Duo MFA
Multi-factor Authentication
As part of our continual process to improve the security of all Law School systems, Law IT now implements multi-factor authentication for accessing protected web resources. Such resources include the LawNet Portal, the Law School main website, and other law school website properties.
The purpose of multi-factor authentication is to add another layer of security to your account by ensuring only you can complete the login process, regardless of who may know your password.
Upon logging in with your credentials, you will be prompted to verify your identity via the DUO Universal Prompt by default. This system will push a verification request to any of your mobile devices registered with the DUO mobile app. This process is identical to what you currently experience when logging into University resources, such as LionMail or Courseworks. If you have recently accessed these systems, you will likely already have the DUO app configured and ready for this transition.
What’s Changing
Starting on Saturday, January 13, 2024, Upon login to LawNet or the Law School Website, you will notice the authentication prompt from DUO to verify your identity.
After entering your Columbia UNI credentials on the sign-in screen, the Duo Universal prompt will automatically choose the DUO Mobile Push approval method, likely configured on your phone. This is one of the most secure methods. The DUO Universal prompt allows you to choose other methods listed when you click on the “Other options” link. Those options include:
- Duo Push (default)
- Duo Mobile passcode
- Text Message passcode (SMS)
- Phone call
- Bypass code (if provided by IT ServiceDesk)
Once you select an option for authentication, DUO will use that method on subsequent visits.
Upon successful verification, DUO will ask if you want to trust the browser. If you click “Yes, trust browser,” the browser will automatically remember your setting for 24 hours. You will not be prompted for DUO during that time if the application or service you are accessing allows it. If you select “NO, do not trust this browser,” you will still authenticate and continue onto your desired site. However, you will be prompted by DUO verification each time you log into an application on that browser.
Please note that you should not Trust a browser on a shared computer, such as a hotel business center or a computer in your home.
If you need assistance setting up or using DUO, please get in touch with the Law IT Service Desk at [email protected].