Skip to main content

Cornell University

IT@Cornell

Use Apple Touch ID with Two-Step Login

How to set up MacOS Touch ID with Two-Step Login

This article applies to: Two-Step Login

Set Up Touch ID on Your Apple (MacOS or iOS) Device

For information about how to set up your Apple device to use Touch ID, visit Apple's documentation, Use Touch ID on Mac

Add Touch ID to Your Duo Account

Before starting, make sure that Touch ID is properly set up on the MacOS or iOS device that you will be using to log in to Cornell web services using Duo (Two-Step Login). Also make sure the browser you will be using (Chrome, Safari, or Firefox) is the most recent version.

Apple Touch ID can be used as an additional Two-Step Login (Duo) authentication method for web-based logins in case your primary method—Duo Mobile push, USB security key, or hardware token—is unavailable, or in case you just want a more secure passkey method.

When Touch ID is set up as a Duo authentication method, it will be specific to the device and browser used to set it up. It will need to be set up separately for use with other devices (even MacOS or iOS ones) or other browsers.

Also, Touch ID cannot be used to authenticate in Chrome Incognito or Safari Private Browsing.

To add Touch ID to Duo:

  1. Go to Manage Your Two-Step Login. Log in with your Cornell credentials and authenticate as required with your existing Duo method.
  2. Select Manage Devices to open the Duo device management portal. Authenticate again if required.
You can also get to the Duo device management portal from a Duo browser prompt by selecting Other options, then Manage devices.

  1. On the Duo device management portal, select Add a device.

    Duo device management showing Add Device panel

  2. Select Touch ID from the Add a device list.

    Duo Add a Device screen showing Touch ID, Duo Mobile and Security key options, with Touch ID option highlighted

  3. Select Continue.

    Duo Set up Touch ID screen showing Countinue button highlighted.

  4. Authenticate by using your device’s Touch ID to verify your identity.

    Duo Use Touch ID screen showing fingerprint icon and browser message to use the Touch ID method or enter a device password.


    You may be prompted to authenticate with a different Duo method instead of tapping Touch ID if you haven't added your fingerprint to Touch ID on your Mac yet, or if you have your laptop closed so you can't access the Touch ID button. 

  5. Duo confirms that Touch ID has been added to your verification methods. Select Continue to return to the Manage Devices portal.

    Duo Added Touch ID screen confirming method added showing Continue button

After you have set up Touch ID, when you are prompted to use Touch ID by Duo but would like to use a different method, click Other Options in the browser Duo prompt for a list of your available methods.

  • Be aware that the Duo Touch ID method does not support CUVPN, RDP, or SSH authentication.
  • You must set up Touch ID for Duo per browser. If you set it up in Chrome, it won’t automatically work in Safari or Firefox.
  • The Duo Touch ID method only works on the MacOS or iOS device where it was registered.
  • It is a good idea to set up multiple Duo authentication methods (e.g., Duo Mobile app, hardware token, USB security key) in case Touch ID is unavailable.

Comments?

To share feedback about this page or request support, log in with your NetID

At Cornell we value your privacy. To view
our university's privacy practices, including
information use and third parties, visit University Privacy.