Harvard University and Harvard Medical School use two-factor authentication (2FA) through the Duo Mobile app to enhance security.
Refer to this article if you have previously set up Duo Mobile but must install it on a new mobile phone.
Note – These instructions assume that you have a computer and smart phone capable of running Duo Mobile and that both devices have a working internet connection.
1 – Open the Duo Security Page
From your computer, open a web browser and navigate to the myHMS Portal Homepage at my.hms.harvard.edu.
Sign in with your HMS Account ID and password (formerly called eCommons ID). You will be prompted to protect your account with two-factor authentication—select Start setup.
If you do not see the Start setup message, you may have configured two-factor authentication in the past. Contact the HMS IT Service Desk at 617-432-2000 or itservicedesk@hms.harvard.edu for assistance. Given the security requirements, a phone call may be more straightforward.
2 – Choose your device type (mobile phone strongly recommended)
If you select Tablet or Security Key, skip the rest of this article and follow the on-screen prompts.
3 – Enter your phone number (if Mobile phone or Landline was selected)
If the phone number has been used at Harvard Medical School before, you may be prompted to verify ownership of the number via a text message or phone call.
4 – Select the type of mobile phone
Note – If you are using an older version of iPhone or Android that is not compatible with the Duo app, select Other as your phone type to use SMS text instead of the app. Compatible operating system versions for the app are listed on Duo's help pages: Compatible iOS versions | Compatible Android versions. If you are using an incompatible phone that cannot use the Duo Mobile app, skip the next steps relating to Duo Mobile and follow the on-screen prompts.
5 – Install the Duo Mobile app
The next few steps will switch back and forth between your computer and your mobile phone with the Duo Mobile app.
Now switch to your mobile phone. You may already have Duo Mobile installed for use with HarvardKey. If not, visit your phone's app store—either the Apple App Store or Google Play Store—to download and install Duo Mobile. Do not confuse this with Google Duo; Duo Mobile's icon is green and looks like this:
After installing Duo Mobile, go back to your computer and click I have Duo Mobile installed. A QR (quick response barcode) will appear on the computer screen. You will need this in the next step.
6 – Configure the Duo Mobile app for use at HMS
Back on your mobile phone, open the Duo Mobile app. If prompted, grant the app access to your camera. If necessary, tap the + button to add an account. Scan the QR code on the computer screen for a few seconds. Duo Mobile will add Harvard Medical School as an account. Follow the prompts to customize if desired.
Note – if your phone's camera does not work, select Email me an activation link instead, open the email on your mobile phone, and tap the link. You will be prompted to open the link with the Duo Mobile app to activate.
7 – Optional: Add more 2FA devices and/or change the settings when signing in
On the computer, on the Duo Mobile My Setting & Devices page, you may select Add another device to add a second (or more) device for two-factor authentication. Having a backup authentication method can be helpful in situations like losing your mobile phone.
At the bottom of the settings, you may also select the Default Device (if you have multiple devices configured with Duo Mobile) and change what happens When I log in. Options include...
- Ask me to choose an authentication method
- Automatically send this device a Duo Push
- Automatically call this device
8 – Sign in to test
On the computer, select Continue to Login to test Duo Mobile. Select Send Me a Push.
Note – The Remember me for 30 days option works on a per-browser basis and requires third-party cookies.