Service Summary

Mason uses Duo Security to deliver Two-Factor Authentication (2FA) when using applications protected by Mason's Central Authentication Service (CAS) and Shibboleth (Blackboard does NOT require 2FA at this time), and the Cisco AnyConnect VPN. This second layer of protection makes your personal information and Mason’s information less vulnerable.

At this time, 2FA is required for all Mason employees (faculty, staff, and student workers) but is optional for students.

Key Features

2FA uses two factors to verify you are who you say you are. 2FA makes your personal information less vulnerable and helps prevent anyone but you from accessing your accounts, even if they know your Patriot Pass Password.

  • The first factor (something you know) is the verification of the Mason NetID and Patriot Pass Password, and
  • The second factor (something you have) is generally a smartphone, but other options are available

Getting This Service

Getting Started Checklist

Select which phone number you will use during your initial 2FA enrollment and follow the instructions:

Once enrolled, to log in to CAS/Shibboleth or the VPN, Mason employees will enter their NetID and Patriot Pass password (first factor) and confirm their identity using a physical device (second factor). The physical device may be a smartphone, tablet, bypass code, or Yubikey (See the List of Authentication Options).


This service is available 24/7, excluding planned outages, normal maintenance windows, and unavoidable events. Maintenance windows are Sundays from 7 to 11 a.m. but may be extended to 2 p.m., if needed. If maintenance is required outside of these hours, it will be announced on the Alerts & Bulletins page.

Additional Information

Universities are attractive targets for cybercriminals due to the large amounts of information that they want, including your personal and banking data. Passwords alone no longer serve as enough protection and, if compromised, could result in your information getting into the wrong hands.

Mason's goal is to provide security beyond your password. Increasing usage of 2FA is the latest step in a series of projects ITS is doing to protect Mason employees against phishing scams and related cyber vulnerabilities. Previous steps included:

  • Introducing required security questions to access sensitive information within Patriot Web
  • Updating Mason's Virtual Private Network (VPN) client to improve functionality and usability
  • Requiring use of Mason's VPN when off-campus and on wireless networks to access highly sensitive applications for increased comprehensive protection
  • Requiring use of 2FA when using the Cisco AnyConnect VPN for an added layer of protection
  • Upgrading Central Authentication Service (CAS)-which Mason uses for authenticating individuals for a variety of websites and implementing 2FA to the
  • CAS login process to reduce the impact of compromised credentials
  • Retiring Patriot Web security questions and implementing CAS with 2FA for Patriot Web and other Banner-related applications