Duke Security Offices position statement on use of MFA:
Due to an increase in attempts to gain access to Duke accounts using passwords exposed in breaches at other organizations, Duke is preparing to require multi-factor authentication (MFA) for login to all NetID-protected services from outside the Duke network. With this change you will be required to use MFA whenever you access NetID-protected services from outside of the Duke wired, wireless, or virtual private network (VPN) such as from any mobile/cellular, home networks, etc.
In anticipation of this change, the Duke Security Offices advise taking the following steps as soon as possible:
All NetID Users
Duke users should never use their Duke NetID or password for non-Duke systems or accounts and never reuse passwords that they have used previously. Users should opt in to enforcing MFA either “Always” or “Off campus and when required” at the MFA self-service site:
Opting in to use MFA for all logins by selecting “Always” can save time by avoiding the need to log in again when moving between systems that don’t require MFA to those systems that do.
For the most convenient and secure authentication, consider enrolling eligible personal devices for Duke Unlock to meet MFA requirements without passwords or additional verification steps.
Sponsors of Guest Accounts
Sponsors of guest accounts should notify their sponsored guests to opt in to using MFA for all NetID-protected services logins by selecting “Always” at the MFA self-service site.
Owners of Duke services integrated with NetID login through Shibboleth are encouraged to enable MFA requirements for all authorized users of their service in the Service Provider (SP) Registration tool:
Security Offices position statements outline the ISO/ITSO's view on security-related topics and provide guidance concerning Duke standards.
Document Type: Other