How Duo Two-Step Login works

Duo’s Two-Step Login requires you to use a secondary device such as a phone, tablet, PIN generator, or USB hardware key (yubikey) to verify your identity when you login to systems with access to sensitive information. This protects your account in the event your password is lost or stolen and ensures that only authorized individuals can login and access sensitive information.

Getting started

You must register a device to use two-factor. You can choose:

  • Smartphone

  • Tablet

  • Mobile phone

  • Landline

  • PIN generator—See IT for more information

  • USB hardware key

After registration, you will be prompted to verify your identity when you login to systems that are protected by Duo (such as the VPN or Banweb Self Service).

Visit the Two Step web page to learn more and register a device. We recommend Duo's smartphone app since it's easy to use and has a built-in security code generator so you can login even if you don't have cell service or WiFi at the time. You can also register a second device as a backup in case your phone is lost, stolen, or broken. Faculty and staff are encouraged to register their office phones.

The first time you log into a Duo protected service, you will be required to verify your identity from your chosen device. After this, you can choose the "Remember Me" option. This allows the device be trusted for a predetermined amount of time (30 days for Banweb) so you don't have to verify your identity every time you login.

Duo's installation guide contains more detailed instructions.

Verification options

Duo can verify your identity in the following ways. Choose the one that works best for you.

  • Duo Mobile push notifications—Press a button on your smartphone via the Duo Mobile app (recommended). A push notification is sent to your phone; you then review the request and tap “Approve” to authenticate. You must have Internet or cellular service for this option.

  • Duo Mobile passcode—Launch the Duo mobile app to generate an authentication code. You do not need Internet or cellular service for this option.

  • SMS text message—You will receive an authentication code by text message.

  • Phone call—You will receive an automated phone call and be prompted to press a key on your phone to authenticate.

  • Press a button on a U2F token such as a Yubikey (requires USB port).

  • Use a token generator to generate a security code (good option for those without a phone).

Frequently Asked Questions

Can I opt out of Duo’s two factor?
Duo is required for all Michigan Tech employees as of January 10, 2018. Starting October 17, 2018, all students will need to use Duo’s Two-Step Login when accessing Banweb, MyMichiganTech, or the VPN.
Visit the Technical Assistance Center (TAC) located in the Van Pelt Library to get a temporary code. We recommend registering multiple devices for this reason. You can add or remove devices on the Two-Step Registration Page.
What should I do if I’m traveling, don’t have a phone, or don’t have cell or internet service?
The Duo app, USB key, and PIN generator all work offline.
What if my device is broken, lost, or stolen?
Visit the TAC to get a temporary code. We recommend registering multiple devices for this reason. You can add or remove devices from Two-Step Registration Page.
What should I do if I’m traveling, don’t have a phone, or don’t have cell or internet service?
The Duo app, USB key, and PIN generator all work offline.
 
How do I reactivate the Duo Mobile App?
Follow the below link and navigate to the "Reactivate Duo Mobile" section.
https://guide.duo.com/manage-devices
Was this helpful?
0 reviews

Details

Article ID: 51575
Created
Thu 4/5/18 10:52 AM
Modified
Fri 5/10/19 1:12 PM