Two-Step Verification

Tips

Without reliable internet or cell signal?
Download the Duo Mobile App from your app store to generate changing six-digit mobile passcodes without a connection.

Verify every 30 days
Follow these directions to use two-step just once a month

Harvard uses DUO Security to provide two-step verification on HarvardKey.
Two-step verification is required to access HarvardKey-protected resources and applications, and to connect to the network using Harvard's Virtual Private Network (VPN) service.

Set up a device

print instructions

<embed>
Copy and paste this code to your website.
Copy and paste this code to your website.

Two-step verification is an extra layer of security designed to ensure that you're the only person who can access your Harvard account, even if your password is stolen. Verify your identity with a device in your possession, commonly a mobile phone, as part of your HarvardKey login.

two steps to secure

Accessing HarvardKey-protected resources and applications will work a little differently with two-step verification.

Step 1: Log in to HarvardKey with your username and password

Step 2: Verify the log in with a device in your possession. You can authenticate with a mobile app or a landline.

Tips:

  • Authenticate using the Duo Mobile app passcode generator in areas with weak or unavailable cellular service, or for VPN access.

  • Verify every time or just once a month with "Remember me for 30 days"

Roll Out Schedule

School/UnitTwo-step verification will be required on...
Users of HUIT's Virtual Private Network (VPN)Wednesday, September 28, 2016
Harvard Graduate School of DesignWednesday, September 28, 2016
Central Administration, Museums, Inter-faculty Initiatives, and Allied InstitutionsWednesday, October 5, 2016
Radcliffe Institute for Advanced StudyWednesday, October 12, 2016
Harvard Divinity SchoolWednesday, October 12, 2016
Harvard Division of Continuing Education *Faculty and Staff Only*Wednesday, October 12, 2016
Faculty of Arts and Sciences, including Harvard College and GSASWednesday, October 19, 2016
Harvard John A. Paulson School of Engineering and Applied SciencesWednesday, October 19, 2016
Harvard Medical School *Quad only*Tuesday, November 1, 2016
Harvard T.H. Chan School of Public HealthTuesday, November 1, 2016
Library Special BorrowersTuesday, November 8, 2016
Harvard Business School and Harvard Business School PublishingThursday, November 17, 2016
Harvard Graduate School of EducationThursday, November 17, 2016
Harvard Kennedy SchoolThursday, November 17, 2016
Harvard Law SchoolThursday, November 17, 2016
Division of Continuing Education (DCE) StudentsThursday, February 23, 2017

**Non-quad HMS will be required on a rolling basis; retirees are strongly encouraged to use two-step verification on HarvardKey, but will not be required during this time period. Target date for full adoption is end of FY17. This service is not currently available for alumni.**

Popular FAQs

  • Why is Harvard requiring the use of two-step verification?
    Harvard is a high priority target for hackers, including foreign nation state-sponsored entities who attempt to access University systems with ever-increasing sophistication and frequency. Two-step verification is designed to provide an extra level of security, and to make it more difficult for an impersonator to use Harvard credentials to access our systems. This step will greatly enhance our information security, and help to protect direct deposit information, research data, and intellectual property, as well as faculty, staff, and student personal information.
  • What is two-step verification?
    Two-step verification adds an extra layer of security to your Harvard account. You sign in with something you know (your HarvardKey password) and use something you have (commonly a mobile phone) to verify your identity. This way, cybercriminals cannot access your Harvard account, even if they have your password. HarvardKey has partnered with Duo Security to provide this service.
  • What devices can I use? What if I don’t have a smartphone, or don’t wish to use my personal device?
    While a smartphone with the Duo Security mobile app installed is highly recommended for ease of use, you can use a variety of devices and authentication methods to meet your needs. Use of a personal device is not required.
  • What happens if I don’t have access to my primary device? What if I forget or lose my mobile phone?
    If you add a second device (strongly recommended) when setting up your two-step verification account, you may use that second device to authenticate. Additionally, the HUIT Service Desk has the ability to provide a one-time bypass code over the phone (additional information will be required to verify your identity). Call the service desk at 617-495-7777 to speak to a support services specialist.
  • What if I travel often or work overseas?
    Anyone who travels or works internationally and needs to log in to HarvardKey-protected resources can set their two-step verification method to “Duo passcode.” You can use Duo Mobile Passcode to generate your authentication code without an Internet or cellular connection. If you don't have a smartphone or tablet, hardware tokens that generate codes are available.