Where can I learn more about two-step verification?

A good resource to learn more about where you can use two-step verification (also called two-factor or multi-factor authentication) is twofactorauth.org.  While you have to use two-step verification with your HarvardKey, deploying it with other services you use (at Harvard and elsewhere) is a great way to enhance your online security.

Can I add multiple devices to my DUO?

Yes! It is strongly encouraged that you add at least two devices (for example your mobile phone and a landline) to your Duo two-step verification.  That way if you cannot access one device you have a back-up for getting your code and logging in.  Within the Two-Step Verification settings box, click on the link that says 'Add a new device' (under the shield) to add your second device. 

Why don't I have the 'Remember Me' option?

If in your DUO Device Options you select a default and say always use this device, there will not be a 'remember me' option available.  Duo will always use the device you selected at each login. Go back to the settings and uncheck that box (to enable the 'Remember Me' option for web applications).

Can I set DUO to automatically remember me for 15 days?

Yes, on the login page you can check the 'Remember me For 15 days?' This preference will be noted and maintained for each web application.  Please note, if you choose to have your default device used every time - this feature is not shown.

Who can claim or manage my HarvardKey?

The short answer is YOU (and only you).  Per Harvard's Information Security Policy you may not share your password or access credentials with anyone. HUIT or any IT service at Harvard cannot reset your password for you.  The HarvardKey system is totally self-service - so that you are in control of all aspects of your own access.  Please do not share your HarvardKey information with any other person, even a trusted individual in your life.

Why is my HUID/password (PIN) login expiring?

The HUID/password (formerly known as PIN) login type no longer meets current Harvard IT security standards and will be retired over the fall of 2016. HUID/password users who have not yet claimed a HarvardKey are encouraged to do so as soon as possible, and will also be reminded by email in advance of their HUID/password credential expiring. Once your HUID/password credential expires, you will no longer be able to access many of your Harvard services until you claim your HarvardKey. Learn more about this here. 

What additional steps can I take to improve account security?

Check out the Harvard Information Security guide to security awareness to learn more how you can keep yourself and Harvard more secure — and consider taking these two steps right away to make a big difference.

  • Use HarvardKey's two-step verification feature to set up your phone or device as way to verify your identity — making it harder for anyone but you to log in to your account. Learn how to set up two-step verification here.
  • Use a password manager — software that generates and stores passwords for you — so you can use different complex passwords for each of your accounts without having to remember them all. As a Harvard affiliate, you can get a free premium account for the LastPass password manager; visit http://security.harvard.edu/lastpass to learn more and download. (When using a password manager with HarvardKey, please remember that some members of the Harvard Community will have to type in their HarvardKey to log in to their computer, so randomly generated passwords may not be the best choice.) You can also learn more about best practices for passwords at http://security.harvard.edu/use-strong-passwords.

Why do I need to log in to access some Harvard resources?

Many online resources within the Harvard Community require verification of your identity before granting you access. By supplying a login name and matching password, you can verify, or authenticate, your identity. In order to reduce the number of credentials that you need to remember, HarvardKey acts as a unifying credential verifying your identity across Harvard without the need for multiple ID/password pairs.