The University of Washington is preparing to implement mandatory two-factor authentication for access to campus platforms. The university is encouraging students to begin using 2FA through Duo now ahead of required campus wide use this November across all UW campuses.

As reported by UW's student publication, The Daily, the university is on par for its November 2 deadline as it continues to convert all UW NetID accounts to two-factor authentication. All UW faculty have been using 2FA since June 15, and the November deadline will add all undergraduate and graduate students to the two-factor process.

Washington will leverage Duo for its two-factor authentication process. Duo Mobile is free to download and offers students the option to send notifications with an internet connection, a passcode generated by Duo Mobile without an internet connection, or a “Call Me” option that works with phone numbers in the US and parts of Canada.

In addition to Duo Mobile, UW is also offering a standard phone call option for any mobile phone or landline, as well as a hardware token option. UW-IT will provide a hardware token at no charge to the student, or support compatible devices. UW provides Feitian OTP c100 hardware tokens -- one-button hardware tokens that display a one-time passcode for signing in with 2FA.

According to the UW-IT website, required use of 2FA on the web is to better protect personal and institutional data. The university has now expanded two-factor authentication to include all resources that rely on a web browser for single sign-on with the UW NetID.

The university says that the decision to implement two-factor authentication came in part out of concern for students being affected by phishing schemes.

“As with faculty and staff, students will be able to opt in early starting now, before we make this required for our students in the fall,” said Andreas Bohman, vice president for UW Information Technology and chief information officer, in an email.

“Messaging to students has already begun, including through the University Registrars’ communications and our own student-facing channels. Outreach is underway with other stakeholders at all University of Washington campuses to ensure we reach students in as many avenues as possible.”

Two-factor authentication is being implemented on a number of campuses across the country. Duo is among the more popular platforms being used, though there is some variance in the methods campus IT departments are using.

UW-IT warns its campus community that if students suspect an email from someone claiming to be affiliated with UW to be fraudulent, never click any links provided, avoid entering your UW NetID if prompted, and always remain skeptical about opportunities that seem too good to be true.