Two-Factor Authentication (2FA) on Campus: What You Need to Know
Effective June 25, 2025, all BYU-Idaho on-campus devices will require Duo Two-Factor Authentication (2FA) when accessing web-based BYU-Idaho applications that use Single Sign-On (SSO) - such as Canvas, Workday, and the BYUI Website.
Note: You will not need to use 2FA to sign in to the device - only when logging into BYU-Idaho applications via the web browser.
To avoid disruptions, please test your setup ahead of time and be sure to bring your phone or other authentication method with you to campus.
How can I test the new 2FA before June 25th?
To test the new 2FA system, try signing in to any BYU-Idaho protected website (like Canvas, the BYUI Portal, or Workday) from a device that is not connected to the BYU-Idaho network.
For example:
- Use your phone with cellular data (not connected to BYUI Wi-Fi)
- Or try logging in from home or another off-campus location
This will simulate the same experience you’ll have when 2FA is required on campus starting June 25. Be sure to have your phone or authentication device with you during the test.
Why is 2FA being implemented?
2FA provides an extra layer of security to your account. Even if your password is compromised, M2A helps prevent unauthorized access. Learn more: Why Do We Need Two-Factor Authentication?
How do I set up 2FA?
Setting up DUO 2FA is simple. Follow this guide: How-to: Setup, Install, Enroll, Activate DUO Mobile.
What if I don’t have a mobile device?
If you don’t have a smartphone, there are several alternative authentication methods available:
Supported Methods:
- Biometric login (Face ID, Touch ID, Windows Hello, Android Biometrics)
- WebAuthn FIDO2 security keys
- YubiKey-generated passcodes
- Hardware token codes
Hardware Token Option:
If you’re unable to use a mobile device, employees can request a hardware token by contacting the IT Service Desk.
- The first token will be provided by the university at no cost to you.
- If the token is lost, or if you would like an additional one, you will need to purchase the replacement.
- Note: This option is for employees only. Students will have to acquire a hardware token themselves.
Temporary Solution:
If you’ve forgotten your device or are temporarily unable to use it, the IT Service Desk can issue a bypass code to allow short-term access.
Contact the IT Service Desk at (208) 496-1411 or use the Chat option at byui.edu/help
Can I use a security key with Duo?
Yes! You can use a DUO-compatible security key or hardware token.
- Hardware tokens can be requested from the IT Service Desk free of charge. If lost or misplaced, you will be responsible for replacing it.
- Tokens generate one-time passcodes and are valid as long as 2FA is required at BYU-Idaho.
See our guide: Security Keys and Duo
Will I need to authenticate in classrooms or offices?
Yes. Starting June 25, 2025, 2FA will be required when accessing BYU-Idaho resources including:
- Classroom teaching stations
- Computer labs
- Office workstations
- Any device using SSO (Canvas, BYUI Portal, Workday, etc.)
Be sure to bring your phone or security key with you to work or class.
How can I avoid phone disruptions during class?
Since your phone will be needed for authentication, we recommend silencing your device or enabling Do Not Disturb before class or meetings.
How to Silence Your Phone or Enable Do Not Disturb
This will help avoid unnecessary disruptions during teaching or learning.
What should I do if I get an 2FA request I didn’t initiate?
If you receive a Duo prompt that you didn't request:
- Deny the request immediately.
- Contact the IT Service Desk to report the incident to the Security Operations Center.
- Go to https://account.churchofjesuschrist.org/recovery and reset your Church password.
This may indicate an attempted unauthorized login.
Need Help?
📞 Call: (208) 496-9009
💬 Chat: Visit byui.edu/help and use the chat bubble
Hours of Operation:
Monday–Friday: 7:30 AM – 8:00 PM
Saturday: 10:00 AM – 4:00 PM (Mountain Time)
Closed during weekly devotional, forum hour, and university holidays