In our increasingly security-conscious world, a password is no longer enough to adequately protect your information. Two-factor authentication is the new standard for protection.

Two-Factor authentication, as we’ve implemented it, works by asking you to tell Carleton about a device you own, such as your smartphone. When you try to log into a Carleton system after that point, DUO uses that information to look up what device you had previously registered, and then sends a request to that device to make sure that the person who entered that username and password is really you. Your password is the first factor, and the device is the second factor. At Carleton, we use a software package called Duo to handle Two-Factor authentication.

Get Backup Codes:

If you don’t have Duo, follow the instructions below to sign up, but be sure to get backup codes once you are configured!

  • Follow the instructions to get a set of five Backup Codes
  • These one-time-use codes will let you access your account temporarily if your primary device does not work
  • Write them down and store them somewhere you can get to them (not on your phone, in case your phone is broken)

Getting Started:

  • Signing up for Two-Factor authentication requires you to register at least one device with Duo. We recommend you register more than one device.
  • Detailed information on how the Carleton account Duo sign-up process works may be found here: Two-Factor Authentication – Duo. Enrollment page is here: Login Information.
  • After you’ve enrolled in Duo, the login prompt will look like this: Duo Prompt. You may also check a box that tells Duo to remember you for 60 days, so you don’t get prompted every time.
  • Duo has a native app for iPhones, Android phones, and Windows phones. However, based upon your mobile phone and/or according to your preferences, you may opt to receive passcodes via SMS text message, or via a phone call (in which you will be instructed to press a button on the keypad).
  • Detailed information on how to re-configure Duo on a new phone, add another Two-Factor device such as an office or spouse’s phone may be found here: Duo Enrollment Guide.

More Info:

  • Using something other than a smartphone as your second factor: Other Duo Options
  • Using a special hardware key as your second factor (good while traveling)
    • If you would like a method of authentication that does not use text messages, phone calls, or an app on a smartphone, or if you will be traveling to areas without reliable US cell reception or wireless, there are small devices that Carleton community members can request for free (and keep) that generate codes that are synchronized with your account.
    • At any point, in any location, you can use one of those codes to authenticate.  The codes refresh every few seconds.
    • To request one of these authenticators, sign up for Duo as described above and configure at least one phone, then call or email the ITS Helpdesk. We need at least 1 week’s notice to make sure we have an available device and can properly link it to your account.
  • Why do some systems at Carleton not ask me for Duo?
    • URLs beginning with or use Two-Factor authentication, and we’re adding more sites to the list. Some examples include: Google, Reason, Symplicity, Terradotta, search committee access to, Slate Admissions, this Wiki,,, and about 50 off-campus services.
    • For faculty, staff, and students, because the risk is low, ITS-managed public labs are exempt from Duo for many sites commonly used for standard academic purposes, but services that contain sensitive, protected information will still prompt for Duo Authentication in labs. If you are repeatedly prompted for Duo confirmation on a public lab computer, let the ITS Helpdesk know.



Please contact the ITS Helpdesk.