Getting started with Duo - Enrolling in Duo Mobile & using Duo Push

 

 

 

 

 

1. When you are enrolling in Duo for the first time, sign into myMarist or the web version of O365 (myMail), the Duo Security welcome screen will display

2. Click Start setup

3. Choose which type of Duo you are adding as your second factor of authentication, then click Continue

4. Select your country and type your phone number, then click Continue

5. Choose your Duo's operating system and click Continue

6. Install the Duo Mobile application.  After installing the app, click I have Duo Mobile Installed

a. Launch the App store app and search for "Duo Mobile"

 

b. Tap "Get" and then "Install" to download the app

7. Activate Duo Mobile by scanning the barcode / QR code with the app's built-in barcode scanner, then click  Continue

8. Your Duo is now ready to approve Duo push authentication requests.

Click here for more information about Duo enrollment: Guide to Two-Factor Authentication - Enrollment Guide

See below for Frequently Asked Questions (FAQ's) about Duo and Multi-Factor Authentication.

Marist updated to Duo's Universal Prompt on Thursday, August 17, 2023.

When you are connecting to a Marist service off-campus, you will see a screen similar to the following:

Then check your phone or other device for the prompt to accept.

If you would like to use another device you have set up other than the one currently receiving the Duo prompt, you would click or select the "Other options" link:

When you select "Other options" you will see a screen similar to the one below listing all potential devices you have set up in Duo:

Select which device you wish to receive the Duo prompt on. Then accept the prompt and you will successfully be able to connect with the Marist service you are trying to use.

You can read more about the Universal Prompt by going to Duo's website.

 

* Backing up your Duo mobile app is easy.

-- Android devices can set this up right from the Duo app.  Click here for more information on the Restore for an Android: Duo Restore for Android
-- Apple devices can use iCloud keychain or an encrypted iTunes backup.  Click here for more information on backing up your Apple device: How to back up your iPhone, iPad, and iPod touch

* You can easily restore the Duo Mobile App when you replace your smart device once you have backed up your Duo mobile app.  Click here for more information on the process to restore Duo on new or current mobile devices: Duo Restore

* Do you have a MAC?  You can set up Apple Touch ID as an additional Duo access option.  Click here for more information on using Apple Touch ID with Duo: Using Apple Touch ID with Duo

* Having an issue with your Duo push not allowing access?  Click here for more information on issues with push notifications: Common Issues - I have stopped recieving push notifications on Duo Mobile

* The Guide to Two-Factor Authentication - Duo Security is a great resource for many other features and questions you may have.

Adding a new device to Duo is easy.  Just follow the instructions here: Add a New Device.

Duo Security is a company that provides a cloud-based software service that utilizes Multi-Factor Authentication to ensure secure access to services and data.

Welcome to Duo

MFA provides an additional layer of security to any type of login, requiring extra information or a physical Duo to log in, in addition to your password. By requiring multiple layers of authentication, we can protect user logins from remote attacks that may exploit stolen usernames and passwords. Verifying your identity using MFA prevents anyone but you for logging in, even if they know your password.

 

Login credentials are more valuable than ever and are increasingly easy to compromise. Over 90% of breaches today involve compromised usernames and passwords.   MFA enhances the security of your account by using a secondary Duo to verify your identity. This prevents anyone but you from accessing your account, even if they know your password.

Two-Factor Authentication with Duo Push

When logging into an application that is protected by Duo (Marist public-facing websites – myMarist, O365) from on-campus, login experience will not change. When logging into an application that is protected by Duo from off-campus, you will need to complete a method of multi/two-factor authentication. You will still enter your Marist username and password, and then select a method for you to receive that second factor of authentication (i.e. Push Notification or Passcode). Once you approve the push notification or type in the passcode you can access the service. 

Duo Push Notification:

Hardware Token Passcode:

 

If you are off-campus and signing into the Marist VPN, you enter your Marist Account and password, use your Duo app for your second factor, and will then be single signed into the other public-facing systems you typically use at Marist.

1. Enter username and password as usual
2. Use your phone to verify your identity
3. Securely logged in

Once you've enrolled in Duo, you're ready to go.  You'll login as usual with your username and password, and then use your Duo to verify that it's you.

iOS, Android, Windows Phone, Hardware Token, and Touch ID

You can use a tablet, purchase a hardware token at the Computer Store, or use Touch ID on your MacBook.

Contact the Computer Store at compstore@marist.edu to purchase a hardware token.

Duo Mobile is Duo Security’s free app that allows you to quickly and easily approve a second-factor authentication request using Duo Push. With Duo Mobile and Duo Push, there is no need to carry a bulky token or waste time manually entering passcodes. Just tap to authenticate right on your smartphone.

Click here for more information about Duo Mobile: Duo Mobile App - Duo Security

Click here for more information about Duo Push: Duo Push Demonstration

When you authenticate using a hardware token, click the Enter a Passcode button. Press the button on your hardware token to generate a new passcode, type it into the space provided, and click Log In.  You can also watch this brief video on how to Authenticate with Hardware Tokens.

Click here for more information about how the Hardware Token works: Using Duo With a Hardware Token

Please contact the Marist Help Desk for any technical support needs:

845-575-4357

helpdesk@marist.edu

Almost none. 500 pushes to your Duo will use 1 MB of data in total. This is roughly equivalent to loading one webpage on your smartphone.

No. Duo Mobile has no access to change settings on your phone. Duo Mobile cannot read your emails, it cannot see your browser history, and it requires your permission to send you a notification. Lastly, Duo Mobile cannot remotely wipe your phone. The visibility Duo Mobile requires is to verify the security of your Duo, such as OS version, Duo encryption status, screen lock, etc. We use this to help recommend security improvements to your Duo and you are in control of whether or not you take action on these recommendations.

Duo Mobile only accesses your camera to scan a QR code during activation. Alternatively, you can click Send me an activation email. You can then continue your enrollment through this link.

Yes, you can save your Duo authentication in a web browser. This will reduce the frequency of MFA for up to 7 days.  This option is selectable at the Duo prompt screen as remember me.

Please be aware of the following:

• The option relies on browser cookies -- if you are using private (incognito) mode on your browser, you cannot select remember me.
• It is browser specific -- the option is specific to each browser you use, not the entire computer.  If you use multiple browsers, you have to select it on each one.
• Auto-push -- the remember me option must be selected before the Duo Push to your smartphone.  If you are using auto-push, you will need to cancel the push and then select the option.  The checkbox will then stay selected for all future auto-pushes.
• VPN will always require MFA -- the VPN authentication pop-up browser cannot save cookies.  Each login to the VPN service will still require Duo MFA.
• Only choose this option in your own computer -- do not select remember me on any device that you do not personally control, such as a public computer.
• It is still safest to use MFA on every login -- we are changing this configuration to allow individuals to make a choice based on their preferences.  However, it is still more secure to use MFA on every login.