CDD Vault offers a second (optional) secure layer of authentication, in addition to user name/password. If you'd like to enable it for your vault, please contact our support team at firstname.lastname@example.org
Once the second layer of user authentication is activated, every single Vault user is required to register a mobile device or telephone the first time they access CDD.
Users must complete the following steps in order to authenticate their mobile device or telephone:
- Log in using your secure CDD username and password.
- On your first log-in after second-factor activation, you will need to self-enroll with Duo. Follow the prompts from Duo to register your phone. Here are the step-by-step instructions from Duo.
- Once the number is verified, you can click continue.
When you log-in for the first time during the day, you will be shown the second-factor authentication screen. You can choose to only be prompted for the second factor once every 12 hours, or if you change locations/computers (your IP address changes). If you click this option, you will not need to authenticate again for the next 12 hours. You may, however, still need to enter your CDD username and password. If you do not check this box, you will be asked for a second factor authentication every time you log into CDD vault.
Missing Phone Incident Response Procedure
If a phone is stolen or lost, the user must:
1. Immediately notify email@example.com and cc the Vault administrator(s).
2. CDD will disable access.
3. Once a new phone is established, the user must confirm that the existing number is now tied to a new phone or they must submit a new number. The Vault Administrator(s) must be included on and must approve this request
4. Once approved, CDD will make the changes and will notify the user once their account is activated.