What is happening?
On January 18th, the bypass that was in place to not require Two-Step (Duo) authentication when you are on campus will be removed. This will reverse the bypass that was put in during the spring of 2019.
Duo two-step is still going to be used. If you have Duo on a mobile device, you do NOT need to request a hardware token. We are only removing the bypass for on-campus customers. This means that when you log in to Office 365, Canvas or other Bowdoin services while on campus, you will need to authenticate with a 2-step device beginning in January.
Why is this happening?
Given the nature of our campus community learning and working from anywhere, it is crucial that we have the same controls in place when someone logs in to a Bowdoin service protected by two-step authentication, no matter where they are. Passwords alone are a weak way to validate access, and if we have an exemption for campus, it provides an easy way for an attacker to get around our important Two-Step implementation.
What does it mean for me?
You must have your Two-Step device (smart phone, yubikey, digital key fob, etc.) with you when you log in to a Bowdoin service protected by two-step authentication while you are on campus as well as off-campus. Contact the Service Desk if you need assistance with your two-step device, if you have lost your hardware token, it has been stolen, it has been damaged or would like to obtain one.