Student 2-Factor Authentication FAQ

 

Why is 2-Factor Authentication (2FA) being implemented?

We are adding this security measure to help keep your personal information as safe as possible. Even if someone else knows your username and password, they will not be able to get into your account unless they also have the device that you use to authenticate. 

Check out the article Why Do We Need 2-Factor Authentication? for more information.

 

How often will I need to do 2FA?

Once you do 2FA, your login will typically stay active for 30 days per browser, per device. That means you won’t need to do 2FA again unless:

  • You clear your browser history or cache
  • You switch to a different internet browser (e.g., from Chrome to Safari)
  • You use a different device (e.g., logging in from a library computer)
  • You browse in Incognito or Private mode

Example:

If you 2FA on your personal laptop using Google Chrome, you’ll be authenticated on that browser and device for 30 days. If later that day you log in using Safari on the same laptop, you’ll be prompted to do 2FA again—but after that, both Chrome and Safari will be good to go for 30 days.

How do I set up 2FA?

Setting up DUO 2FA is simple. Follow this guide: How-to: Setup, Install, Enroll, Activate DUO Mobile.

 

Will I need to do 2FA from the Testing Center?

No, 2FA will not be required in the Testing Center. We understand that you won’t be able to bring any authentication devices with you, so 2FA will not be enforced while you are in the Testing Center.

 

What if I get an 2FA notice when I’m not trying to log in to my account?

If you receive a Duo prompt that you didn't request:

  1. Deny the request immediately.
  2. Contact the IT Service Desk to report the incident to the Security Operations Center.
  3. Go to https://account.churchofjesuschrist.org/recovery and reset your Church password. 

This may indicate an attempted unauthorized login.

 

Will I need to do 2FA when using an on-campus network?

Yes—but only when accessing BYU-Idaho resources that require Single Sign-On (SSO). Starting June 25, 2025, you will be prompted for Duo 2FA when logging into SSO-protected services such as:

  • Canvas
  • Outlook
  • Workday
  • The BYU-Idaho Portal
  • Any other system that uses the Church Account sign-in page

You will not be prompted for 2FA when simply logging in to the computer itself (such as Windows or macOS). That means:

  • Logging into a classroom teaching station, lab computer, or office workstation with your BYUI credentials will not require 2FA
  • Accessing an SSO resource from that device (like opening Canvas or Outlook) will prompt a 2FA challenge

Tip: If you see the Church’s login screen while accessing a resource, that’s a good sign 2FA will be required.

Need Help?

📞 Call: (208) 496-9009

💬 Chat: Visit byui.edu/help and use the chat bubble

Hours of Operation:

Monday–Friday: 7:30 AM – 8:00 PM

Saturday: 10:00 AM – 4:00 PM (Mountain Time)

Closed during weekly devotional, forum hour, and university holidays

Print Article

Related Articles (1)

Why Do We Need 2-Factor Authentication?
- Purpose of 2-Factor Authentication
- What 2FA is helping to protect
- Safeguarding your account