Security Access to LionPATH

Prior to logging into the LionPATH system, new users will need to enroll in the Penn State Two-Factor Authentication (2FA) service with Duo Security.

If you already use a legacy form of second-factor authentication (such as the RSA or Vasco tokens), you will continue to use these devices to authenticate to services such as ISIS, IBIS, and services enforcing the use of the legacy devices.

However, these tokens will NOT work with LionPATH. When logging into LionPATH or other services in the future that are protected by the Duo Security service, you will be prompted to authenticate with your Access Account user ID/password, and the 2FA service using one of your registered devices.

How do I register a device?

The 2FA service provides flexibility for you to authenticate to the service with any of the second factor options available with the 2FA service (smartphone, non-smartphone, landline phone, along with a hardware token). If you choose to register your smartphone, there is the added feature of authenticating using the mobile app. For people who choose to authenticate using hardware token devices, departments will be responsible for purchasing the Gemalto D-100 hardware tokens. Tokens are available for purchase through Software at Penn State.

We recommend that you enroll more than one device just in case there is a problem with your only enrolled device. For instance, if you have both a smartphone and office phone enrolled, then you can still authenticate from your office if you accidentally leave your smartphone at home.

What happens if I lock myself out of Duo?

If you find that you have locked yourself out of Duo, you may call the IT Service Desk at 814-865-HELP (4357).

Full information regarding Duo is available at:

Even if you will be using LionPATH in a future release, we encourage you to enroll now. To enroll, visit