Duo Multi-Factor Authentication FAQ
What is multi-factor authentication?
Multi-factor authentication (MFA) requires you to verify your identity using one or more factors in addition to username+password, such as your phone or other mobile device. This process prevents anyone but you from logging in, even if they know your password.
What vendor are we using for MFA?
Duo is the company chosen by W&L to implement MFA. This video helps illustrate how the process will work.
Why are we implementing this?
Multi-factor authentication will add an additional layer of security to the W&L login. Passwords are increasingly easy to compromise. They can often be stolen, guessed, or hacked - you might not even know someone is accessing your account. Multi-factor authentication helps keep your account secure even if your password is compromised.
Higher education institutions and businesses are increasingly adopting multi-factor authentication as part of a broad strategy to protect institutional data and resources. W&L's strategy includes tools and processes, such as threat-detection software, that operate in the background. Others such as password-complexity requirements and MFA affect the way you access W&L resources.
What is the timeline for implementation?
Testing and opt-in
ITS will conduct internal tests to determine the best method for deploying MFA. Once this method has been tested and refined, members of the W&L community will be provided with instructions and invited to begin using MFA at their own pace. Following this "opt-in" period, deadlines will be announced for departments to initiate use of MFA.
Email, then other applications
W&L email will be the first application to be integrated with MFA. Other applications that use the W&L username and password will be added later. Throughout the deployment, ITS will seek to minimize disruption to W&L routines and workflows, while gradually introducing the security enhancements provided by multi-factor authentication.
We strongly recommend you choose your smartphone or tablet - these provide the best experience with Duo multi-factor authentication.
- Install the Duo Mobile app on your smartphone, smart watch or tablet. The app provides two options: push notifications or Mobile Passcode.
If you don't have a smartphone, these are other options you can choose for a second factor. It's also prudent to choose one of these options as a back-up, in case your preferred device is not available when prompted.
- USB security key. (ITS recommends the YubiKey 5 series here: https://www.yubico.com/store/ which may soon be stocked in the University Store)
- Office (landline) phone. With this option, access is limited to your office.
The Information Desk (540-458-4357 or firstname.lastname@example.org) can provide assistance in choosing the best and lowest-cost option for you.
What do I need to do to prepare for Duo two-factor?
Duo works best when you use one of these methods to access email:
- Windows OS: Office 2016, 2019 or Office 365. ProPlus can be used to access email.
- Mac OS: Outlook 2016, 2019 for Mac, Office 365 (requires Mac OS 10.11 or above). Mac Mail requires OS 10.14 or higher
- iPhone and iPad: Outlook app (requires iOS 11 or above) or the iOS native mail app (only iOS 11 or above). ITS recommends using the Outlook App.
- Android OS (Samsung, Moto, Pixel and similar) : Outlook app (requires Android 6 or above) or the included mail app on Android 9 or above.
How do I get started (opt in)?
- Watch this 35 second video: https://guide.duo.com/enrollment
- Before you get started, choose which device(s) you'll use for your second factor
- Enroll yourself, and follow the other prompts
How can I minimize prompts for a second factor?
Typically, for Office365 email if you check the Duo box to "remember me" you will be prompted to log in every 14 days on your primary computer and web browser. Be sure to check the "Remember me for 14 days" box during the log in process.
Some circumstances may require you to log in more often, including: you clear your browsing history; you access certain websites; you use certain browser settings; you use more than one device and web browser.
What if I forget or lose my two-factor device?
- You can enroll multiple devices/options as a second factor, for example your primary second factor is your smart phone, and your secondary is your desk phone or a hardware key/token.
- To restore Duo Mobile on a new device or phone, visit: https://duoselfservice.wlu.edu
- Contact the Information Desk (540-458-4357) to request a temporary bypass code to log in. The Information Desk Can also assist you in enrolling a new device for MFA.
Why does Duo Mobile need access to my device camera?
Duo Mobile uses your device camera during enrollment to scan a QR code.
Why does Duo Mobile suggest to use Google Drive to back-up my account?
You do not have to configure Duo Mobile to backup it's settings to Google Drive. However, Duo Mobile allows users with a Google Drive account to back-up their Duo Mobile configuration for future recovery purposes should you replace your phone for any reason.
What happens if I use Apple iCloud?
Due to how apps are automatically backed up in iOS, the backup functionality of Do Restore is always on for iOS users who have iCloud enabled and they will not see a notification indicating their information is being backed up. However, whether an account can be restored depends upon Duo Restore being enabled by the administrator in the Duo Admin Panel or whether you've set a recovery password for reconnecting third-party accounts.
What should I do if I don't get a notification I'm expecting?
Open the Duo apllication and the push should be there waiting. If it still doesn't appear right away, you can "drag" the duo screen down to force a refresh and the prompt should appear as expected. Also check "Notifications" on your phone to make sure you are allowing Duo to notify you.
What do I do if I get a random Duo Push when I am not trying to log in?
- If you get a random Duo Push, please use the deny button to reject the Duo multi-factor authentication.