Two-factor authentication (2FA) adds a second layer of security to your online accounts. Verifying your identity using a second factor (like your phone, token, bypass code, or another mobile device) prevents anyone but you from logging in, even if they know your password.

How does it work?

2FA works by combining two factors to authenticate: Something You Know + Something You Have = Authentication

Something you know: In our case, this is your App State username and password combination.

Something you have: This is the 2nd factor, and it can take one of several forms:

  • the Verified DUO push on your smartphone (recommended),
  • your office phone or a landline,
  • a handy hardware token (also called a key or fob)
  • a text or phone call to your mobile device.

When both factors have been entered, you are granted access to the system.

No smartphone? Your second factor can also be a phone call to any mobile phone or landline, or you can request a Duo token from IT Support Services. The token simply displays a code for you to enter when prompted on-screen. Duo lets you link multiple devices to your account, so you always have options for the second factor of authentication.

When Will I Use Duo?

Duo is currently required for any service that uses the sign-on windows pictured below. Google Apps, AsULearn, YoMart, and Drupal are just a few examples. You will not have to use Duo when logging on to your office or a classroom computer.


Universal App State sign-in page for all users.Banner Sign in page for administration purposes.

Why Do I Need This?

Passwords are increasingly easy to compromise. They can often be stolen, guessed, or hacked — you might not even know someone is accessing your account.

Two-factor authentication adds a second layer of security, keeping your account secure even if your password is compromised. With Verified Duo Push, you'll be alerted right away (on your phone) if someone is trying to log in as you.

This second factor of authentication is separate and independent from your username and password — Duo never sees your password.


Search Knowledge Base

Submit a Service Request