Multi-factor authentication (MFA) adds an additional layer of security to your accounts. When you use MFA, you login using your username, password, and a third factor - either a smartphone app or a hardware token. Even if your password is compromised your account will remain secure. Caltech uses Duo for MFA to protect email and access.caltech accounts. This service is currently required for certain groups, and available on an opt-in basis to all students, faculty, and staff.
- One of the easiest and most effective ways to keep your account secure
- Account remains protected even if password is compromised
- Quick setup process and simple to use and free when using the smartphone app
How MFA works
When logging into access.caltech or your email, enter your username and password to see a multi-factor authentication prompt. Then use a smartphone app or a hardware token to approve your login.
|All students, faculty, and staff||Free*|
*Use of the Duo service is free for students, faculty, and staff when using a supported smart phone or tablet device as your second factor. Users may optionally purchase a hardware token to use as the second factor instead of a smart phone or tablet. The hardware token (YubiKey) is $32 for the USB type A (standard) and $40 for the USB type C.
- Decide what to use for your second factor. You can use the Duo Mobile app on your smartphone (free), or you can purchase a Yubikey hardware token ($32 - $40 depending on model) from the Help Desk.
- For the smartphone option, install the app: Duo Mobile for iOS or Duo Mobile for Android. You will be receiving a text message with a link to activate the app. You should have the app installed first before clicking the activate link. If you choose to purchase a hardware token, pick it up from the Help Desk at 204 Central Engineering Services.
Sign-up for Duo
You can sign up for Duo by using one of the options:
- Self register for Duo at access.caltech.edu (Self Service > Register yourself with Caltech Duo). If you are planning to use Duo to protect your Office 365, be sure to contact the Help Desk to have Duo enforced for your account. See Duo for Email (Office 365) below.
- Submit a request at help.caltech.edu (request type: IMSS > Information Security > Duo Request). This option is required for Yubikey hardware token users.
Duo for Email (Office 365)
Duo for Office 365 (email, SharePoint, OneDrive, Teams, etc.) is currently set by default for new accounts. If it has not been set up on your account, it should be requested through the Help Desk. Please note that once Duo is enforced for Office 365, you will need to create new account settings for each of your email clients. Depending on your mailbox size it may take some time for all your email to re-download. Once you are ready to make this request, please send an email to firstname.lastname@example.org.
- How to use multi-factor authentication with access.caltech
- How to use multi-factor authentication with email
- How to enable automatic push notifications
- For IT Staff: how to deploy multi-factor authentication to protect a service
- Learn about the available options for multi-factor authentication methods