Topics Map > •Accounts, Authenication & Passwords > -Duo
Topics Map > •Accounts, Authenication & Passwords > -NetID
Duo @ Rice Information And Pointers
Contents
- Duo Universal vs Duo Traditional Prompt
- Duo Universal Prompt
- Duo Traditional Prompt
- Rice supported Duo Authentication Methods
- Duo devices
Duo settings and device management
What is Duo?
Duo is a Two-Factor Authentication (2FA) application. It adds an additional level of security when authenticating to computing resources like web sites and computers. After authenticating with your NetID and password, you will be sent to the Duo application to do an additional check that you are who you say you are. This additional check will contact you through an external mechanism, like your cell phone, and ask you to confirm that you are trying to access the resource. If you ever receive this notification from Duo asking if you are trying to access a resource that you are not currently trying to access, please indicate that the request from Duo is fraudulent and change your NetID password.
Using Duo for Authentication
Duo Universal vs Duo Traditional Prompt
The prompt that the Duo application uses to initiate the 2FA process is changing. The traditional prompt is the one that Rice has used since we first began using Duo years ago. By the end of 2023, all web protected Duo applications will be switching to the Duo Universal Prompt. Since it may take time to have all of Rice's web applications configured to use the new method, here is documentation about both methods
Duo Universal Prompt
Duo Traditional Prompt
Rice supported Duo Authentication Methods
PUSH
The Push method sends a message to the Duo Mobile app running on your smart phone that causes it to produce an immediate popup notification and only requires clicking on an Accept or Decline button. This is by far the easiest method with which to interact with the Duo 2FA process but it requires running the Duo Mobile app on your smart phone and an active cell or wireless connection.
PASSCODE
The Passcode method is a six digit number that can be entered into the Duo Prompt. The Duo Mobile app running on your smart phone can generate this passcode for you. This passcode number can also be generated by a Duo Hardware Token. The passcode method does not require an active cell or wireless connection.
SMS
The SMS method will send a passcode to your cell phone as a SMS message. You can then enter this number into the Duo Prompt. The SMS method can be used on non-smart phones though this is one of the weakest in regards to security. The SMS method requires an active cell connection.
VOICE
The voice method will call your phone and ask you to approve or deny the request by pressing a number on the phone. This option can be used with landlines. Like the SMS method above, this is the weakest in regards to security. The VOICE method requires an active cell connection if used with a mobile phone.
Duo devices
Duo devices allow you to respond to the authentication requests sent by the Duo prompt.
- Duo Mobile - supports PUSH and PASSCODE
- Cell Phone & Landlines - supports SMS (cell phone) and VOICE (both)
- Hardware Tokens - supports PASSCODE
- Touch ID - supports platform PASSKEY
Duo settings and device management
Duo settings and device management can be accessed through the Duo authentication process when logging into MyNetID. When it displays the Duo Universal Prompt, click on the URL link "Other" at the bottom of the prompt.
- Initially setting up your information in Duo the first time
- Managing your 2FA devices and Settings
- Adding a new 2FA device - Universal Prompt
- Adding a new 2FA device - Traditional Prompt
Duo enrollment process
Your initial Duo setup is done as part of the workflow that you follow when activating your NetID using https://MyNetID.rice.edu. When going through the initial Duo enrollment, please be sure to add an authentication device that supports PUSH (recommended), SMS, or Voice in addition to any others you wish to use. Using these authentication types will serve as good backups should you ever need them.
Below you will find links that will describe this process.
Using Duo when traveling
Duo offers multiple options to meet your needs when traveling. It is suggested that you enroll in any device you plan on using before your trip.
Options
- Even without cellular service or a WiFi connection, you may use the Duo Mobile app to generate a passcode that you can use for authentication. Simply choose the Other -> Passcode option when you get the Duo authentication prompt. To generate the passcode, open the Duo Mobile app on your phone and tap the button with the Key symbol.
If you are unable to have a smartphone during your travel, it is possible to get 10 one-time-use bypass codes that you can use for Duo Security authentication for the duration of your trip. You can generate these by going to your Online Account Management System, selecting Two-Factor Authentication on the left menu, and select Generate Bypass Codes at the bottom of the page. Each time you click this button, new codes will be generated and previous codes are invalidated.
If you have cellular service or a WiFi connection, then you can simply use whatever authentication technique you normally use. The push, passcode, and phone options all work out of the country. You can even add an international phone number as one of your authentication options.
Restrictions
The Duo app and hardware tokens are subject to export control regulations. According to federal export control regulations, the Duo app and hardware tokens may not be transported or sent to embargoed nations identified by the U.S. State Department.
Sanctions Programs and Country Information
Here is a dated list from August 2019:
- Cuba
- Iran
- North Korea
- Sudan
- Syria
- Venezuela
If you are traveling to any of those countries, delete or uninstall the Duo app from any devices you will take with you, and do not take Duo hardware tokens with you.