A good resource to learn more about where you can use two-step verification (also called two-factor or multi-factor authentication) is twofactorauth.org. While you have to use two-step verification with your HarvardKey, deploying it with other services you use (at Harvard and elsewhere) is a great way to enhance your online security.
HUIT licensed Duo for most of our HarvardKey users. However, alumni are not currently included in the licensing agreement. If you are an Alumni your HarvardKey is not eligible for two-step verification.
Yes! It is strongly encouraged that you add at least two devices (for example your mobile phone and a landline) to your Duo two-step verification. That way if you cannot access one device you have a back-up for getting your code and logging in. Within the Two-Step Verification settings box, click on the link that says 'Add a new device' (under the shield) to add your second device.
If in your DUO Device Options you select a default and say always use this device, there will not be a 'remember me' option available. Duo will always use the device you selected at each login. Go back to the settings and uncheck that box (to enable the 'Remember Me' option for web applications).
Yes, on the login page you can check the 'Remember me For 15 days?' This preference will be noted and maintained for each web application. Please note, if you choose to have your default device used every time - this feature is not shown.
The short answer is YOU (and only you). Per Harvard's Information Security Policy you may not share your password or access credentials with anyone. HUIT or any IT service at Harvard cannot reset your password for you. The HarvardKey system is totally self-service - so that you are in control of all aspects of your own access. Please do not share your HarvardKey information with any other person, even a trusted individual in your life.
The HUID/password (formerly known as PIN) login type no longer meets current Harvard IT security standards and will be retired over the fall of 2016. HUID/password users who have not yet claimed a HarvardKey are encouraged to do so as soon as possible, and will also be reminded by email in advance of their HUID/password credential expiring. Once your HUID/password credential expires, you will no longer be able to access many of your Harvard services until you claim your HarvardKey. Learn more about this here.
You can always claim your HarvardKey, even after your HUID/password (formerly known as PIN) credential expires. However, once your HUID/password credential expires, you will no longer be able to access many of your Harvard services until you claim your HarvardKey. Learn more about this here. If you need any help claiming your HarvardKey, contact the IT Service Desk at firstname.lastname@example.org or 617-495-7777.
Use a password manager — software that generates and stores passwords for you — so you can use different complex passwords for each of your accounts without having to remember them all. As a Harvard affiliate, you can get a free premium account for the LastPass password manager; visit http://security.harvard.edu/lastpass to learn more and download. (When using a password manager with HarvardKey, please remember that some members of the Harvard Community will have to type in their HarvardKey to log in to their computer, so randomly generated passwords may not be the best choice.) You can also learn more about best practices for passwords at http://security.harvard.edu/use-strong-passwords.
Many online resources within the Harvard Community require verification of your identity before granting you access. By supplying a login name and matching password, you can verify, or authenticate, your identity. In order to reduce the number of credentials that you need to remember, HarvardKey acts as a unifying credential verifying your identity across Harvard without the need for multiple ID/password pairs.