Two-factor authentication (2FA)

You can add both your HMS and HarvardKey accounts to the same Okta Verify app on your mobile device or desktop. However, each account must be configured independently:

• Set up Okta Verify for your HMS account
• Set up Okta Verify for HarvardKey

Okta Verify enhances login security while improving convenience:

• Push approval – Tap "Approve" in the app instead of entering a code.
• FastPass – Skip passwords by using biometrics or a PIN on trusted devices.
• Multiple accounts – Manage HarvardKey and HMS accounts in one app.

This new system simplifies logins while maintaining strong protection for your data.

Supported verification options include:

• Push notifications – Approve a prompt on your mobile device.
• Numeric passcodes – Enter a one-time code from the app.
• Biometric login – Use fingerprint, Face ID, or PIN with Okta FastPass for passwordless sign-ins.

Two-factor authentication (2FA) protects your account by requiring both your password and a second form of verification. This second step could involve tapping a prompt on your phone, entering a temporary code, or using biometric data like a fingerprint or facial recognition.

Using 2FA helps safeguard your HMS credentials from threats like phishing, password theft, and malware. It’s required to protect access to email, VPN, Microsoft 365 apps, and more — and ensures compliance with HMS and Harvard University security policies.

HMS supports two main 2FA tools:

• Okta Verify is the primary method, offering push notifications, numeric codes, and optional FastPass biometric login.
• Duo Mobile is a legacy option that also provides push alerts and passcodes but is being phased out in favor of Okta Verify.