Duo two-factor authentication
Duo two-factor authentication (2FA) provides an additional layer of security when you log in to many University services.
- First factor: entering your password - proof that you know the right credentials.
- Second factor: is a device you have with you - usually the Duo Mobile app running on your phone which then receives a confirmation prompt or code - proof that you possess something.
This ensures that even if someone has your password, they still won't have enough information to access your account.
Key features
- We recommend using the free Duo Mobile app (available on the Apple App Store and Google Play), as it's the simplest way to use Duo.
- The Duo Mobile app can still be used if your phone has no signal.
- Duo will work in most countries outside of the UK.
- Other authentication options are available if your phone doesn’t support the Duo Mobile app.
Access instructions
Use the Duo SelfService Console to:
- Add and manage your Duo devices yourself.
- Restore access to your account when you change your phone.
After you’ve added at least one device, you can use Duo to log in to University services.
Open the Duo SelfService Console
- Log in with your York username and password. Duo two-factor authentication is required.
- There are some limitations to using this service in sanctioned countries.
Additional information
Other authentication options
Authentication without the mobile app
You can use Duo without needing to install the Duo Mobile app.
Text message passcodes
Register your mobile phone number and you can receive passcodes via text message instead.
The University will never charge for using the text message passcodes option but your mobile provider's standard charges will apply - for example, if you are roaming and receiving text messages you may attract a charge.
If you have an Android phone and are unable to download the Duo Mobile app on the Google Play Store, you will need to use text message passcodes instead.
YubiKey security key
If you're unable to use your work or personal mobile device for Duo, you can request a YubiKey security key.
This is a small USB device that you connect to your computer. You tap the gold contact during the login process to authenticate. These security keys also work with Google two-factor authentication.
Duo versus Google
At York, we use two types of two-factor authentication: Duo and Google. Duo authentication protects several key University services, however, it isn't used to log into your University Google account – this is so that your Google access doesn't depend on campus infrastructure. This means you'll be able to access Google services, such as Gmail, even if campus services are completely down. To protect your Google account, set up Google two-factor authentication.
Privacy
- To use the Duo Mobile app you do not need to provide a phone number.
- To use the text message passcode option you do not have to install the Duo Mobile app onto your phone.
- When using the text message passcode option no information is transmitted from your phone to Duo.
- When using the Duo Mobile app, no information other than your phone number (if provided), phone model, phone operating system version and Duo Mobile software version is transmitted by the app.
See Duo Mobile privacy information for further details.