Information Technology Services IT Security Office
 

2FA is now required for all employees to access Patriot Web and Banner-related applications.

  PP + Duo transparent background  

ADVANCED FEATURES

Duo offers a multitude of ways to use 2FA. What you have completed during the initial enrollment is recommended and supported by ITS. Some of the below features are not supported by ITS. Basic information is provided and you can find more information on the Duo Guide.

Additional Authentication Methods

How to use Multiple Devices

Additional Device Options

Smartphone and Tablet

If you are on a smartphone or tablet and you prefer not to receive push notifications through the Duo Mobile App then you can use a passcode instead. Passcodes are generated through the Duo Mobile App but do not require you to have data or wireless internet connection on your device.

Generating a Duo Mobile App Passcode
  1. On your enrolled smartphone or tablet open the Duo Mobile App.
  2. Beside the name George Mason University tap on the green key.
  3. You will see a 6-digit passcode.

You can generate another passcode at any time as it will only display for a short time. Generating a new password will invalidate any previously generated passcodes.

Using the Duo Mobile App Passcode (Web Applications)
  1. In the CAS login window, enter your NetID and Patriot Pass Password.
  2. In the 2FA login window, click Enter a Passcode.
  3. In the "Passcode" field, enter the six-digit passcode generated from the Duo Mobile app and click Log In.
Using the Duo Mobile App Passcode (VPN)

If you need more information about Cisco AnyConnect VPN go to vpn.gmu.edu.

  1. Open Cisco AnyConnect VPN on your computer.
  2. Type vpn.gmu.edu or your VPN Group URL and click connect.
  3. Begin logging into Cisco AnyConnect VPN with your Mason NetID.
  4. For the password, you will use your Patriot Pass Password followed by a comma and the passcode on your phone.
    For example: password,725495
  5. After you complete the authentication you will then be logged in on Cisco AnyConnect VPN.

Bypass Code (Non-Emergency)

If you know you will not have access to your 2FA enrolled device, you may request a bypass code for use in lieu of an enrolled device. Bypass codes are reusable and valid for 7 days.

Requesting a Bypass Code
  1. On a web browser go to the 2FA webpage, 2fa.gmu.edu. Click 2FA Account Login on the bottom right.
  2. Login with your Mason NetID and Patriot Pass Password.
  3. Complete the second factor authentication with your previously enrolled device.
  4. On the Management Options page click Request Bypass Codes.
  5. Click Generate Bypass Code.
  6. You will then see a bypass code and the expiration date/time.
  7. Request Bypass Code with Expiration
  8. Record or print the information
Using the Bypass Code

If you need more information about Cisco AnyConnect VPN go to vpn.gmu.edu.

  1. Open Cisco AnyConnect VPN on your computer.
  2. Type vpn.gmu.edu or your VPN Group URL and click connect.
  3. Begin logging into Cisco AnyConnect VPN with your Mason NetID.
  4. For the password you will use your Patriot Pass Password followed by a comma and the bypass code you were given.
  5. For example: password,725495
  6. After you complete the authentication you will then be logged in on Cisco AnyConnect VPN.

Append Mode (VPN USE ONLY)

If you using multiple devices when providing your 2FA you can use Append Mode. Append mode allows you to specify what device you would like the authentication request to be sent to. If you have multiple devices of the same type registered you can add a number to the end of the device names. For example, push2 will send a login request to your second phone, phone3 will call your third phone, etc.

More information about this feature can be found in the Duo Guide.

If your Second Device is a...
Enter... Duo Response
  • Smartphone with Duo Mobile App
User: Mason NetID
Password: Password,push2
Automatic Duo Push via Duo Mobile App on 2nd device
  • Smartphone without Duo Mobile App
  • Mobile Phone
  • Landline
User: Mason NetID
Password: Password,phone2 
Automatic Phone Call on 2nd device

If you are unable to access any of your devices, you may request an Emergency Bypass Code that will be sent to the alternate email that you used during enrollment

YubiKey

Yubikey 4 and 4cMason provides support for the YubiKey 4 and the YubiKey 4c for 2FA. To use a Yubikey, you will need to first setup the Yubikey and enroll it. Yubikeys are available for purchase at Patriot Tech.

Setting up the YubiKey

Following these steps will erase all accounts from your Yubikey.

  1. On your computer, download and install the Yubikey Personalization Tool from the Yubico website.
  2. Once the program is installed, insert your Yubikey into a USB port.
  3. Wait until the light on the Yubikey is a solid green. (If your computer prompts you to set up a new keyboard, close the window and continue to step 4.)
  4. Open the Yubikey Personalization Tool.
  5. Select Yubico OTP Mode.
  6. Click on the Quick button.
  7. Select Configuration Slot 1.
  8. Uncheck Hide Values.
  9. Click the Write Configuration button.
  10. If you are warned about overwriting the values in slot 1, click Yes.
  11. If you are asked to save a log file, you can save it or cancel.
  12. Leaving the Yubikey Personalization Tool open, continue to Enrolling the Yubikey.
Enrolling the Yubikey
  1. On a web browser go to the 2FA webpage, 2fa.gmu.edu. Click 2FA Account Login on the bottom right.
  2. Login with your Mason NetID and Patriot Pass Password.
  3. Complete the second factor authentication with your previously enrolled device.
  4. On the Management Options page click Enroll a Yubikey.
  5. From the Yubikey Personalization Tool, copy the Serial Number (in Dec or Decimal format), the Private Identity, and the Secret Key into the appropriate slots.
  6. Click on Enroll Device.
  7. Congratulations, your Yubikey is enrolled!
Using the Yubikey with Web Applications
  1. Plug your Yubikey into a USB slot on your computer (if it is not already).
  2. In the CAS login window, enter your NetID and Patriot Pass Password.
  3. In the 2FA login window, click Enter a Passcode.
  4. Press the button on your Yubikey and a passcode will automatically be populated
  5. Click Log In.
Using Yubikey with Cisco AnyConnect VPN

If you need more information about Cisco AnyConnect VPN go to vpn.gmu.edu.

  1. Plug your Yubikey into a USB slot on your computer (if it is not already).
  2. Open Cisco AnyConnect VPN on your computer.
  3. Type vpn.gmu.edu or your VPN Group URL and click connect.
  4. Begin logging into Cisco AnyConnect VPN with your Mason NetID.
  5. In the password box, type use your Patriot Pass Password followed by a comma then press the button on your Yubikey.
  6. For example: password, *press button on Yubikey*
  7. Cisco AnyConnect VPN will begin connecting automatically.
  8. Once the authentication is complete, you will be connected to the Cisco AnyConnect VPN.

If you are unable to access any of your devices, you may request an Emergency Bypass Code that will be sent to the alternate email that you used during enrollment.