To protect against phishing and other exploits of stolen passwords, Information Services implemented Duo Security two-factor authentication for faculty, staff, and student use of our campus VPN on October 1, 2018.

What is Duo? Duo is a second layer of protection for your network login.


Theft of credentials (NetID/password) is increasingly common. Some of the ways credentials may be compromised are:
•    A user can be tricked into giving away their NetID and password through a malicious email or phishing or other online scams.
•    Many people reuse passwords on other websites (Amazon; LinkedIn). If compromised, attackers often publish or sell the password.
•    A user shares their Network ID and password with someone else.
•    A user logs in from an infected computer where attackers record keystrokes of the users' passwords (keylogger).

In the past, individuals used only their NetID and password to connect to the VPN. Two-factor authentication (2FA) strengthens security by requiring two factors to verify your identity, such as something you know (NetID/password) plus something you have (mobile device/app). Using the free Duo Mobile smartphone app (for iOS, Android) is the simplest and preferred method for obtaining the second-factor codes. An alternative is to purchase a Duo key fob at the UR SpiderShop.

Use of Duo Security two-factor authentication to access the VPN is required as of October 1, 2018. Instructions on how to set up two-factor authentication and how to log into the VPN using Duo are available on the Information Services website. If you have questions, please contact the Help Desk at helpdesk@richmond.edu or (804) 287-6400.