BNL Home

DUO Two-factor Authentication

Brookhaven National Laboratory is using DUO Security to provide two-step verification. Two-step verification will soon be required to access many protected resources and applications, and to connect to the local network using BNL's Virtual Private Network (VPN) service.

Get started with DUO

Do you have a BNL domain account?

Yes No

Do you have the Duo App installed?

Yes No

Select a device:

Note: Installing and using the mobile device app is the preferred method.

Mobile Device USB Token

STEP 1:
Select an operating system (OS) to find and install the latest version of the Duo Mobile App. Then come back and complete STEP 2.

STEP 2:
Go to BNL Duo Enrollment from your computer once you have installed the Duo Mobile app on your device.

View the Duo Frequently Asked Questions for more information.

token
Since a project and activity number is required to cover the $38.40 cost of each YubiKey4 token, using the mobile app is the preferred method. Please submit a Service Now request if you still would like a token.

YubiKey Token User Guide - Find information on how to remove, reset and use the token with Windows or Mac OS X systems.

Please note, you must have a BNL domain account to enroll and use Duo security.

Overview, How it Works

Two-factor authentication (also known as 2FA) is an extra layer of security that requires not only a password and username but also verifies your identity using a second factor (mobile device, tablet or USB token) that you physically have in your possession. Using two-factor authentication prevents anyone but you from logging in, even if they know your BNL username and password.

step one

Step 1

Login with your BNL username and password

step two

Step 2

Verify your identity by using a mobile device or USB token

step three

Step 3

You are securely logged in

Note: Duo lets you link multiple devices to your account.

Using Duo at Brookhaven Lab

Duo two-factor authentication can be used with the following BNL services:

  1. Brookhaven Lab Virtual Private Network Client (VPN)
    Download Client | Login Instructions
    Using DUO to log into VPN
    Example BNL Domain Credentials: Username: jdoe | Password: 123456 | Passcode: 987654
    Select the Duo Two-factor authentication you set up in your profile.
    Push (smartphone)
    Passcode (Duo App)
    Passcode (YubiKey4 token)
    When prompted, enter your username "jdoe" and password "123456" then click [OK]. The login panel will disappear and you will get a push notification sent to your smartphone. Select [Approve] to authenticate.

    Note: Push is the default and recommended authentication method. However, you may have to use the passcode authentication method if you do not have cell service.
    When prompted, enter your username "jdoe" then open your Duo App on your smartphone. Tap the key icon to get a one-time passcode for login.

    Enter your password plus a comma and passcode from your Duo App "123456,987654" then click [OK] to authenticate. The login panel will disappear.
    When prompted, enter your username "jdoe" and password plus a comma "123456," then insert your token into an open USB port and press (1 second) the token button to authenticate (passcode will be inserted automatically after the comma). The login panel will disappear.

    Note: You may have to wait for your token to install any hardware (if new) before you can authenticate.

     YubiKey Token User Guide - Find information on how to remove, reset and use the token.
  2. SSH Gateways

Help, I'm having a problem with DUO

DUO User Guide

About the Duo Mobile App

Duo Testing & Device Settings

Use the BNL Duo Enrollment and Testing website to perform the following:

  • Test enrolled Duo Mobile App
  • View enrolled devices
  • Make setting changes to enrolled devices

Note: You must already have the Duo Mobile App installed and enrolled to use this website. If not, please go to the Getting Started section.