DTS

Two-Factor Authentication (Duo)

Two-factor authentication (2FA), also known as multifactor authentication (MFA), adds a second layer of security to your online accounts. Verifying your identity using a second factor (like your phone or other mobile device) prevents anyone but you from logging in, even if they know your password. 

The University of Cincinnati uses Duo Security for two-factor authentication. Duo Push with the Duo Mobile App is the university’s primary method of two-factor authentication. 

Duo Announcements

Duo authentication via SMS text messages and phone calls will no longer be supported after January 21, 2026,

  • This change is part of the university’s ongoing efforts to enhance security and protect users from increasingly sophisticated phishing attacks that target these less secure methods.

Duo Mobile app update required before March 31, 2026

  • Duo is updating its infrastructure March 31, 2026. As a result, Duo will no longer support versions of the Duo Mobile app older than version 4.85.0. To continue accessing university systems you must update the Duo Mobile app on your phone or tablet, if your version is below 4.85.

Duo anounced the end support for Duo Mobile on Android 11 and Apple iOS 16 April 16, 2026

  • Duo is ending support of Andriod 11 and Apple iOS 16. Both for these operating systems are End of Life. After April 16, 2026 you will not be able to update to the lastest version of the Duo Mobile app. 

Get Started with Duo Mobile and Duo Push

The university's primary method of two-factor authentication is Duo Push using the Duo Mobile app. Duo Mobile is installed on a persons smartphone or tablet. The Duo Mobile app is secure, works with all university applications and provide the best user experience. To enroll in the Duo Mobile app:

  • In a private browser on your smartphone, navigate to Canvas and log in with your UC credentials
  • You will receive a Duo prompt. you must select the Other options link
  • Select Manage Your Devices at the bottom of the list
  • Select Text Message Passcode
  • Enter the passcode texted to your phone
  • Select Add a device
  • Select Duo Mobile a secure and user-friendly option
  • Enter your phone number, then select Continue
  • After entering the phone number,
  • Select Yes, it's correct to confirm the phone number
  • Select Send me a passcode
  • Enter the passcode, then select Verify
  • If you have not downloaded the Duo Mobile app yet, go to your phones app store and download: iOS or Andriod
  • Open Duo Mobile
  • Name your account and save

For more detailed instructions or instruction on how to setup Duo Mobile from your desktop/laptop computer, go to the "Duo Two-Factor Authentication Self-Enrollment and Management Guide" KB article.

Duo Two-Factor Authentication Self-Enrollment and Management Guide

Secondary Authentication Methods

Duo Push with the Duo Mobile App is the university’s primary method of two-factor authentication. With the Duo Mobile App, you can also set up a secondary authentication method to use anytime you don’t have access to your phone.  

Security Keys

The Office of Information Security recommends security keys as the preferred method of secondary authentication with Duo.

A security key is a small device that connects to your computer’s USB port and helps confirm your identity when you log in. When you tap it, the key securely sends a verification code to Duo to complete the login process. 

Any FIDO-compliant security key should work at this time. The Office of Information Security has tested a variety of security keys with success. The easiest and most readily available security keys are from Yubico. At this time the university recommends the YubiKey 5 Series. Yubico and other FIDO-compliant security keys are available from a variety of retailers, such as Amazon and Best Buy.

Please note that security keys can not be used to authenticate to the university's VPN client, Cisco AnyConnect, on MacOS, Chromebooks, or Linux devices. Security keys do work for authentication on Windows devices. This is a known issue that the vendor is actively working to resolve.

Until the issue is resolved, users of MacOS, Chromebooks and Linux devices who need to access the university VPN must authenticate using the Duo Mobile app.

Platform Authentication

Platform authentication (e.g. fingerprint, TouchID, etc.) allows you to log into your laptop or your desktop without the need to access your phone.

The Office of Information Security recommends setting up Duo Push through the Duo Mobile App before enabling platform authentication on your device.

ChromeOS: Follow the steps below to configure Platform Authentication on a Chromebook:

  • Using your Chromebook, open a private browser window and go to https://mail.uc.edu.
    When prompted, enter your UC username and password.
  • STOP. Do not continue to authenticate with Duo. Go to the next step.
  • Select “Other options.” This will open a screen called “Other options to log in.”
  • Select "Manage devices" from the list.
  • You must now verify your identity using one of the authentication methods you already have set up such as Duo Push.
  • On the device management portal page select "Add a device".
  • On the add a device prompt, select "Device Verification", then select continue.
  • Now you will be prompted to verify your identity.
  • If the device has biometric such as fingerprint reader, you will be prompted to use that method.
  • If your device does not have biometric you will be prompted to enter the device password. Note: this is not your UC password, it is the password that you use to log into the Chromebook.      
  • Click Continue and click "Back to Login."
  • You will be prompted for your Chrombook password or fingerprint.
  • Your device should now be configured to authenticate with Duo.

Accessibility and Duo

If you are a student in need of accessibility accommodations, please contact the Accessibility Resources Office. You can find more information and submit requests at: https://www.uc.edu/campus-life/accessibility-resources.html.

Faculty and Staff seeking accommodations should reach out to their department's Human Resources contact for assistance.

Duo FAQ

Where can I download the Duo Mobile App?

The Duo Mobile app is available to download on the Apple App Store for mobile Apple devices and Google Play Store for Android devices.

How do I re-enroll in the Duo Mobile App if I have a new device?

If you have a new device and need to enroll that device in Duo Mobile, please follow the instructions in the Reactivate Duo Mobile IT Knowledge Base article.Replace this text component with your accordion's content.

How do I check the Duo Mobile version on my Smartphone?

Check current Duo Mobile app version:

  • Open the Duo Mobile app.
  • Tap the menu icon (3 horizonal lines) in the upper-left corner.
  • Find the version number displayed at the bottom of the menu pane.
  • If the version is older than the required version of 4.85, update the app

Visit the App Store if it is an iOS device, or the Google Play Store if it is an Android device to download the latest version of Duo Mobile.

How do I check the operating systems version on my phone?

To support the latest version of the Duo Mobile app, your phone must use Andriod 12 or newer or Apple iOS 17 or newer. To check your phones version:

iPhone/iPad: Go to Settings > General > About > iOS Version

Android: Go to Settings > About Phone > Android Version

If your device is running below Android 12 or iOS 17, and you are using the Duo Mobile app version 4.85 or higher, Duo Push will continue to operate correctly for now. If Duo updates the required version of the Duo Mobile app you will not be able to update. You will need to update your device.

What if my device does not support Duo Mobile?

The Office of Information Security recommends security keys as the preferred method of secondary authentication with Duo. View more about WebAuthn/FIDO2 security keys on Duo’s website.

Which devices are compatible with Duo Mobile?

Which Security Keys Can I Use?

Any FIDO-compliant security key should work at this time. The Office of Information Security has tested a variety of security keys with success. The easiest and most readily available security keys are from Yubico. At this time the university recommends the YubiKey 5 Series. Yubico and other FIDO-compliant security keys are available from a variety of retailers, such as Amazon and Best Buy.

Why can’t I use a YubiKey or TouchID/FaceID when logging in to the UC VPN on a Mac or Chrome device?

Due to an issue with using embedded browsers, Mac and Chrome devices do not support using security keys or TouchID/FaceID to log in to the UC VPN. Windows devices and other UC services do not appear to be affected by this issue.

What if I do not have a Wi-Fi or cellular connection?

You can still authenticate without an Internet or cellphone connection by using the Duo Mobile App passcode option. Tap the icon in the app to generate a code offline.

More information on using Duo Mobile App passcodes can be found in the Duo Mobile App Passcode IT Knowledge Base article.

What if I am out of the country and my phone number does not work?

You can still authenticate without an Internet or cellphone connection by using the Duo Mobile App passcode option. Tap the icon in the app to generate a code offline.

More information on using Duo Mobile App passcodes can be found in the Duo Mobile App Passcode IT Knowledge Base article.

What if I receive a Duo prompt that I did not initiate?

If you have received a Duo prompt to accept a login request that you were not expecting, please select “Deny” and immediately change your password at uc.edu/PSS.

What if I have additional questions or need assistance?

If you require further assistance, our IT Help Desk is ready to help. Submit a ticket. Or call us! Dial 513-556-HELP from a personal phone or 6-HELP (4357) from a university phone on campus; then, select option 2. 

Need IT Help? 

IT Help Info