Posted November 1, 2019 by Academic and Institutional Technology
Tags: Department News
Introducing Duo: Two-Factor Authentication
For the past year all faculty and staff have been using a Multi-Factor Authentication (MFA), or "Two-Step Login" solution from Microsoft to help protect our College data. We are pleased to announce that we will soon be rolling out a new system for this process.
Duo Two-Factor Authentication will be deployed early next year. In order to prepare for that transition, you’ll need to take a few minutes to enroll in Duo. We will be sending out emails to tell you about the action steps you’ll need to take to enroll. It is a quick and simple process and we think you’ll be pleased with how user-friendly Duo is!
Proposed Time Line:
November 14, 2019 Enrollment Period Begins
December 13, 2019 Enrollment Period Ends
January 7, 2020 Duo Security Enabled and Microsoft Two-Step Login Retired
(Dates Subject to Change)
Below are some of the frequently asked questions regarding the Duo system.
Frequently Asked Questions
Why are we switching to Duo?
Microsoft MFA can only protect a few of our systems. Duo will be able to protect much more of our sensitive data. Duo Push will make it easier for you to help keep college data safe.
Two-factor authentication sounds scary. Why do we have to use it?
We’re already using two-factor authentication here at Wheaton College. This new system will be very similar to what you are already using, but it should be even simpler! Yes, using two-factor authentication may take an extra few seconds, but Duo makes this easy by sending a notification to your phone that you just tap to approve. It greatly increases the security of sensitive college data that could cost the college millions if it were leaked. The vast majority of security breaches could be prevented by having two-factor authentication in place. Therefore, we will protecting more of our systems with Duo in the coming months.
What is Duo Mobile?
Duo Mobile is a mobile application (app) that you install on your smartphone or tablet to generate passcodes for login or to receive push notifications for easy, one-tap authentication on your mobile device. It works with Duo Security’s two-factor authentication (2FA) service to make your logins more secure.
Do I need a smartphone or data plan to use two-factor authentication?
No. Having a smartphone makes for an easier and more secure experience with Duo Push. However, it is also possible to enroll a non-smartphone mobile device or landline to receive SMS passcodes or phone calls.
What if I don’t want to use my cell phone?
No problem! The Duo Mobile app is the fastest way to authenticate and will be the best choice for most people, but there are many other options, including sending notifications to your office phone. Contact the AIT Service Desk to determine which one is right for you.
What do I do if I left my cell phone at home?
Contact the AIT Service Desk and they will be able to help you access your data, as needed, for the day.
What should I do if I lost my phone?
Please contact the AIT Service Desk immediately at 630-752-4357 or email@example.com.
What is the recommended two-factor authentication method?
If you have a smartphone or tablet, we recommend Duo Push, as it is quick, easy-to-use, and secure. You could have Duo call you or send you a passcode via text message, but the Duo Push is certainly the best option. See an introduction to Duo Security and a demonstration of Duo Push in this short video: https://www.youtube.com/watch?v=_T_sJXnSM98
How much data does a Duo Push request use?
Duo Push authentication requests require a minimal amount of data -- less than 2KB per authentication. For example, you would have to authenticate over 500 times in a 30-day period to consume a full megabyte of data. Also, Duo uses no data when you are connected to WiFi.
Can Duo see my password?
No. Your password is only verified by your organization and is never sent to Duo. Duo provides only the second factor, using your enrolled device to verify it’s actually you who is logging in.
Does using Duo give up control of my smartphone?
No. The Duo Mobile app has no access to change settings or remotely wipe your phone. The visibility Duo Mobile requires is to verify the security of your device, such as OS version, device encryption status, screen lock, etc. We use this to help recommend security improvements to your device. You always are in control of whether or not you take action on these recommendations.
Does Duo work in other countries? If I’m traveling outside of the US, do I need Duo?
Please contact the AIT Service Desk before you go on a trip. We’ll be able to work with you to show you how to use the Duo Mobile Passcode on your cell phone to authenticate so you can still access and protect your data abroad.
How can I authenticate if I’m somewhere with no cell signal or WiFi access?
It’s easy! Just use the passcode in the Duo Mobile app. You can do this when on an airplane, or in a place with unreliable cell service. See this Duo Knowledge Base article for information on authenticating without cell or internet service: https://help.duo.com/s/article/4449
Why have I stopped receiving push notifications from Duo Mobile?
There are several reasons this could be happening. If you can't get a Duo Push, whatever the reason, just enter the 6-digit passcode in the Duo Mobile app. If the problem persists, please try the following to troubleshoot:
- Make sure your enrolled device has a cellular network or WiFi connection.
- Although it shouldn’t be necessary, try to have the Duo Mobile app open when you authenticate.
- Try these additional push troubleshooting steps:
- iPhone: https://help.duo.com/s/article/2051
- Android: https://help.duo.com/s/article/2050
How can I manage the devices I use for Duo?
Choose the “My Settings & Devices” link (the self-service portal) at the Duo Prompt and you may:
- Add additional devices
- Designate your “default” device that receives authentication requests in addition to your preferred authentication method
- Deactivate Duo Mobile if you got a new phone but kept your number
- Change the name of your device (ex. “Personal Cell” or “Work Phone”)
- Remove a device
If you have any questions or concerns, please contact Academic and Institutional Technology at 630.752.4357 (HELP) or by email at firstname.lastname@example.org.