did not request?

Select “Deny” in your Duo app if you did not initiate the request. Then contact ITS.

What information does Duo collect?

Both the Duo Mobile app and the Duo prompt collect information from your device when you open the app or use it log in.

The information collected includes:

  • Attributes such as hardware model, operating system, unique user and device identifiers, and characteristics
  • Connection information (including the name of a mobile operator or ISP, language and time zone, and mobile phone number)
  • IP address

Can I enroll in Duo with another user-identity (e.g. parent AND staff member) using the same smartphone device and phone number?

Yes. During the Duo enrollment process, users with smartphones will be prompted to download Duo Mobile and use Duo Push notifications for secondary authentication and access to university systems and services.

If you are using a smartphone to enroll in Duo and you are not prompted to download Duo Mobile, it’s because your device’s phone number is already associated with an activated Duo mobile account. To enroll in Duo Mobile using the same device and phone number, you will see a prompt requiring you to verify ownership of the device via a phone call or SMS text delivered passcode.