Virginia Tech® home

2-Factor Authentication Information

July 2025 - 2 Factor Authentication is Changing

Starting August 4, 2025, Virginia Tech will enhance 2-Factor Authentication (2FA) by requiring a 3-digit code. Phone and SMS options will be removed in the coming months. Don’t wait—begin transitioning now to avoid disruption.

Need a refresher? What is 2FA?

Why is this Changing?

To improve security. The new process asks you to type in a 3-digit code. It's much harder to accidentally approve someone else trying to log in as you.

Preparing for the Change

Set up 2-Factor Authentication at https://accounts.it.vt.edu

Print One Time Passcodes

(Do this before August 4)
If you ever lose access to your phone, these codes may be the only way you can log in without calling support. 

  • Visit https://accounts.it.vt.edu
  • Select 2-Factor in the menu.
  • Scroll to One Time Passcodes and click Generate Passcodes.
  • Click Generate.
  • Save these codes somewhere you can access if you can't use your phone: a secure password manager, a non-VT email account, or printed and stored safely. Imagine the worst-case scenario: You have a presentation in 10 minutes and your phone doesn’t work. Where could you access the codes? Put them there.

Install the Duo App before the change

If you currently use phone call or text verification you will need to install and configure the Duo App (or other solution) before the changeover starting August 4 to avoid last-minute issues and potential confusion  

Not Receiving a Duo Push?
Open the Duo app and hit the refresh icon (circular arrow). This may resolve push delivery issues.

Options Being Removed:

In the near future, phone (call) and SMS (text) verification will no longer be accepted. An authentication app or device will be required. Start preparing now to avoid disruption.

How Enhanced Login Will Work

(Starting August 4th)

Moving forward, Duo login will work as follows:

When logging into a VT service, after entering your username and password, you’ll see a 3-digit code. You must enter this code into your Duo app.  
 

Computer screenshot of Duo showing the code to enter on your other device.

On your phone, enter the number:

Phone Screenshot of Duo screen with VT logo, asking you to enter a 3 digit code.

Once entered correctly, you will be logged in.

Don’t want to use Duo App?

You still have a few options: Software Tokens and Hardware Tokens.

Duo App Alternative: Add a Software Token  

If you do not wish to use the Duo App, you can use a number of other Authenticator apps:

  • Google Authenticator
  • Apple Passwords on iOS
  • OATH ToolKit
  • Etc.

How to Add a Software Token:

  • Go to https://accounts.it.vt.edu/user/yourusername  (You must replace "yourusername" with your actual VT username)
  • Select 2-Factor in the menu
  • Scroll down to: Screenshot of token Selection Screen options. You'll want to choose 'Enroll Software Token' (other options shown here are irrelevant)
  • Select Enroll Software Token
  • Following the instructions on the page, scan the QR code with your chosen authenticator app: Screenshot of the Enroll Software Token page,  specifically focused on showing that you need to have TOTP selected and that a QR code is there to read and verify.
  • Be sure to click Verify token, and enter the number shown in your app. This confirms that it's working.
  • When testing it out: Computer screenshot of Duo showing the code to enter on your other device.
  • Click Other Options.
  • Click Hardware Token – Enter a code from your hardware token on the duo login screen.Window showing Other options to log in, such as duo push, mobile passcode, hardware token, bypass code, and manage devices
  • Enter the number from your Authenticator app in the Passcode field.Screenshot of 'Enter your passcode' screen on primary device. Has a text entry field to put the code in, a Verify Button, and an Other Options choice.

Duo App Alternative: Use a Hardware Token

(Such as YubiKey)

This option is not as widely used. However, if you still use a hardware token, contact your IT team or visit these pages:

Refresher Information:

What is 2-Factor Authentication?

Virginia Tech requires all students and faculty to use 2-Factor Authentication (2FA) for web services.

2FA means you need two things (factors) to log in:

  1. Something you know (like a password)
  2. Something you have (like a smartphone)

This is more secure because even if someone steals your password, they’d still need your phone, or vice versa.

Virginia Tech uses Duo 2FA as part of its Single Sign-On (SSO) service, allowing users to authenticate via a code or a “push” notification through the Duo mobile app.

What is ENHANCED 2-Factor Authentication?

At Virginia Tech, Enhanced 2FA means when a login request is sent to your Duo app, you’ll be prompted to enter a 3-digit code displayed on the device you’re logging in from. This ensures you don’t accidentally approve a fraudulent attempt.

  • When you log in, the device you're logging in from will display a 3-digit code. You’ll need to enter that code on your phone.
  • If someone else tries to log in as you, they'll see a code, but you won't. Without seeing the correct number, you can’t approve the request. 
  • It’s quick and painless, and it protects you from accidentally letting someone else into your account.