On March 30, WebLogin and two-step authentication will change as University IT (UIT) implements further enhancements to improve the usability and maintainability of these services. Please read about the change details below.
Preparing for the changes
- If you’re NOT using a printed list or SMS for your two-step authentication, there’s nothing you need to do. You’ll notice a few screen changes, but everything will work much the same as now.
- If you ARE using printed lists or SMS/test for your two-step authentication, you should begin transitioning to another option IMMEDIATELY (and no later than March 30 for printed lists). You can learn more about alternatives to the printed list on the transition webpage.
Changes to two-step authentication
The changes to two-step authentication will be more noticeable, especially if you use a printed list or SMS as your two-step method.
- Printed list option no longer available — Beginning on March 30, you will no longer be able to generate new printed lists for two-step authentication. Your current list of codes will continue to work, but you will need to switch to a different option before exhausting the list. Several other options are available, including a hardware token, Duo Mobile passcode, or phone call.
- SMS option to be discontinued — In the coming months, the SMS (i.e., text message) option for two-step authentication will be discontinued because text messages are increasingly being intercepted by criminals to break into accounts. SMS users should instead download the Duo mobile app to their mobile device and use the Duo Push option, which is more secure and easier to use.
Alternatives to printed list two-step authentication
If you use a printed list or SMS/text to authenticate, choose one of these simple and reliable alternatives:
- If you need to authenticate without an internet connection, cellular connection, and/or a mobile device:
- Use the Duo Mobile app passcode, which requires a device but does not require an internet or cellular connection.
- Use a hardware token, which does not require an internet connection, cellular connection, or device. Tokens are available from the Stanford ID Card office.
- Use a call to a mobile phone or a call to a landline.
If you can authenticate with a smartphone or tablet, Duo Push is the recommended method; it is quick, simple, and secure.