Duo two-factor authentication

Related pages

IT security

Two-factor authentication

Two-factor authentication (2FA) provides an additional layer of security when you log on to IT systems from any device (eg laptop, desktop, phone, tablet). It's commonly used for online services like banking.

First factor: entering your password - proof that you know the right credentials
Second factor: normally using a mobile app (but see further information below) - proof that you possess something

This ensures that even if someone has your password, they still won't have enough information to access your account.

Overview
Other authentication options
Help & troubleshooting FAQ
Our commitments
Your responsibilities
Privacy

Overview

Eligibility

All staff and students can register for Duo two-factor authentication.

Changed your phone?

If you change your phone you can use Duo Restore to recover access to your Duo account. Or reactivate the Duo Mobile app using your phone number.

How to register

You can register your mobile phone or tablet with the Duo SelfService Console yourself:

As part of the registration process you will be prompted to install the free Duo Mobile app. This is the simplest way to use Duo:

Android
- Some Huawei devices can't access the Google Play Store to download the Duo Mobile app so will need to use the SMS (text message) option.
iOS and watchOS (iPhone, iPad and Apple Watch)

If you're a member of staff who doesn't want to use your mobile device for Duo 2FA, or if you have accessibility requirements which make using the mobile app difficult, please contact the Library & IT Help Desk to discuss other options.

Using the Duo Mobile app

Log in to the system that you wish to use with your username and password
Tap to accept the confirmation that is sent to your mobile phone or tablet

The following video demonstrates using the Duo Mobile app to log in:

https://www.youtube.com/watch?v=JN0Hj0pKZ7U

See the Help & troubleshooting tab for further guidance on using the Duo Mobile app.

Other methods

Where the Duo Mobile app isn't appropriate, there are other options available:

SMS text message
Hard token (available to request if the Duo Mobile app or SMS text message isn't an option)

See the Other authentication options tab for more information on using these methods or contact the Library & IT Help Desk to discuss them further.

Other authentication options

SMS (text message)

You can use a mobile device without having to install an app. To receive codes by SMS text message:

Log in to the Duo SelfService Console
Follow the onscreen prompt to add a new device
When asked for the type of device select Mobile phone
Enter your phone number, and then when asked for the type of mobile phone select Other

Once registered you will be sent passcodes via SMS that can be typed into the system login screen during authentication.

You'll be sent a list of passcodes via SMS so you can receive these when in a signal area but still use them when in a bad signal area (or in aeroplane mode). Each code can only be used once. You should try and use each in order.

When authenticating to a secured web service, click in the passcode box on the Duo authentication screen and you'll see a hint about which code to use next. When you've used them all, or if you aren't sure which is next, select Text me new codes to get a new list.

This short video shows how to authenticate with SMS.

The University will never charge for using the SMS option but your mobile provider's standard charges will apply - for example, if you are roaming and receiving SMS messages attracts a charge.

You will need to use SMS if you have a Huawei mobile phone as these are unable to access Google play to download the app.

Hard token/security key

These are available to request if the Duo Mobile app or SMS text message isn't an option for you.

If you are unable to use your work or personal mobile device to authenticate to protected systems, you can request a hard token/security key. We have two types:

Security key: This is a small USB device that you connect to your computer. You tap the gold contact during the login process to authenticate. Unlike the Duo hard token, the security keys also work with Google two-factor authentication.
Duo hard token: This small keyring displays a number on the LCD display (see instructions below) which is typed into the passcode box during login.

To request a hard token/security key, please email itsupport@york.ac.uk.

To authenticate using a security key:

click the Enter a Passcode button
connect your security key to your computer and press the gold contact to automatically generate and enter a new passcode.

To authenticate using a Duo hard token:

click the Enter a Passcode button
press the button on your hard token to generate a new passcode
type the passcode into the box and click Log In.

This short video shows hard tokens being used.

Tokens can get out of sync if the button is pressed too many times in a row and the generated passcodes aren't used for login. Contact the Library & IT Help Desk if you suspect that has happened.

Help & troubleshooting FAQ

Frequently Asked Questions

Please check the FAQs below if you have any questions about using the Duo 2FA service. More detailed information including step by step instructions can be found in our Duo 2FA user guide (PDF , 2,178kb).

If you need further help, get in touch with the Library & IT Help Desk.

Can my mobile device use the Duo Mobile app?

The Duo Mobile app is available on modern versions of iOS (iPhone and iPad), watchOS (for Apple Watch) and Android.

Using Duo Mobile on Android
- Some Huawei devices can't access the Google Play Store to download the Duo Mobile app so will need to use the SMS (text message) option.
Using Duo Mobile on iOS (iPhone and iPad)
Using Duo Mobile on Apple Watch

If you do not have a device capable of running the Duo Mobile app, you can use one of the other authentication methods.

I have changed my phone. How do I use the Duo Mobile app again?

You can turn on Duo Restore to make recovering your Duo access easier:
- Duo Restore for Android
- Duo Restore for iOS/iPadOS
If you have the same mobile phone number use the SMS text message option to log in to the Duo SelfService Console. Once you are logged in you can click 'Device Options' and then 'Reactivate Duo Mobile'. Step be step instructions can be found in section 4.1 of our Duo 2FA user guide (PDF , 2,178kb).

I have deleted/reinstalled the Duo Mobile app. How can I get it working again?

You can turn on Duo Restore to make recovering your Duo access easier:
- Duo Restore for Android
- Duo Restore for iOS/iPadOS
If you have the same mobile phone number use the SMS text message option to log in to the Duo SelfService Console. Once you are logged in you can click 'Device Options' and then 'Reactivate Duo Mobile'. Step be step instructions can be found in section 5.2 of our Duo 2FA user guide (PDF , 2,178kb).

What should I do if I lose my mobile phone?

Please contact the Library & IT Help Desk as soon as possible.

I have the app but no longer receive push notifications

Open the app and click the green request to approve.

If you don’t see anything to approve follow the instructions on section 5.3 of our Duo 2FA user guide (PDF , 2,178kb).

If you are on campus, push notifications will not work if you are connected to the UoY network. Please connect to eduroam (the University wifi) or use 4G.

How do I use Duo when abroad or in an area where I can’t get any data or phone signal?

The Duo Mobile app, once enrolled and in use, can be used to generate temporary codes without requiring either data (wifi/4G) or mobile phone signal.

More information can be found in sections 3.5 and 3.6 of our Duo 2FA user guide (PDF , 2,178kb).

Can I register and use more than one device?

Yes, you can enrol multiple devices (eg a phone and a tablet) by going to the Duo SelfService Console.

Once you have authenticated, you will see an option to add a new device. If you have multiple devices registered you’ll be asked to select which one you want to send push notifications and SMS text messages to.

More information can be found in section 2.7 of our Duo 2FA user guide (PDF , 2,178kb).

How do I register the App without giving my phone number, or when my device doesn’t connect to the mobile phone network?

You can register any compatible Android or Apple mobile device that has the Duo Mobile app installed. This includes devices that don’t have a phone number. You can register mobile phones in this way too if you would prefer not to provide a phone number.

Once logged into the Duo SelfService Console click “add a new device” and select the “tablet” option.

More information can be found in section 2.3 of our Duo 2FA user guide (PDF , 2,178kb).

How do I use the codes from SMS text message (or a hard token) or bypass codes?

You can get codes from SMS text messages, the Duo Mobile app and the hard token. Temporary bypass codes can be provided by the IT Support team. All these codes are entered into the box labelled “passcode”.

For systems with a simple text box, such as the virtual desktop service, you enter the code directly.

More information can be found in sections 3.2 and 3.3 of our Duo 2FA user guide (PDF , 2,178kb).

How can I test my phone, hard token or security key?

You can test that your Duo device is working at any time by logging into any protected system. If you perform a Duo authentication and get to the resource you expect everything is working. You can also perform this test on the Duo SelfService Console.

More information can be found in section 2.6 of our Duo 2FA user guide (PDF , 2,178kb).

How do I register my laptop with Duo; the only options are tablet or mobile phone?

The device that you use to authenticate with the Duo system is not necessarily the device you are using to access the system. So you might be on a desktop PC logging onto a protected website. You would authenticate using your mobile phone. It might be that coincidentally you log onto a system using the mobile device you have registered for Duo. However, you only need to register one mobile device but can log onto systems on any computer.

More information can be found in section 1.3 of our Duo 2FA user guide (PDF , 2,178kb).

What if I am unable to use the authentication methods available to me?

Please contact the Library & IT Help Desk and we will find a method that suits you. You will not be locked out of systems because you are unable to use the primary Duo methods.

Our commitments

Service status	Live and supported service.
Hours of service	24/7
Service support	For help and support with this service, contact the Library & IT Help Desk.
Hours of support	Help from the Library & IT Help Desk is available 9am to 5pm, Monday to Friday.
Target availability	General IT Services targets: Information Services Service Standards
Our performance	Our service standards have been produced in consultation with our customers, and monitor the quality, timeliness and access to facilities and services: Information Services Service Standards
Complaints procedure	If you wish to give us general feedback on this service, please see our Feedback page for ways to get in touch. If you wish to make a complaint, please see our complaints procedure.

Your responsibilities

We expect you:

to register for the Duo 2FA service
carry or have access to your registered second factor device (eg your mobile or key token) at all times when you may need to log onto a protected system
maintain the security of the service by not allowing anyone else to authenticate using their second factor device
contact the Library & IT Help Desk promptly if you lose your second factor device.

Privacy

Please note:

to use the Duo Mobile app you do not need to provide a phone number
to use the SMS option you do not have to install the Duo Mobile app onto your phone
when using the SMS option no information is transmitted from your phone to Duo
when using the Duo Mobile app option no information other than your phone number (if provided), phone model, phone operating system version and Duo Mobile software version is transmitted by the app.

See the Duo Mobile Privacy Information for further details.