DUO Two-factor Authentication
Brookhaven National Laboratory is using DUO Security to provide two-step verification. Two-step verification will soon be required to access many protected resources and applications, and to connect to the local network using BNL's Virtual Private Network (VPN) service.
Do you have a BNL domain account?
Do you have the Duo App installed?
Select a device:
Note: Installing and using the mobile device app is the preferred method.
STEP 1:
Select an operating system (OS) to find and install the latest version of the Duo Mobile App. Then come back and complete STEP 2.
- iOS (iPhone, iPad): App Store
- Android (smartphone, tablet): Google Play
- Windows Phone (smartphone, tablet): Microsoft Store
STEP 2:
Go to BNL Duo Enrollment from your computer once you have installed the Duo Mobile app on your device.
View the Duo Frequently Asked Questions for more information.
YubiKey Token User Guide - Find information on how to remove, reset and use the token with Windows or Mac OS X systems.
Please note, you must have a BNL domain account to enroll and use Duo security.
- Request a BNL domain account
- How can I find out if I have a BNL domain account?
Please contact the ITD Helpdesk via email at itdhelp@bnl.gov or call 631-344-5522 for assistance.
Overview, How it Works
Two-factor authentication (also known as 2FA) is an extra layer of security that requires not only a password and username but also verifies your identity using a second factor (mobile device, tablet or USB token) that you physically have in your possession. Using two-factor authentication prevents anyone but you from logging in, even if they know your BNL username and password.
Step 1
Login with your BNL username and password
Step 3
You are securely logged in
Note: Duo lets you link multiple devices to your account.
Using Duo at Brookhaven Lab
Duo two-factor authentication can be used with the following BNL services:
- Brookhaven Lab Virtual Private Network Client (VPN)
Download Client | Login InstructionsUsing DUO to log into VPN
Example BNL Domain Credentials: Username: jdoe | Password: 123456 | Passcode: 987654
Select the Duo Two-factor authentication you set up in your profile.Push (smartphone)
Passcode (Duo App)
Passcode (YubiKey4 token)When prompted, enter your username "jdoe" and password "123456" then click [OK]. The login panel will disappear and you will get a push notification sent to your smartphone. Select [Approve] to authenticate.
Note: Push is the default and recommended authentication method. However, you may have to use the passcode authentication method if you do not have cell service.When prompted, enter your username "jdoe" then open your Duo App on your smartphone. Tap the key icon to get a one-time passcode for login.
Enter your password plus a comma and passcode from your Duo App "123456,987654" then click [OK] to authenticate. The login panel will disappear.When prompted, enter your username "jdoe" and password plus a comma "123456," then insert your token into an open USB port and press (1 second) the token button to authenticate (passcode will be inserted automatically after the comma). The login panel will disappear.
Note: You may have to wait for your token to install any hardware (if new) before you can authenticate.
YubiKey Token User Guide - Find information on how to remove, reset and use the token. - SSH Gateways
Using VPN with Cisco AnyConnect
Some of the Lab’s online resources, such as PeopleSoft and SBMS, require an additional layer of security. That means logging in with a Virtual Private Network (VPN). The Lab uses the application Cisco AnyConnect for this purpose. Note: to access the AnyConnect download page, you must have DUO Two-factor Authentication already installed and configured.
