Two-Step Verification

Also known as: 2-step authentication, 2-factor authentication, multi-factor authentication, multifactor, MFA, Duo

2-Step VerificationUse two-step verification where it is available at Harvard and elsewhere. The information contained within the 'Use Strong Passwords' section of the University's 'Small Actions, Big Difference' security campaign can teach you how to create a strong password, manage all your passwords in a password manager, and enable two-step verification to protect against account theft. 

What is Two-Step Verification?

Two-step authentication adds a second layer of security to your accounts. Verifying your identity using a second factor (like your phone or other mobile device) prevents anyone but you from logging in, even if they know your password.

Two-Step at Harvard


Harvard is a high priority target for hackers, including foreign nation state-sponsored entities who attempt to access University systems with ever-increasing sophistication and frequency. HUIT has partnered with Duo to offer the entire Harvard community two-step verification with HarvardKey. Duo is designed to provide an extra level of security, and to make it more difficult for an impersonator to use Harvard credentials to access our systems. This step will greatly enhance our information security, and help to protect direct deposit information, research data, and intellectual property, as well as faculty, staff, and student personal information.

You can sign up for Duo two-step verification by following the instructions posted at:

Microsoft Office 365

Since the successful launch of two-step verification for HarvardKey, compromised accounts at Harvard have dropped to near zero. The same login protection to your Microsoft Office 365 account (Outlook, OneDrive, SharePoint, Teams, etc.) is now available. The enhanced login process is quick, easy, and uses your existing Duo account. To get started using two-step for Office 365, visit:

How Does it Work?

Once you've enrolled in Duo you're ready to go: You'll log in as usual with your username and password, and then use your preferred device to verify that it's you. Your can choose to do this via SMS, voice call, one-time passcode, the Duo Mobile smartphone app, and so on, but ultimately the steps remain the same:

  1. Enter username and password as usual
  2. Use your phone to verify your identity
  3. Securely log in

No mobile phone? You can also use a landline or tablet. Duo lets you link multiple devices to your account, so you can use your mobile phone and a landline, a landline and a hardware token, two different mobile devices, etc.

Two-Step Elsewhere

In the event you are using non-Harvard managed resources, you can still opt-in to this additional authentication. Several organizations support multi-factor authentication to add security controls to your data. Verify if your service providers are offering this technology and enroll your account by visiting: