Skip to main content

Two-Step Verification Required to Access Duke@Work

Starting July 1, staff and faculty must use multi-factor authentication to access personnel information

In early April, Duke’s IT Security Office notified the community of a “W-2 phishing attack” – a scam email that requested a copy of an employee’s W-2 tax form.

While no employee information was compromised, the incident is a reminder to Duke community members about the importance of protecting personal information against data theft and fraud.

To add another layer of protection, beginning July 1, Duke will require university staff and faculty to use multi-factor authentication to access the Duke@Work self-service portal for personnel information.

Multi-factor authentication is a two-step process that requires identity verification when logging into Duke systems. Staff and faculty will log in with Net ID and Password but they will also be asked to authenticate their identity using a second factor, typically via mobile phone.

Enroll in multi-factor authentication here.

When enrolling, you will be presented with authentication options including, receiving a phone call to your mobile or desk phone, receiving a passcode via text message or giving approval through the “Duo” smartphone app.

“It has been proven time and again that a password alone is not enough to protect your account,” said Richard Biever, Duke’s chief IT security officer. “Multi-factor authentication protects account holders when they fall victim to a phishing attack or have their password stolen through a breach because it requires not just something you know like a password, but also something you have such as a phone or the Duo mobile application.”

For help with set-up, staff, faculty and students may contact their local IT support or the OIT Service Desk at 919-684-2200 or by chat at oit.duke.edu/help.