Topics Map > •Accounts, Authenication & Passwords > -Accounts
Topics Map > •Accounts, Authenication & Passwords > -Duo
Topics Map > •Accounts, Authenication & Passwords > -NetID
Duo: Complete Guide to Duo
Duo is a security authentication tool that adds an additional layer of protection to online accounts. Using this document, you can enroll and manage a device in Duo, learn how to go through an authentication prompt, and learn how to use Duo while traveling.
Reactivate Duo on Your Smart Phone
What is Duo?
Duo is a tool used to improve security by using two-factor authentication (2FA), also called multi-factor authentication (MFA). Individuals are required to verify their identity by sharing something they know (i.e. user ID and password) along with something they have (i.e. smartphone, tablet, landline telephone). This type of authentication protects Rice systems against cyber attacks. Duo helps protect against phishing, social engineering, and password brute-force attacks and secures your logins from attackers exploiting weak or stolen credentials.
Why is Duo needed?
With the number of stolen passwords and hacking attempts on the rise, it is important to ensure the safety and security of Rice data and systems. With this additional security, we can ensure that critical university systems are only accessed by authorized users.
Which Rice systems use Duo?
Duo authentication is required on most Rice's centralized systems including:
- Mynetid - online account management systems. Read more in NetID: Complete Guide to NetID in the section on Duo Authentication.
- VPN - Virtual Private Network. Read more in VPN: Complete Guide to VPN in the section on Duo Authentication.
- Google Workspace for Education - Gmail, Calendar, Drive, etc. Read more in Duo: Logging into Google Workspace for Education
- Microsoft 365 Services - Outlook, Teams, One Drive. Read more in Duo: Logging into Microsoft 365 Services
- iO - employee and financial services system. Learn more about iO Support.
- Word Press - blog site hosting. See also Rice University Blogs.
Enrolling in Duo
Duo is a tool used to improve access security by using two-factor authentication (2FA), also called multi-factor authentication (MFA). Individuals are required to verify their identity by sharing something they know (i.e. userid and password) along with something they have (i.e. a smartphone app). This type of authentication protects Rice systems against cyber attacks.
Duo prompts you to enroll when you enable Duo Two-Factor Authentication within MyNetID (Online Account Management System).
Supported Browsers: Chrome, Firefox, Safari, Internet Explorer 11, Microsoft Edge, and Opera.
Step 1: Login to the Online Account Management System with your NetID credentials. Select the Sign in button.
Step 2: Select Two-Factor Authentication under Account Maintenance menu or the lock icon on the main screen.
Step 3: Select Enable Two-Factor Authentication.
Step 4: Click Start setup to begin enrolling your device.
Step 5: Select the type of device you'd like to enroll in and click Continue. We recommend using a smartphone for the best experience, but you can also enroll in a landline telephone, a universal two-factor authentication (U2F) token (currently only works on Chrome browsers), or iOS/Android tablets.
Step 6: Select your country from the drop-down list and type your phone number. Use the number of your smartphone, landline, or cell phone that you'll have with you when you're logging in to a Duo-protected service. You can enter an extension if you chose Landline in the previous step.
Double-check that you entered it correctly, check the box, and click Continue.
If you're enrolling a tablet you will not be prompted to enter a phone number.
Step 7: Choose your device's operating system and click Continue.
If you do not have a compatible smartphone device or decide not to install the Duo Mobile app: choose Other > Continue > Continue to Login > Enter a passcode. Click Text me new code at the bottom of the window. Enter in the passcode you received from Duo via text message and select Log In. Skip to Step 11.
Step 8: Install Duo Mobile
Follow the platform-specific instructions on the screen to install Duo Mobile. After installing Duo Mobile, return to the enrollment window and click I have Duo Mobile installed.
Step 9: Activate Duo Mobile:
Activating the app links it to your account so you can use it for authentication. This will require access to your camera. The application will request access to the camera, which you can temporarily allow. This can be disabled after enrollment.
On your smartphone: activate Duo Mobile by scanning the barcode with the app's built-in barcode scanner. Follow the platform specific instructions for your device:
After you scan the barcode successfully, select Continue.
Can't scan the barcode? Click has an activation link emailed to you instead and follow the instructions.
Step 10: Configure Device Options (optional):You can use Device Options to give your phone a more descriptive name or select Add another device to start the enrollment process again and add a second phone or another authenticator.
If this is the device you'll use most often with Duo then you may want to enable automatic push requests by going to the When I log in: option and changing the setting from Ask me to choose an authentication method to Automatically send this device a Duo Push or Automatically call this device and click Save. With one of the automatic options enabled, Duo automatically sends an authentication request via push notification to the Duo Mobile app on your smartphone or a phone call to your device (depending on your selection).
Select Continue to login to proceed to the authentication prompt.
Your device is ready to approve Duo authentication requests. Select Send me a Push to give it a try. All you need to do is tap Approve on the Duo login request received at your phone.
Step 11: Congratulations, you can now use Duo Authentication!
If you encounter issues during setup, contact the OIT Help Desk.
How to Authenticate with Duo
- Chrome, Firefox, Safari, Internet Explorer 11, Microsoft Edge, and Opera. Once you login to the service that uses Duo prompts, you will be met with the following screen.
If you have more than one device enrolled you'll see a device selector.
Select the device you want to use and then choose your authentication method.
- Duo Push pushes a login request to your phone or tablet (if you have Duo Mobile installed and activated on your iPhone or Android device). Just review the request and tap Approve. to log in.
- Call Me will authenticate via phone callback.
- Enter a Passcode will allow you to log in using a passcode, either generated with Duo Mobile, sent via SMS, generated by your hardware token, or provided by an administrator.
- Click Send Codes to get a new batch of passcodes texted to your phone.
- You can also use U2F Tokens for authentication.
If you can't authenticate or aren't sure what to do, click Need help? on the left side of the Duo prompt. Your administrator may have customized the help text with additional instructions or contact information.
You'll also see a Remember me for... option if your administrator enabled Duo's trusted devices feature. If you check this box when authenticating you won't need to perform Duo second-factor authentication again for the duration specified on the prompt.
If you're logging in with Duo from a device with a smaller screen (like a tablet) or small browser window then your authentication prompt may look slightly different. Don't worry! All the devices and options shown in the full-size prompt are available for use, and you can enroll and manage devices by following the same steps.
Authenticating from Smaller Screens
Click the Settings button at the top for the commands Add a New Device or My Settings & Devices.Click the X next in the Settings button to return to the authentication prompt.
The following instructions outline how to edit the devices you have enrolled on Duo. Select Device Options next to any of your enrolled devices to view the actions available for that type of device. You can Reactivate Duo Mobile for an enrolled smartphone, Change the Device Name for any type of phone, or delete any authentication device.
Reactivate Duo Mobile
You can use this option if you need to get Duo Push working on your phone (e.g. if you replaced your phone with a new model but kept the same phone number). After answering some questions about your device, you'll receive a new QR code to scan with your phone, which will complete the Duo Mobile activation process. Note: If you have switched smartphones, uninstalled the Duo Mobile application on your phone, or performed a factory reset, see the section, Reactivate Duo on Your Smart Phone.
Change Device Name
This will open up an interface to change the display name of your phone (hardware tokens can't be renamed). Type in the new name and click Save.
After successfully modifying your phone's name, not only will you see this from now on when managing devices, but it will also be how your phone is identified in the authentication dropdown.
Select the red Trash Can icon to delete a phone or token device.
Note: You may not remove your only remaining device. If you wish to remove it, first add another, then delete the original. If you are unable to delete a device, contact your administrator to have it removed.
You are given the chance to confirm or cancel deleting the authentication device. Once the device is deleted, it can no longer be used to approve Duo authentication requests.
Enroll New Device
You can easily add new devices right from the Duo authentication prompt.
Step 1: To start enrolling a new device, click Add a new device. If you don't see this link then make sure you are logging into the Online Account Management System.
Step 2: Choose an authentication method and complete two-factor authentication to begin adding your new device. If you're adding a new device to replace one that you previously activated for Duo Push, don't select the Duo Push authentication method on this page unless you still have the original device. If you don't have the original device but you have a new device with the same phone number, then you can authenticate with a phone call or SMS passcode.
You can't add a new device from this page if you do not have access to any of your previously enrolled authentication devices; you'll need to contact your Duo administrator for help.
Step 3: Proceed with the device enrollment process. As an example, let's add another phone.
Step 4: Select the new phone's operating system.
Step 5: Install Duo Mobile on the new phone and scan the barcode to activate.
The new phone is added and listed with your other enrolled devices. You can select Add another device to start the enrollment process again and add another authenticator.
To further manage the device added or any of the other enrolled devices, go to the Manage Devices option on this article.
Reactivate Duo on Your Smart Phone
To proceed, your smartphone will need to be able to receive calls or texts if it is the only device you've enrolled in Duo but it has to have the same number when it was first enrolled to receive a phone call or SMS text message.
1. MyNetID Login
Login to mynetid.rice.edu with your NetID and password. Click Sign In.
2. Authenticate with Duo
Authenticate with Duo by using the Call Me option.
3. MyNetID Welcome Screen
On the Account Management page, click the Two-Factor Authentication link/button.
4. Two-Factor Authentication Settings
Click the Device Management Portal button.
5. Duo My Settings & Devices
Select the Device Options button next to your registered device.
6. Duo My Settings & Devices, Device Options
Click on the Reactivate Duo Mobile button.
7. Phone Type
Select your type of smartphone and click Continue.
8. Activate Duo Mobile
***Note: Do not scan the QR code on this page.***
Click the hyperlink next to it to have it sent to your email instead. Follow the instructions within that email to continue.
9. Re-activation Complete
Once you see the green check mark appear, you have completed the reactivation of your device and will now be able to receive push notifications.
If you need assistance, contact the OIT Help Desk.
Using Duo while Traveling
Duo offers multiple options to meet your needs when traveling. It is suggested that you enroll in any device you plan on using before your trip.
- Even without cellular service or a WiFi connection, you may use the Duo Mobile app to generate a passcode that you can use for authentication. Simply choose the Enter a Passcode option when you get the Duo authentication prompt. To generate the passcode, open the Duo Mobile app on your phone and tap the button with the Key symbol.
If you are unable to have a smartphone during your travel, it is possible to get 10 one-time-use bypass codes that you can use for Duo Security authentication for the duration of your trip. You can generate these by going to your Online Account Management System, selecting Two-Factor Authentication on the left menu, and select Generate Bypass Codes at the bottom of the page. Each time you click this button, new codes will be generated and previous codes are invalidated.
If you have cellular service or a WiFi connection, then you can simply use whatever authentication technique you normally use. The push, passcode, and phone options all work out of the country. You can even add an international phone number as one of your authentication options.
The Duo app and hardware tokens are subject to export control regulations. According to federal export control regulations, the Duo app and hardware tokens may not be transported or sent to embargoed nations identified by the U.S. State Department.
Sanctions Programs and Country Information
Here is a dated list from August 2019:
- North Korea
If you are traveling to any of those countries, delete or uninstall the Duo app from any devices you will take with you, and do not take Duo hardware tokens with you.
More Information from Duo.com
For more information, see the Duo Security online Guide to Two-Factor Authentication.
Contact the OIT Help Desk.