How to Turn On and Use Two-Factor for Weblogin

Instructions and tips for turning on two-factor authentication to protect your personal information in the services you log into via the Weblogin page (Wolverine Access, Canvas, U-M Google, U-M Box, MFile, MPrint, and more).

Need help? Contact the ITS Service Center.

First Enroll in Duo

Turn on Two-Factor

For best results, use either the Chrome or Firefox web browser. If you use Internet Explorer (IE), turn off Compatibility View.

  1. From a desktop or laptop computer, go to Turn On Two-Factor (Duo) for Weblogin.
  2. Log in with your uniqname and UMICH (Level-1) password.
  3. Depending on whether or not you already enrolled in Duo, you will be presented with one of the following two options:

Already Enrolled in Duo

  1. Click Turn it on.

    Duo Prompt

  2. Complete one of the Duo authentication methods (Send Me a PushCall Me, or Enter a Passcode).

    Duo Prompt

  3. Two-Factor for Weblogin is now turned on. Use the links to review best practices or enroll a backup device, or close the browser window to exit.

    Duo Prompt

Not Yet Enrolled in Duo

  1. Click Continue.

    Turn On Two-Factor screen

  2. Click Start setup and follow the Duo prompts to enroll a device.

    Turn On Two-Factor screen

  3. After completing the enrollment steps, click Continue to Login.
     

    Important!This document does not show the Duo prompts for the enrollment steps between steps 2-3 of this document because they are different for smartphones vs. landlines. To see the detailed enrollment steps, refer to:

     

    Turn On Two-Factor screen

  4. Complete one of the Duo authentication methods (Send Me a PushCall Me, or Enter a Passcode).

    Turn On Two-Factor screen

  5. Two-Factor for Weblogin is now turned on. Use the links to review best practices or enroll a backup device, or close the browser window to exit.

    Turn On Two-Factor screen

What to Expect

Same Number of Logins

  • The number of times you are prompted to log in to websites via the Weblogin page will not change after you turn on two-factor with Weblogin. It will simply add a second step log in—completing a two-factor authentication prompt.
  • If you generally work on a single device, in a single web browser, and your browser does not block cookies, you can check Remember me for 7 days when you log in. In this case, you will not be prompted to complete two-factor for 7 days.
  • If you use multiple browsers or private/incognito sessions, you will need to log in and complete the two-factor prompt for each new browser session.
  • If you change location throughout the day, you will be prompted to log in or reauthenticate with each new browser session.

Reauthentication and Time-Out Periods

You only need to complete two-factor authentication when you log in through the Weblogin page. Depending on the services and websites you use, you may be prompted to log in again.

  • Adding two-factor for Weblogin does not increase the number of times you are prompted to log in; it adds a second step to the login process.
  • Different services and websites prompt you to log in again after different time-out periods.

With U-M Google, there is essentially no time-out. If you are logged into your U-M Google Mail or Calendar all day, you may not need to re-authenticate as you access other systems.

If you use multiple browsers, change location (and therefore the network you are on), or log out of services and websites when you are done using them, the number of times you need to log in and use two-factor increases.

Some of the common time-out periods are listed below.

  • Wolverine Access:
    • Employee Self-Service: 30 minutes
    • University Business: 60 minutes
    • Faculty Business: 60 minutes
  • Canvas: 60 minutes
  • Weblogin: 120 minutes
  • U-M Box: 48 hours

How-to Videos

Tips

Add Backup Phones or Devices

It is not uncommon to forget your cell phone when you come to work. If you only have one phone enrolled in Duo, you can contact the ITS Service Center for a bypass code to let you in.

If you add your desk phone or a tablet as a backups, you could use them as an alternative until you have your primary device. You can enroll as many phone numbers or devices as you want. See Enroll in Duo for the enrollment procedures.

Remember Me for Seven Days

You can extend your two-factor authentication to seven days for services accessed via the Weblogin page (using the same device and web browser). To bypass the two-factor prompt for seven days, you must first check the Remember me for 7 days checkbox. This feature requires browser cookies.

Important!Checkbox grayed out? If you have set Duo to send you a push notification automatically, the Remember me for 7 days checkbox will be grayed out. Cancel the push by clicking the blue Cancel button in the lower right corner of the window. You will then be able to click the checkbox. Then you will need to click the Send Me a Push button (or choose another option if you wish) to authenticate.

Duo Login prompts with Remember me for 7 days checkbox checked.

Lock Your Screen Instead of Logging Out

If you do not share your workstation with others during your work shift, you may lock your screen when you take a break. This allows you to remain logged into systems while your computer is secured.

To lock your screen, press Ctrl+Alt+Del on a Windows computer. On a Mac, you will need to set your computer to require a password after sleep or after the screen saver begins (System Preferences --> Security & Privacy --> General tab). Then you can lock the screen by putting your computer to sleep or activating the screen saver.

You will need to log in to your computer to unlock it.

 You do not need to completely log out of administrative systems if you are going to work in the systems throughout the day and you lock your screen when you are away from your computer.

It's best to set all your devices—smartphone, tablet, computer—to lock the screen and require a password or passcode for access after 15 or fewer minutes of inactivity. To learn about this and other settings to secure your devices, see Secure Your Devices.

Working Across Campus

If you are someone on the move, you probably will want to use your smartphone (or basic cell phone) as your primary two-factor authentication device so you have it when you need it. Of course, you have to remember to carry it with you! If you primarily use your desk phone for Duo, you might want to add your cell phone as a backup to use when you’re out and about on campus.

Access From Home

Duo two-factor authentication is not restricted to U-M devices, phones or computers. If you work from home, or need to access personal information at home (for example, W-2s, paychecks), you can add your home phone number as a backup.

Last Updated: 
Monday, October 15, 2018