BSD Two-Factor Authentication (2FA)

2Factor Authentication (2FA) enhances the security of your BSDAD account by using your phone, tablet or other device to verify your identity when you attempt to access BSD applications. This prevents anyone but you from using your account to log in to websites or web-based services where the service owners have chosen for all authentication to use 2FA, even if they know your BSDAD account password.

Note: If you intend to use the BSD VPN, you will need to enroll in the BSD Two-Factor Authentication and register a qualifying device. This is a requirement for the BSD instance of VPN.

Please use the following process for utilizing the BSD 2FA.

Step 1 – Enroll in the BSD Two-Factor Authentication at https://2fa.bsd.uchicago.edu.

Training Documents

Frequently Asked Questions

Q1. If someone is already enrolled in 2FA through the University, do they need to enroll under the BSD as well?

A1. Yes, and this is very easy to do.  The Duo app that you use for cVPN is the same one you would use for BSD VPN. You would merely be adding a second key.

Q2. Will 2FA affect all the applications I can access?

A2. No. 2FA will only affect specific BSD protected sites and application.

Q3. What is Duo?

A3. Duo is a mobile application used by the University of Chicago Biological Sciences Division to facilitate 2FA. Using Duo, users can approve or deny log in requests, either through the app itself and via push notifications sent by the app. If a user is not connected to the Internet, he or she can also generate passcodes that can be used for log in. Duo Mobile is available for iOS devices on the App Store and for Android devices on Google Play; it is also available as an app on the Blackberry and Windows platforms.

Q4. How long does 2FA last?

A4. You may allow 2FA to last for 30 days by selecting the “Remember this device for 30 days” option near the bottom of the Two-Factor Authentication screen, which appears after you have logged in using your BSDAD username and password.
Choosing the “Remember this device for 30 days” option means that after authenticating via 2FA only once, you will be able to access all effected sites and services.

Q5. How do I add a new device?

A5. Visit https://2fa.bsd.uchicago.edu and click on Manage Devices.
Register your new phone, tablet, desk phone or token. Register your new phone, tablet, desk phone or token.

Q6. What if I lose my phone?

A6. See BSD 2FA – Lost or Stolen Device Procedure.

Q7. I replaced my cell phone. How do I activate 2FA on my new phone?

A7. See BSD 2FA – Lost or Stolen Device Procedure.

Q8. Can I use multiple devices with 2FA?

A8. Yes! In fact, we strongly encourage you to register multiple devices. Register your mobile phone, your landlines, and your tablet.

Q9. I disabled push notifications for Duo on my phone (iOS) and want to re-allow them. How do I re-enable push notifications?

A9. To re-enable or re-allow push notifications on your iPhone if you have disabled them, go into Settings and select Notification Center. From there you can re-enable the push notifications for the application.

Q10. How does the 2FA text passcodes service work?

A10. You may choose to have a set of 10 passcodes sent to your registered smartphone from the Manage Devices screen from the 2FA website: https://2fa.bsd.uchicago.edu. Simply find your smartphone from the list of your registered phones and click on the Text Passcodes button. A list of 10 one-time-use passcodes will be sent to your phone via text. To use one of the one-time passcodes, select Passcode at the Duo Prompt screen and click Log in to continue. It is important that you keep track of which codes you use; the passcode will be invalidated after you enter it. You can print out the list of passcodes to keep in a secure location for your use anytime you don’t have access to your regular devices.

Q11. Can I use Duo without incurring any data or text message costs?

A11. Yes. After selecting the Duo app on your smartphone, select the Duo key icon in the upper right-hand corner of the screen to generate a passcode. Generating passcodes does not send any kind of message or use data and you can generate passcodes even when you are not connected to a network. Using DUO to generate passcodes will not incur any data or text message costs.

Q12. I’m going to be traveling and won’t have reliable cellular network access. Can I still use 2FA if I don’t have network access via my phone?

A12. Yes. You can click on the key on the upper right-hand side of the screen in DUO on the iOS and Android or the Generate Passcode button on Microsoft OS devices to generate a numeric passcode that you can use even if your phone does not have any network connection. Alternatively, you can use the 2FA text passcodes feature (for more information, see question above “How does the 2FA text passcode service work?”) to generate a list of single-use passcodes that you can use if you won’t have any access to your phone at all.

Q13. Do I still need to change my password regularly if I use 2FA?

A13. Yes! Additionally, if you suspect your account or password has been compromised, you should report it to security immediately.

Q14. What if I have other questions and issues?

A14. Feel free to reach out to the Biological Sciences Division’s Information Security Office with any questions. Please send emails to security@bsd.uchicago.edu.