How can we help?

Quick Login

Two-Step Login

Two-Step Login Mobile App Update

Duo, the vendor for Two-Step Login, has launched a new user interface (UI) for its iOS and Android mobile apps. This change makes it easier for you to enroll, authenticate, and troubleshoot Two-Step Login.

New Users: Get Started with Two-Step Login

Two-Factor Authentication

Two-Step Login adds an extra layer of security to your Cornell NetID and password by requiring:

something you know (your NetID and your password), plus
something you have (a physical device, like your phone)

password plus proof equals access

This is called two-factor authentication, and it's required for access to certain university services, such as Workday, Student Center, and Student Essentials. Duo Security provides the technology behind Two-Step Login.

Two-Step Login makes it much more difficult for intruders to use your identity to access campus services. Even if your password has been stolen, the second step to the login process will prevent someone from logging in.

For certain university services and information, typically ones that grant access to sensitive information, you will be required to use Two-Step Login. You can also choose to expand where you use Two-Step Login to better protect your NetID password.

Key Features

Decrease your risk of account compromises and identity theft, along with the consequences of lost time, money, and privacy
Get alerted if your password is stolen or guessed as soon as someone tries to log in
Use your smartphone, cell phone, tablet, or landline phone to confirm your login requests
Choose to let Two-Step Login remember you for 24 hours (for most login requests)
Expand where you use Two-Step Login to better protect your NetID password

Who Can Use Two-Step Login

Two-Step Login accounts are available to all current students, faculty, staff, alumni, retirees, and affiliates, as well as people who have a Sponsored NetID.

People who have GuestIDs are not eligible for Two-Step Login.

----------

Manage Your Two-Step Login

Where you go to start using Two-Step Login
Where you go to update your devices and preferences

Get Started with Two-Step Login

Duo User Guide

Service Details

Extra security for your Cornell NetID password

Audience(s):

Alumni Faculty IT Professionals Staff Students

Cost:

No Fee

Regulated Data:

Not applicable or information not available.

Support Contact:

IT Service Desk

Phone: (607) 255-5500

Form to Get Help (if you have a NetID)
Form to Get Help (if you don't have a NetID)
Support Hours: Monday-Friday, 8am-6pm (Eastern Time)
Emergency Service Disruptions: After Hours Support

Compare to:

1 NetIDs

The NetID is a unique electronic identifier in which the password permits secure access to non-public Cornell resources and information.

2 CUWebLogin

Audiences:

Comparison	Two-Step Login	NetIDs	CUWebLogin
Alumni:
Faculty:
IT Professionals:
Staff:
Students:
Visitors:

Two-Step Login Articles

see all

Get Started

Get Started with Two-Step Login

How to set up Two-Step Login for the first time

Choose Your Authentication Device for Two-Step Login

Compare the types of devices you can use for Two-Step Login authentication

Two-Step Login Setup Guide

Detailed instructions about how to set up Two-Step Login. For a shorter version of these instructions, see Get Started with Two-Step Login.
Log In

Log In Using Two-Step Login

How to use Duo Push, a phone call, or a passcode to authenticate with Two-Step Login, plus “Remember me for 24 hours.”

Log in Using a Phone Callback for Two-Step Login

How to use a phone call to authenticate with Two-Step Login

Log In Using a USB Security Key for Two-Step Login

How to use a security key, inserted in a USB port, to authenticate with Two-Step Login

Log In Using Duo Push for Two-Step Login

How to use the Duo Push app to authenticate with Two-Step Login. This also includes information about your location privacy. Duo only records a general location at the time of the login attempt.

Log In Using Touch ID for Two-Step Login

How to use MacOS Touch ID with Two-Step Login

Log in with a Passcode for Two-Step Login

How to use a passcode to authenticate with Two-Step Login

Log in with Append Mode or Second Password Authentication for Two-Step Login

How to use append mode or a second password to authenticate with Two-Step Login for services that don't support CUWebLogin

Remember Me for 24 Hours in Two-Step Login

How to use Remember me for 24 Hours to reduce the number of times Two-Step Login prompts you to authenticate

When to Deny a Two-Step Login Request

If you get a request you weren't expecting, don't accept it.
Manage Devices

Manage Two-Step Login Devices

How to configure your Two-Step Login devices and add new ones

Add a New Device to Two-Step Login

How to add a new device (smartphone, tablet, landline, cell phone, hardware token, or U2F token) to authenticate with Two-Step Login

Change a Device Name for Two-Step Login

How to set meaningful names for your Two-Step Login devices

Check the Status of Your Two-Step Login Account

Confirm that your Two-Step Login account is ready to use.

Hardware Tokens for Two-Step Login

How to set up and use hardware tokens with Two-Step Login

Remove a Device from Two-Step Login

How to remove a device from you list of enrolled devices in Two-Step Login

Replace Your Smartphone Listed in Two-Step Login

How to replace the smartphone you have listed in Two-Step Login using a new phone with the same phone number or a different phone number.

Set Your Default Two-Step Device and Automatic Authentication

How to set your default device and select automatic authentication for Two-Step Login
Common Tasks

Check the Status of Your Two-Step Login Account

Confirm that your Two-Step Login account is ready to use.

Expand Where You Use Two-Step Login

Use Two-Step Login with more sites

Remember Me for 24 Hours in Two-Step Login

How to use Remember me for 24 Hours to reduce the number of times Two-Step Login prompts you to authenticate

Use Two-Step Login when you Travel Outside the US

How to use Two-Step login when outside the United States

Use Two-Step Login When You're Going to be Without Wi-Fi or Cellular Service

When you are going to be without Wi-Fi or cellular service, you can: Use Duo Mobile on your smartphone or tablet to generate a one-time passcode, or Use a hardware token to...

When to Deny a Two-Step Login Request

If you get a request you weren't expecting, don't accept it.
Office 365

Before You Start Using Two-Step Login with Office 365

How It Works Whether Two-Step Login has been mandated for your Office 365 account or you are choosing to opt in, it protects access to your email, calendar, and all other Office 365 services...

Opt In to Two-Step Login for Office 365

How to opt in to use Two-Step Login with Office 365.

Can I Pick which Office 365 Services Use Two-Step Login?

Can I Use Two-Step Login for Office 365 on the Web Only? No. Limiting Two-Step Login to Office 365 on the web would allow an attacker to bypass Two-Step Login's extra...

Configure the Apple iOS Mail and Calendar App for Use with Two-Step Login

How to update your cornell.edu account profile so you can use Two-Step Login for Office 365 with Apple's iOS Mail and Calendar apps on your phone or tablet.

How Often Will I Be Prompted to Login to Office 365

How often Office 365 will prompt you to authenticate on Office 365 applications or Outlook on the Web.

Is Two-Step Login for Office 365 Required?

I am required to use Two-Step Login when I log in to a campus service with CUWebLogin. Will this requirement extend to Office 365 as well?

My Mac Cannot Sync Contacts After Opting in to Two-Step Login for Office 365

User Experience If you use the macOS Contacts app, you may not be able to sync your contacts after opting in to Two-Step Login for Office 365. What to Do Select System...

Office 365 and Two-Step Login

Frequently Asked Questions (FAQ) about Two-Step Login for Office 365

Office 365 Is Not Prompting Me for Two-Step Login

User Experience Office 365 is not prompting me for Two-Step Login, even though I opted in. Explanation Except when you are using Outlook on the Web (outlook.cornell.edu),...

Test Two-Step Login for Office 365

How can I tell whether opting in to Two-Step Login for Office 365 worked?

Two-Step Login Authentication Prompt for Office 365

Why is the prompt for the second step of logging in to Office 365 different from what I usually see? When there is not enough room on the page to display the regular prompt, Two-Step Login...
Troubleshooting

I Can't Log In Using Two-Step Login

Common troubleshooting tips for Two-Step Login problems, including a disabled account, time away from the university, blocked connections to Duo Security, and conflicts with Dragon NaturallySpeaking.

What should I do if my Two-Step Login device is lost or stolen?

What to do if your device is lost or stolen

Can I use Remember me for 24 hours in Two-Step Login if third-party cookies are blocked?

How to use Remember me for 24 Hours if third-party cookies are blocked by your browser

Configure the Apple iOS Mail and Calendar App for Use with Two-Step Login

How to update your cornell.edu account profile so you can use Two-Step Login for Office 365 with Apple's iOS Mail and Calendar apps on your phone or tablet.

Exchange Account Warning for iOS

What to do if you see the following warning, "Adding an Exchange account will allow the Exchange administrator to remotely manage your device. The administrator may collect personal data, add/remove accounts and restrictions, list, install, and manage apps, and remotely erase data on your device."

How do I unlock my account in Two-Step Login?

What to do if your Two-Step Login account is locked

I Forgot My Device or Passcode for Two-Step Login

How to use Two-Step Login if you don't have access to any of your enrolled devices or passcodes

I'm Having Problems with My Hardware Token for Two-Step Login

Troubleshooting common problems with a Two-Step Login hardware token

My Account is Disabled

Instructions to access your account if it was disabled.

My Mac Cannot Sync Contacts After Opting in to Two-Step Login for Office 365

User Experience If you use the macOS Contacts app, you may not be able to sync your contacts after opting in to Two-Step Login for Office 365. What to Do Select System...

My Security Key Does Not Work with Firefox for Two-Step Login

What to do if your Two-Step Login USB security key does not work in the Firefox browser.

My U2F Security Key Prompts Me to Update

Why is my U2F (USB) Security Key prompting me to update? What to do if that happens.

Office 365 Is Not Prompting Me for Two-Step Login

User Experience Office 365 is not prompting me for Two-Step Login, even though I opted in. Explanation Except when you are using Outlook on the Web (outlook.cornell.edu),...

Remember Me for 24 Hours Does Not Work in Safari

User Experience The Remember me for 24 Hours checkbox does not work with Safari 13.0.4 and up on devices running macOS Mojave 10.14. Solution There are two options...

Replace Your Smartphone Listed in Two-Step Login

How to replace the smartphone you have listed in Two-Step Login using a new phone with the same phone number or a different phone number.

Troubleshooting: Duo Updates to USB Security Key Method

Beginning in mid-January 2022, Two-Step Login users who authenticate using a USB security key (hardware token) will need to update their key and should expect an extra step in their login process.

Two-Step Login Authentication Prompt for Office 365

Why is the prompt for the second step of logging in to Office 365 different from what I usually see? When there is not enough room on the page to display the regular prompt, Two-Step Login...

Why Can't I Opt Out of Two-Step Login?

The Expand Where You Use Two-Step Login tab does not show and the Opt Out button is not available.

Why Can't I Use KProxy with Two-Step Login?

Two-Step Login is not compatible with KProxy. Instructions to use WebDAV instead.
About

Five Reasons You Want Two-Step Login

Benefits of increased security through Cornell's Two-Step Login service

Privacy and Location Data in Two-Step Login

How and when the Duo Mobile App uses your location data

Two-Step Login Terms and Conditions

Your use of Cornell Two-Step Login must adhere to all University Policy that pertains to individual responsibility for safeguarding access to campus IT services and assets. Related...
Admins: Add Two-Step Login to Your Online Service

Add Two-Step Login to Your Online Service using CUWebLogin

For Administrators: If your service authenticates with CUWebLogin (CUWL), you can easily add Two-Step Login. Otherwise, you may be able to integrate two-factor authentication using a Duo Application.

Add Two-Step Login to Your Online Service Using a Duo Application

For Administrators: How to add Two-Step Login to your online service using a Duo Application

Two-Step Login for System Access

For Administrators: How to add Two-Step Login for logging in to servers and workstations
Get Support

Two-Step Login Support

Get help using two-step login or review documentation

Was this page helpful?

Your feedback helps improve the site.

Comments?

To share feedback about this page, log in with your NetID.
Need assistance with an IT@Cornell service? Contact the Service Desk instead.

Search Filters:

Services

Quick Links and Search

How can we help?

Quick Login

Two-Step Login

Two-Step Login Mobile App Update

Learn More

Two-Factor Authentication

Key Features

Who Can Use Two-Step Login

Service Details

Two-Step Login

Audience(s):

Cost:

Regulated Data:

Support Contact:

Compare to:

1 NetIDs

2 CUWebLogin

Audiences:

Two-Step Login Articles

Get Started

Log In

Manage Devices

Common Tasks

Office 365

Troubleshooting

About

Admins: Add Two-Step Login to Your Online Service

Get Support

Was this page helpful?

Comments?

Support

Follow IT@Cornell...