CLASSE Duo: Two-Factor Authentication

In light of the increased threat posed by ransomware and account compromises, CLASSE is adopting the use of Duo two-factor authentication for enhanced security of web services and remote logins. CLASSE Duo uses the exact same app as Cornell's Duo service (no new installation needed), although a separate CLASSE registration is required.

To enroll a new device or manage your existing two-factor devices, please log into the CLASSE Duo Device Manager with your CLASSE account:

Manage your CLASSE Duo devices

• If your phone broke, as long as your number is the same, you can log in above using the "Call Me" setting one time to enroll your replacement phone.

Alternative Enrollment Methods

Enroll via Service Request

CLASSE IT can manually enroll one device in Duo for you if other options fail. Submit a ServiceRequest for assistance enrolling in CLASSE duo, including the phone number of the device you would like associated with your CLASSE account.

Enroll via SSH

CLASSE also supports using SSH to enroll your account with Duo.

Windows 10

Mac OS/Linux

---

Tips for Using Duo

• When upgrading or replacing your mobile device, it is considered a new device and will need to be enrolled to CLASSE Duo before two-factor authentication will work.
• When requesting a Duo phone call, please follow the instructions in the phone message and press any key on your phone to complete the process.
• Because the CLASSE VPN uses Duo, we recommend that, in the Pritunl software, you leave the "Autostart Off" setting untouched. Otherwise, you might receive spurious Duo prompts (e.g. in the middle of the night when your computer wakes up for updates). This Pritunl setting can be found below the "Connect" button for your VPN connection. If your setting says "Autostart On", you can change it by clicking on that button and selecting "Off".