Information Technology

Duo Security

How do I enroll in Duo Security?

Getting started with Duo - Enrolling in Duo Mobile & using Duo Push

 

 

 

 

 

1. When you are enrolling in Duo for the first time, sign into myMarist or the web version of O365 (myMail), the Duo Security welcome screen will display

2. Click Start setup

3. Choose which type of Duo you are adding as your second factor of authentication, then click Continue

4. Select your country and type your phone number, then click Continue

5. Choose your Duo's operating system and click Continue

6. Install the Duo Mobile application.  After installing the app, click I have Duo Mobile Installed

a. Launch the App store app and search for "Duo Mobile"

 

b. Tap "Get" and then "Install" to download the app

7. Activate Duo Mobile by scanning the barcode / QR code with the app's built-in barcode scanner, then click  Continue

8. Your Duo is now ready to approve Duo push authentication requests.  Click Send me a Push to give it a try. All you need to do is tap Approve on the Duo login request received at your phone.

Click here for more information about Duo enrollment: Guide to Two-Factor Authentication - Enrollment Guide

See below for Frequently Asked Questions (FAQ's) about Duo and Multi-Factor Authentication.

Backup & Restore of Duo

 

* Backing up your Duo mobile app is easy.

-- Android devices can set this up right from the Duo app.  Click here for more information on the Restore for an Android: Duo Restore for Android
-- Apple devices can use iCloud keychain or an encrypted iTunes backup.  Click here for more information on backing up your Apple device: How to back up your iPhone, iPad, and iPod touch

* You can easily restore the Duo Mobile App when you replace your smart device once you have backed up your Duo mobile app.  Click here for more information on the process to restore Duo on new or current mobile devices: Duo Restore

* Do you have a MAC?  You can set up Apple Touch ID as an additional Duo access option.  Click here for more information on using Apple Touch ID with Duo: Using Apple Touch ID with Duo

* Having an issue with your Duo push not allowing access?  Click here for more information on issues with push notifications: Common Issues - I have stopped recieving push notifications on Duo Mobile

* The Guide to Two-Factor Authentication - Duo Security is a great resource for many other features and questions you may have.

How Do I Add a New Device to Duo?

Adding a new device to Duo is easy.  Just follow the instructions here: Add a New Device.

What is Duo Security?

Duo Security is a company that provides a cloud-based software service that utilizes Multi-Factor Authentication to ensure secure access to services and data.

What is Multi-Factor Authentication (MFA)?

Welcome to Duo

MFA provides an additional layer of security to any type of login, requiring extra information or a physical Duo to log in, in addition to your password. By requiring multiple layers of authentication, we can protect user logins from remote attacks that may exploit stolen usernames and passwords. Verifying your identity using MFA prevents anyone but you for logging in, even if they know your password.

 

Why do we need MFA?

Login credentials are more valuable than ever and are increasingly easy to compromise. Over 90% of breaches today involve compromised usernames and passwords.
 
MFA enhances the security of your account by using a secondary Duo to verify your identity. This prevents anyone but you from accessing your account, even if they know your password.

How will Duo change my login experience?

Two-Factor Authentication with Duo Push

When logging into an application that is protected by Duo (Marist public-facing websites – myMarist, O365) from on-campus, login experience will not change. When logging into an application that is protected by Duo from off-campus, you will need to complete a method of multi/two-factor authentication. You will still enter your Marist username and password, and then select a method for you to receive that second factor of authentication (i.e. Push Notification or Passcode). Once you approve the push notification or type in the passcode you can access the service. 


Duo Push Notification:


Hardware Token Passcode:

 

If I am off-campus and signed into the Marist VPN (virtual private network), will my login experience change?

If you are off-campus and signing into the Marist VPN, you enter your Marist Account and password, use your Duo app for your second factor, and will then be single signed into the other public-facing systems you typically use at Marist.

How does Duo Security work?

  1. Enter username and password as usual
  2. Use your phone to verify your identity
  3. Securely logged in

Once you've enrolled in Duo, you're ready to go.  You'll login as usual with your username and password, and then use your Duo to verify that it's you.

What devices are supported?

iOS, Android, Windows Phone, Hardware Token, and Touch ID

What if I don't have a mobile phone?

You can use a tablet, purchase a hardware token at the Computer Store, or use Touch ID on your MacBook.

How can I purchase a hardware token?

Contact the Computer Store at compstore@marist.edu to purchase a hardware token.

What is Duo Mobile and Duo Push? Why are these two authentication methods recommended?

Duo Mobile is Duo Security’s free app that allows you to quickly and easily approve a second-factor authentication request using Duo Push. With Duo Mobile and Duo Push, there is no need to carry a bulky token or waste time manually entering passcodes. Just tap to authenticate right on your smartphone.

Click here for more information about Duo Mobile: Duo Mobile App - Duo Security

Click here for more information about Duo Push: Duo Push Demonstration

How does the hardware token work?

When you authenticate using a hardware token, click the Enter a Passcode button. Press the button on your hardware token to generate a new passcode, type it into the space provided, and click Log In.  You can also watch this brief video on how to Authenticate with Hardware Tokens.

Click here for more information about how the Hardware Token works: Using Duo With a Hardware Token

Who can I contact for technical support?

Please contact the Marist Help Desk for any technical support needs:

845-575-4357

helpdesk@marist.edu

How much data does a Duo Push use?

Almost none. 500 pushes to your Duo will use 1 MB of data in total. This is roughly equivalent to loading one webpage on your smartphone.

Does installing the Duo Mobile app give up control of my phone?

No. Duo Mobile has no access to change settings on your phone. Duo Mobile cannot read your emails, it cannot see your browser history, and it requires your permission to send you a notification. Lastly, Duo Mobile cannot remotely wipe your phone. The visibility Duo Mobile requires is to verify the security of your Duo, such as OS version, Duo encryption status, screen lock, etc. We use this to help recommend security improvements to your Duo and you are in control of whether or not you take action on these recommendations.

Why does the Duo Mobile app need to access my camera?

Duo Mobile only accesses your camera to scan a QR code during activation. Alternatively, you can click Send me an activation email. You can then continue your enrollment through this link.

Can my DUO Authentication be saved in a web browser?

Yes, you can save your Duo authentication in a web browser. This will reduce the frequency of MFA for up to 7 days.  This option is selectable at the Duo prompt screen as remember me.

Please be aware of the following:

  • The option relies on browser cookies -- if you are using private (incognito) mode on your browser, you cannot select remember me.
  • It is browser specific -- the option is specific to each browser you use, not the entire computer.  If you use multiple browsers, you have to select it on each one.
  • Auto-push -- the remember me option must be selected before the Duo Push to your smartphone.  If you are using auto-push, you will need to cancel the push and then select the option.  The checkbox will then stay selected for all future auto-pushes.
  • VPN will always require MFA -- the VPN authentication pop-up browser cannot save cookies.  Each login to the VPN service will still require Duo MFA.
  • Only choose this option in your own computer -- do not select remember me on any device that you do not personally control, such as a public computer.
  • It is still safest to use MFA on every login -- we are changing this configuration to allow individuals to make a choice based on their preferences.  However, it is still more secure to use MFA on every login.