Topics Map > •Accounts, Authenication & Passwords > -Accounts
Topics Map > •Accounts, Authenication & Passwords > -Duo
Topics Map > •Accounts, Authenication & Passwords > -NetID

Duo: Complete Guide to Duo

Duo is a security authentication tool that adds an additional layer of protection to online accounts. Using this document, you can enroll and manage a device in Duo, learn how to go through an authentication prompt, and learn how to use Duo while traveling.

Duo Overview

What is Duo?

Why is Duo needed?

Which Rice systems use Duo?

Enrolling in Duo

How to Authenticate with Duo

Manage Devices

Reactivate Duo Mobile

Change Device Name

Remove Device

Enroll New Device

Reactivate Duo on Your Smart Phone

Using Duo While Traveling

More Information from Duo.com

Need help?

Duo Overview

What is Duo?

Duo is a tool used to improve security by using two-factor authentication (2FA), also called multi-factor authentication (MFA). Individuals are required to verify their identity by sharing something they know (i.e. userid and password) along with something they have (i.e. smartphone, tablet, landline telephone). This type of authentication protects Rice systems against cyber attacks. Duo helps protect against phishing, social engineering and password brute-force attacks and secures your logins from attackers exploiting weak or stolen credentials.

Why is Duo needed?

With the number of stolen passwords and hacking attempts on the rise, it is important to ensure the safety and security of Rice data and systems. With this additional security we can ensure that critical university systems are only accessed by authorized users.

Which Rice systems use Duo?

Duo authentication is required on most Rice's centralized systems including:

Enrolling in Duo

These instructions explain how to enroll your device in Duo so you can use it with Rice systems that require Duo authentication. Duo's enrollment process makes it easy to register your phone and install the Duo Mobile application on your smartphone or tablet.
 

    

Duo is a tool used to improve access security by using two-factor authentication (2FA), also called multi-factor authentication (MFA). Individuals are required to verify their identity by sharing something they know (i.e. userid and password) along with something they have (i.e. a smartphone app). This type of authentication protects Rice systems against cyber attacks.

Rice has several systems that require Duo authentication. Duo's enrollment process makes it easy to register your phone and install the Duo Mobile application on your smartphone or tablet. If you have multiple devices, a smart phone and a tablet, we recommend that you register both as a hedge against the loss of one device. If, for example, your smartphone is lost, stolen or damaged, you could use your tablet with DUO, until your smartphone is replaced or repaired. 

Duo prompts you to enroll when you enable Duo Two-Factor Authentication within MyNetID (Online Account Management System).

Supported Browsers: Chrome, Firefox, Safari, Internet Explorer 11, Microsoft Edge, and Opera.

Step 1: Login to the Online Account Management System with your NetID credentials. Select the Sign in button.

Screenshot of MyNetID login window. You can login or activate your NetID.

Step 2: Select Two-Factor Authentication under Account Maintenance menu or the lock icon on the main screen.

Welcome window that pops up after logging in.

 

Step 3: Select Enable Two-Factor Authentication.

Screenshot of of two-factor authentication window showing the button to click to enable two-factor authentication.

Step 4: Click Start setup to begin enrolling your device.

Protect your Rice account: Two-factor authentication enhances the security of your account by using a secondary device to verify your identity.

Step 5: Select the type of device you'd like to enroll and click Continue. We recommend using a smartphone for the best experience, but you can also enroll a landline telephone, a universal two-factor authentication (U2F) token (currently only works on Chrome browsers), or iOS/Android tablets.

What type of device are you adding? Buttons for device choices.

Step 6: Select your country from the drop-down list and type your phone number. Use the number of your smartphone, landline, or cell phone that you'll have with you when you're logging in to a Duo-protected service. You can enter an extension if you chose Landline in the previous step.

Double-check that you entered it correctly, check the box, and click Continue.

Text entry box for your phone number.

If you're enrolling a tablet you will not be prompted to enter a phone number.

Step 7: Choose your device's operating system and click Continue.

If you do not have a compatible smartphone device or decide not to install the Duo Mobile app: choose Other > Continue > Continue to Login > Enter a passcode. Click Text me new code at the bottom of the window. Enter in the passcode you received from Duo via text message and select Log In. Skip to Step 11.

Select button to indicate type of phone.

Step 8: Install Duo Mobile

Duo Mobile is an app that runs on your smartphone and helps you authenticate quickly and easily. Without it, you'll still be able to log in using a phone call or text message, but for the best experience, we highly recommend you use Duo Mobile. Since Duo Mobile works in any country, it doesn't require a cell service and is more reliable than SMS/Voice, making it the best option for authenticating your device. 

Follow the platform-specific instructions on the screen to install Duo Mobile. After installing Duo Mobile, return to the enrollment window and click I have Duo Mobile installed.

Screen with button to indicate that you have installed Duo Mobile

Step 9: Activate Duo Mobile:

Activating the app links it to your account so you can use it for authentication. This will require access to your camera. The application will request access to the camera, which you can temporarily allow. This can be disabled after enrollment.

On your smartphone: activate Duo Mobile by scanning the barcode with the app's built-in barcode scanner. Follow the platform specific instructions for your device:

Screen with QR bar code for scanning

After you scan the barcode successfully, select Continue.

Screen with large green check mark that indicates Duo Mobile has been activated.

Can't scan the barcode? Click have an activation link emailed to you instead and follow the instructions.

Step 10: Configure Device Options (optional):

You can use Device Options to give your phone a more descriptive name or select Add another device to start the enrollment process again and add a second phone or another authenticator.

If this is the device you'll use most often with Duo then you may want to enable automatic push requests by going to the When I log in: option and changing the setting from Ask me to choose an authentication method to Automatically send this device a Duo Push or Automatically call this device and click Save. With one of the automatic options enabled, Duo automatically sends an authentication request via push notification to the Duo Mobile app on your smartphone or a phone call to your device (depending on your selection).

Screenshot of My Settings and Devices that allow you to pick options.

 

Select Continue to login to proceed to the authentication prompt.

My Settings and Devices screen

Your device is ready to approve Duo authentication requests. Select Send me a Push to give it a try. All you need to do is tap Approve on the Duo login request received at your phone.

Choose an authentication method screen

Step 11:  Congratulations, you can now use Duo Authentication!

If you see a screen that is similar to below, you have completed the Duo 2FA Enrollment!

MyNetID window with a message- Duo Two-Factor Enrollment Successful.

If you encounter issues during setup, contact the OIT Help Desk.

 

How to Authenticate with Duo

The following is a step-by-step instruction on how to login to services that require you to go through the Duo authentication prompt. The authentication prompt lets you choose how to verify your identity each time you log in to Duo protected applications like MynetID.
 

Supported Browsers

      Chrome, Firefox, Safari, Internet Explorer 11, Microsoft Edge, and Opera. Once you login to the service that uses Duo prompts, you will be met with the following screen. 



Duo Authentication Prompt

If you have more than one device enrolled you'll see a device selector.

Select Device

Select the device you want to use and then choose your authentication method.
  • Duo Push pushes a login request to your phone or tablet (if you have Duo Mobile installed and activated on your iPhone or Android device). Just review the request and tap Approve. to log in.
  • Call Me will authenticate via phone callback.
  • Enter a Passcode will allow you to log in using a passcode, either generated with Duo Mobile, sent via SMS, generated by your hardware token, or provided by an administrator.
  • Click Send Codes to get a new batch of passcodes texted to your phone.
  • You can also use U2F Tokens for authentication. 

If you can't authenticate or aren't sure what to do, click Need help? on the left side of the Duo prompt. Your administrator may have customized the help text with additional instructions or contact information.



Get Assistance from Administrator



Trusted Devices

You'll also see a Remember me for... option if your administrator enabled Duo's trusted devices feature. If you check this box when authenticating you won't need to perform Duo second-factor authentication again for the duration specified on the prompt.

Remember Duo Authentication for period of time

Authenticating from Smaller Screens

If you're logging in with Duo from a device with a smaller screen (like a tablet) or small browser window then your authentication prompt may look slightly different. Don't worry! All the devices and options shown in the full-size prompt are available for use, and you can enroll and manage devices by following the same steps. 


Authentication from Smaller Screen

Access

Click the Settings button at the top for the commands Add a New Device or My Settings & Devices.

Click the X next in the Settings button to return to the authentication prompt. 



Exit to go back to Authentication Prompt

Manage Devices

The following instructions outline how to edit the devices you have enrolled on Duo. Select Device Options next to any of your enrolled devices to view the actions available for that type of device. You can Reactivate Duo Mobile for an enrolled smartphone, Change Device Name for any type of phone, or delete any authentication device.


Duo My Settings & Devices

 Reactivate Duo Mobile

You can use this option if you need to get Duo Push working on your phone (e.g. if you replaced your phone with a new model but kept the same phone number). After answering some questions about your device, you'll receive a new QR code to scan with your phone, which will complete the Duo Mobile activation process. Note: If you have switched smart phones, uninstalled the Duo Mobile application on your phone, or performed a factory reset, see the section, Reactivate Duo on Your Smart Phone.

Reactivate Duo Mobile



Change Device Name

This will open up an interface to change the display name of your phone (hardware tokens can't be renamed). Type in the new name and click Save


Change Device Name

After successfully modifying your phone's name, not only will you see this from now on when managing devices, but it will also be how your phone is identified in the authentication dropdown.



Successfully Changed Name

 Remove Device

Select the red Trash Can icon to delete a phone or token device.

Note: You may not remove your only remaining device. If you wish to remove it, first add another, then delete the original. If you are unable to delete a device, contact your administrator to have it removed.

Remove Device

You are given the chance to confirm or cancel deleting the authentication device. Once the device is deleted, it can no longer be used to approve Duo authentication requests.

Successfully Removed Device

 Enroll New Device  

You can easily add new devices right from the Duo authentication prompt.

Step 1: To start enrolling a new device, click Add a new device. If you don't see this link then make sure you are logging into the Online Account Management System.
Add a New Device

Step 2: Choose an authentication method and complete two-factor authentication to begin adding your new device. If you're adding a new device to replace one that you previously activated for Duo Push, don't select the Duo Push authentication method on this page unless you still have the original device. If you don't have the original device but you have a new device with the same phone number, then you can authenticate with a phone call or SMS passcode.

You can't add a new device from this page if you do not have access to any of your previously enrolled authentication devices; you'll need to contact your Duo administrator for help.



Choose Authentication Method

Step 3: Proceed with the device enrollment process. As an example, let's add another phone.


Select Type of Device

Enter Phone Number

Step 4: Select the new phone's operating system.


Select Phone Operating System

Step 5: Install Duo Mobile on the new phone and scan the barcode to activate.


Activate Duo Mobile

The new phone is added and listed with your other enrolled devices. You can select  Add another device to start the enrollment process again and add another authenticator.


Add another device

To further manage the device added or any of the other enrolled devices, go to the Manage Devices option on this article.

Reactivate Duo on Your Smart Phone

These instructions explain how to reactivate Duo Mobile on your smart phone after you have switched smart phones, uninstalled the Duo Mobile application on your phone, or performed a factory reset. Follow these steps so you can receive Duo push notifications and will be able to generate one-time use passcodes.

  

In order to proceed, your smart phone will need to be able to receive calls or texts if it is the only device you've enrolled in Duo but it has to have the same number when it was first enrolled to receive a phone call or SMS text message.

1. MyNetID Login

 screenshot of the MyNetID login

Login to mynetid.rice.edu with your NetID and password. Click Sign In.

 

2. Authenticate with Duo

screenshot of authentication window with three choices: Duo Push, Call Me or Passcode

Authenticate with Duo by using the Call Me option.

3. MyNetID Welcome Screen

First screen display at mynetid with the option Two-Factor Authentication highlighted

On the Account Management page, click the Two-Factor Authentication link/button.

 

4. Two-Factor Authentication Settings

Screen for Two Factor Authentication with Device Management Portal button highlighted

Click the Device Management Portal button.

5. Duo My Settings & Devices

My Setting and Devices display with Device Options for listed devices

Select the Device Options button next to your registered device.

6. Duo My Settings & Devices, Device Options

My Devices, selected the Reactive Duo Device Button

Click on the Reactivate Duo Mobile button.

7. Phone Type

Select type of phone: iPhone, Android, Windows, Other

Select your type of smart phone and click Continue.

8. Activate Duo Mobile

***Note: Do not scan the QR code on this page.***

Activate Duo Mobile - select activate link for email

Click the hyperlink next to it to have it sent to your email instead. Follow the instructions within that email to continue.

9. Re-activation Complete

Same screen with green check mark indicating reactivation is complete.

Once you see the green check mark appear, you have completed the reactivation of your device and will now be able to receive push notifications.

Need help?

If you need assistance, contact the OIT Help Desk.

 

Using Duo while Traveling

 

    

Duo offers multiple options to meet your needs when traveling. It is suggested that you enroll any device you plan on using before your trip.

Options

  • Even without cellular service or a WiFi connection, you may use the Duo Mobile app to generate a passcode that you can use for authentication. Simply choose the  Enter a Passcode option when you get the Duo authentication prompt. To generate the passcode, open the Duo Mobile app on your phone and tap the button with the Key symbol.

    If you are unable to have a smartphone during your travel, it is possible to get 10 one-time use bypass codes that you can use for Duo Security authentication for the duration of your trip. You can generate these by going to your Online Account Management System, selecting Two-Factor Authentication on left menu and select Generate Bypass Codes at the bottom of the page. Each time you click this button, new codes will be generated and previous codes are invalidated.

    If you have cellular service or a WiFi connection, then you can simply use whatever authentication technique you normally use. The push, passcode, and phone options all work out of the country. You can even add an international phone number as one of your authentication options.

Restrictions

The Duo app and hardware tokens are subject to export control regulations. According to federal export control regulations, the Duo app and hardware tokens may not be transported or sent to embargoed nations identified by the U.S. State Department. 

Sanctions Programs and Country Information

Here is a dated list from August 2019:

  • Cuba
  • Iran
  • North Korea
  • Sudan
  • Syria
  • Venezuela

If you are traveling to any of those countries, delete or uninstall the Duo app from any devices you will take with you and do not take Duo hardware tokens with you.

 

More Information from Duo.com

Need help?

Contact the OIT Help Desk.

See Also:



Keywords:Duo two factor authentication second layer online accounts security logging passwords critical duo login enrollment manage device 2FA MFA multi factor twofactor multifactor   Doc ID:78235
Owner:Diane Y.Group:Rice University
Created:2017-11-14 11:25 CSTUpdated:2022-08-22 12:47 CST
Sites:Rice University
Feedback:  5   13