COVID-19 Updates: uc.edu/publichealth

Two-Factor Authentication

Need Help?

Having trouble logging into DUO?
Contact the IT@UC Integrated Services Desk at 513-556-HELP(4357) 

 

What is Duo Two-Factor Authentication?

Two-factor authentication (2FA) adds a second layer of security to your online accounts. Verifying your identity using a second factor (like your phone or other mobile device) prevents anyone but you from logging in, even if they know your password. The University of Cincinnati utilizes Duo Security for two-factor authentication.

 

Duo Process

How It Works

  1. Enter username and password as usual
  2. Verify your identity via the selected Duo authentication mechanism (see options below)
  3. Securely logged in

You will login as usual with your username and password, and then use your device to verify that it is in fact you. Login approvals can be delivered via a smartphone app push notification, SMS, one-time passcode, or voice call.

 

Why Is Two-Factor Authentication Needed?

Passwords are becoming easier and easier to compromise and phishing is one of the top social engineering threats that users face. Passwords can be stolen, guessed, or hacked, and many times you may not realize that someone is accessing your account or has breached your data.

Duo adds a second layer of security and keeps your account secure even if your password is compromised. If someone is attempting to login as you, Duo will alert you immediately.

This additional form of authentication is completely independent from your username and password. In other words, Duo never sees your password.

 

Frequently Asked Questions (FAQs) Expand

I'm Enrolled, how do I setup a device for Duo and what options are available? Expand

The Office of Information Security recommends using the Duo Mobile app as it provides the quickest, most user-friendly experience via a push notification to your smart phone or tablet. If unable to add a smartphone or tablet, a supported token, landline, or basic mobile phone can also be used. 

The following links will guide you through adding your device to Duo:

Add a smart phone to Duo

Add a tablet to Duo

Add a cell phone or land line to Duo

Add a security key/hard token (i.e. Yubico) to Duo

Additional information/other authentication methods and options

 

Can I have more than one device for Duo? Expand

Yes. The Office of Information Security recommends adding a second device as a backup for your Duo two-factor authentication.

 

What if I forget my device for Duo? Expand

In the event that you do not have access to your Duo two-factor device or a backup device, contact the IT@UC Service Desk at (513) 556-HELP (4357) or toll free at (866) 397-3382 to obtain a one-time passcode.

 

Do I have to use Duo every time I login?  Expand

No. Applications that utilize Duo require authentication for every log in. By default, this will include both username and password as well as Duo two-factor. For your convenience and in alignment with industry standards, the Office of Information Security recommends using the “Remember me” option for Duo.

When the “Remember me” box is checked, you will not be prompted for Duo two-factor authentication for 30 days to 180 days as long as you are logging in on the same computer and browser. The length of time for the "Remember me" function depends on the application. If you need to use another computer or browser to log in, the “Remember me” box will need to be checked again.

If your Duo two-factor method has been set to automatic (you do not see “Remember me” at the bottom of the Duo prompt on your computer), you will have to push “Cancel” to enable the “Remember me” option. Once you have checked the box, select an authentication method, and finish signing in.

What Should I consider if I will be traveling? Expand

Duo offers multiple options to meet your needs when traveling. You may be able to use your regular Duo two-factor option if you need to log in to a two-factor protected system while traveling. Or you may, however, need to use alternative options depending on your preferred option and your travel plans.

  • Plan options. Before your trip, plan which Duo options you will use and enroll in them if needed. 
  • Enroll additional devices. If possible, enroll two devices in case your primary device is unavailable (lost, stolen, not available, dead battery, malfunctioning, etc.).
  • Hardware Token? If you plan to travel without a smartphone or tablet, consider taking a hardware token such as a Yubico security token.
  • Remember the IT Service Desk. Contact the IT Service Desk at 513 556-HELP (4357) to obtain a bypass code that will let you login one time.  

Consider Using Passcodes

If you will not have a reliable cellular or WiFi connection, or even access to a phone while traveling, plan to use passcodes.

  • Use the Duo Mobile app to generate passcodes on a smartphone or tablet. The app can generate passcodes you can use to login when you do not have a cellular or WiFi connection. 
  • Get passcodes via text message. You will still need a cell phone connection, but a text message will often get through even when you have spotty data coverage. 
  • If your destination restricts technology, such as the internet or hardware tokens, or if you won’t be able to charge a device, contact the IT Service Desk prior to traveling to request a temporary bypass code for your trip. A temporary bypass code can be used for up to 30 days.

DUO on Generic and Departmental Accounts Expand

Duo Multi-factor authentication is now required on all Generic/Departmental user accounts. 

Follow these steps to set up Duo for all users with access to the account. 

 

  • The primary user or responsible user for the generic account should authenticate into the account. 
  • Duo will prompt the user to set up Duo for that account.  
  • The user should click “Start Setup” and “Add your device to Duo”. Once the user verifies their device, they will have access to the account.
  • The primary user or responsible user should then submit a ServiceNow ticket via uc.edu/ithelp to add Duo access to the generic account to other users. 
  • List the “IT@UC Office of Information Security” (OIS) as the responsible department.  
  • Include the username and phone number of each user who requires access to the generic account. 
  • OIS will verify the request from the appropriate supervisor and obtain approval. 
  • Upon obtaining approval, OIS will add those users and phone numbers to the Duo application.  
  • Once all users are added, after a user authenticates into the generic account, a list of devices will be provided to the user when prompted for Duo.  
  • When prompted, the user should select the appropriate device to ensure that their device is prompted and not another user’s device. Use of the “Remember me” functionality is recommended for a better user experience. 
  • PDF of instructions: DUO on Generic and Departmental Accounts

If you experience any issues and/or have any questions related to this process, please contact the Office of Information Security: infosec@uc.edu  or call 513-558-4732 

 

 

For more information on Duo two-factor authentication, please refer to the Duo KB articles located in the IT@UC Knowledge Base (https://kb.uc.edu).