Harvard University and Harvard Medical School use two-factor authentication (2FA) through the Duo Mobile app to enhance security.
Refer to this article if you have previously set up Duo Mobile but must install it on a new mobile phone.
1 – Open the Duo Security Page
From your computer, open a web browser and navigate to the myHMS Portal Homepage at my.hms.harvard.edu.
Sign in with your HMS Account ID and password (formerly called eCommons ID). You will be prompted to protect your account with two-factor authentication—select Start Setup.
If you do not see the Start setup message, you may have configured two-factor authentication in the past. Contact the HMS IT Service Desk at 617-432-2000 or itservicedesk@hms.harvard.edu for assistance. Given the security requirements, a phone call may be more straightforward.
2 – Choose your device type (mobile phone strongly recommended)
If you select Tablet or Security Key, skip the rest of this article and follow the on-screen prompts.
3 – Enter your phone number (if Mobile phone or Landline was selected)
If the phone number has been used at Harvard Medical School before, you may be prompted to verify ownership of the number via a text message or phone call.
4 – Select the type of mobile phone
Note – If you are using an older version of iPhone or Android that is not compatible with the Duo app, select Other as your phone type to use SMS text instead of the app. Compatible operating system versions for the app are listed on Duo's help pages: Compatible iOS versions | Compatible Android versions
5 – Install the Duo Mobile app
Now switch to your mobile phone. You may already have Duo Mobile installed for use with HarvardKey. If not, visit your phone's app store—either the Apple App Store or Google Play Store—to download and install Duo Mobile. Do not confuse this with Google Duo; Duo Mobile's icon is green and looks like this:
After installing it, go back to your computer and select I have Duo Mobile installed.
6 – Configure the Duo Mobile app for use at HMS
On your mobile phone, open the Duo Mobile app. If prompted, grant the app access to your camera. If necessary, tap the + button and scan the QR code on the computer screen for a few seconds. Duo Mobile will add Harvard Medical School as an account. You can use the default account name.
Note – if your phone's camera doesn't work, select Email me an activation link instead, open the email on your mobile phone, and tap the link. You will be prompted to open the link with the Duo Mobile app to activate.
7 – Choose preference when signing in to HMS systems
Then select Continue to Login.
You may select Add another device to add a second device as a backup for two-factor authentication. Having a backup authentication method is helpful if your phone's battery runs out or you lose your phone.
8 – Login to test
Note – The Remember me for 30 days option works on a per-browser basis and requires third-party cookies.