Topics Map > •Accounts, Authenication & Passwords > -Duo

Duo: Complete Guide to Duo

This article provides information about Duo Mobile and its usage for multi-factor authentication at Rice.

NOTE: WhooRU.rice.edu is replacing MyNetID.rice.edu on June 18, 2025. Watch this video about exciting changes. Certain links and commands in this document will not become active until the switch.

What is Duo?

Duo is the tool that Rice uses for multi-factor authentication (MFA). The purpose of this is to improve security and protect resources against unauthorized access or attempts to steal credentials and/or accounts. 

How does Duo work?

Duo acts as an additional security layer for authorized individuals to access university systems.

In order to access a service, you must authenticate by providing at least two factors to validate who you are.  This is done by sharing:

  • Something you know (e.g., username and password)

  • Something you have (e.g., smartphone or tablet)

In this way, you are required to prove your identity and also confirm that you are in possession of the device(s) that are needed to gain access to university resources. By doing this, you are helping protect Rice systems against cyber attacks.

Why is Duo important?

Hackers are constantly on the hunt for credentials to steal and accounts to exploit. Due to the increase in the number of these attacks, it is critical to ensure the safety and security of Rice’s data and systems. With Duo, we can ensure that critical university systems are only accessed by authorized users. 

How to Enroll in Duo

At the time you activate your NetID account, you will automatically be taken through the Duo enrollment process. The NetID activation process can only be done once by an individual.

If you’ve been at Rice for a while and have never set up Duo, log in to WhooRU with your NetID and password to start the enrollment process. 

Duo Authentication Methods

The authentication methods are how you will choose to authenticate your identity when accessing university resources. Please see the table below to review the methods that Rice currently supports in order of most to least secure.

Table of Authentication Methods
Authentication Method Category Security Description
Platform Authenticators PASSKEY VERY STRONG (5) Apple Touch ID / Face ID/ Windows Hello
Roaming Authenticators PASSKEY VERY STRONG (5) WebAuthN tokens (Yubikey / 1Password / Apple Keychain / Google Chrome Password Manager)
Duo Mobile push approval PUSH STRONG (4) Duo Mobile App Push
Duo Mobile generated passcodes PASSCODE STRONG (4) Duo Mobile App Passcode
Hardware token passcodes* PASSCODE STRONG (4) Hardware token (OTP)
SMS Passcodes SMS WEAK (1) SMS delivered passcode
Phone Call approval VOICE WEAK (0) Telephone call with voice prompt

*Limited availability

If you wish you learn more about all other authentication methods Duo supports, please visit: Duo Authentication Methods

Duo Device

A Duo device allows you to respond to the authentication requests sent by Duo when accessing university systems. The following devices can be configured to authenticate with Duo:

  • Duo Mobile App -- (supports PUSH, PASSCODE)
    • iOS
    • Apple Watch
    • Android
  • Cell phone and landlines (supports SMS, VOICE)
  • Hardware Tokens (supports PASSCODE)
  • Touch ID (supports PASSKEY)

FAQs

Q: Which Rice Systems use Duo?

A: The following systems use and require Duo for multi-factor authentication

  • WhooRU – Rice’s online account management system

  • VPN – Virtual Private Network

  • Google Workspace – Gmail, Calendar, Google Drive, etc.

  • Microsoft 365 Services – Outlook, Teams, OneDrive. 

  • iO – Employee and financial services system

  • WordPress – Blog site hosting

Q: How many devices do I need to configure for Duo?

A: You will only be required to set up ONE Duo device during the enrollment process. However, it is always recommended that you set up multiple (at least 2) devices that are capable of responding to Duo prompts for authentication. For example, if you're unable to use one device due to some platform or website settings, you are able to use the other device that has been configured for access. 

Q: What method should I use to authenticate? 

A: The authentication method(s) used are based on individual preference. However, it is highly preferred that you use methods with a security score of 2 or 3 or higher for normal, everyday use. 

Q: How can I change my authentication method?

A:  If you do not want to use the method Duo automatically suggests for that application, cancel the Duo authentication in progress and click or tap Other options. Then, select the method you want from the list. If you have not set up Duo Mobile, then the Duo prompt may automatically select your next available option, following the most to least secure preference order.

Q: What's the difference between the authentication methods I use?

A: The difference between the authentication methods used is based solely on the level of security. For example, it is recommended for individuals to use more secure authentication methods when authenticating to university systems. 

Q: I've already activated my NetID, but I want to update my authentication method for Duo. What do I do?

A: If you already have your NetID, you can update the devices that you use for Duo authentication in the WhooRU online account management system. This will allow you to update the device information that Duo sends. The settings for your preferred method(s) of authentication can be found in the Duo Mobile application. 

Q: I have been at Rice for a long time, and I've never set up Duo. What do I do?

A: If you have never set up Duo, go to WhooRU.rice.edu and step through the Identity Claim process. You will be required to configure your device and select the authentication method to gain access to University systems.

Q: I'm traveling internationally and need to access University resources during my trip. How do I need to prepare?
A: Before your trip, make sure to have the device(s) you plan to use on your trip enrolled in Duo. If you have a cellular connection or WiFi, you can authenticate as normal using the methods you prefer. Otherwise, if you know that you will not have cellular service or WiFi, you can generate up to ten (10) bypass codes that can be used for the duration of your trip. 

Duo Authentication Categories

Categories

PASSKEY

The PassKey methods are phishing-resistant and cryptographically strong.  The credential can only be shared with the website that it was configured with. 

PUSH

The Push method sends a message to the Duo Mobile app running on your smartphone, which causes it to produce an immediate pop-up notification and only requires clicking an Accept or Decline button.  This is by far the easiest method with which to interact with the Duo 2FA process, but it requires running the Duo Mobile app on your smartphone and an active cell or wireless connection.

PASSCODE

The Passcode method is a six-digit number that can be entered into the Duo Prompt. The Duo Mobile app running on your smartphone can generate this passcode for you.  This passcode number can also be generated by a Duo Hardware Token.  The passcode method does not require an active cell or wireless connection.

SMS

The SMS method will send a passcode to your cell phone as an SMS message.  You can then enter this number into the Duo Prompt.  The SMS method can be used on non-smart phones, though this is one of the weakest in terms of security.  The SMS method requires an active cell connection.

VOICE

The voice method will call your phone and ask you to approve or deny the request by pressing a number on the phone. This option can be used with landlines.  Like the SMS method abovethis is the weakest in terms of security.  The VOICE method requires an active cell connection if used with a mobile phone

Category Security

0 = Weak

5 = Strong

2 or higher is acceptable for normal use, 3 and higher is preferred 

Resources and More Information

Usage

Authentication

NOTE: Duo automatically defaults to using the most secure authentication method you defined on first use.  Afterward, it will default to the last one that you used.

Duo Authentication Process

Guide to Two-Factor Authentication

Duo Universal Prompt

You will see the Duo prompt when trying to log into a protected application or web browser. 

Duo Universal Prompt (full guide)

Device Management

Duo adding or managing devices after enrollment

Backup and Recovery

Duo Restore - iOS

Duo Restore - Android

Travel

Access Denied. Duo Security does not provide services in your current location

Enrollment

WARNING: The enrollment process will only require you to define ONE Duo device. For best practice, it is always recommended to set up multiple (2 or more) devices capable of responding to Duo, such as an Authenticator or the Duo Mobile App on your smartphone. 

Duo enrollment process

Additional Resources

Duo Support Site

Need Help?

Please contact the OIT Help Desk.

To the top

 

See Also


Keywords:
duo, multifactor, authentication, mfa, security, duo mobile, 2fa, enrollment, accounts, online, passwords, two factor authentication 
Doc ID:
150979
Owned by:
Ajsia J. in Rice U
Created:
2025-05-20
Updated:
2025-06-11
Sites:
Rice University