Body
Duo Security provides multi-factor authentication for ISU faculty, staff, and students. Duo protects sensitive information by adding a second layer of security to your online accounts. Upon logging in to a Duo-protected site or service, you will be asked to do an additional authentication step using the Duo Mobile app. Verifying your identity using an additional device (like your smartphone or tablet) prevents anyone but you from logging in, even if they know your password. Idaho State University uses Duo to protect you, your information, and the University’s information.
Please choose from the following topics to learn more about Duo
(Check the box next to View Details (far right) to expand/collapse a section)
Introduction
Duo Security Multi-Factor Authentication (Duo) is a software program designed to add an extra layer of security to your online accounts. It does this by authenticating your identity with a pushed message to your cell phone or tablet asking if you are logging in or by asking you to type in a randomly generated passcode or number from a token. Duo protects against phishing, social engineering, and password attacks and secures your logins from attackers exploiting weak or stolen credentials.
Why is ISU adopting Duo?
-
Duo is one of the best ways to protect against remote attacks such as phishing, credential theft, and other attempts to take over your accounts. Without your physical device, remote attackers can’t pretend to be you to gain unauthorized access to the ISU network, financial information, etc.
-
Duo helps to reduce the risk of devastating and costly security breaches.
-
Duo increases the security across IT systems that use a username and password, including BengaWeb, Banner, Moodle, and others.
-
Duo is being implemented to provide an additional layer of security, thus protecting your account from unauthorized use and allowing you to have real-time control over login events on your account. With Duo, you will be alerted on your mobile device anytime anyone attempts to log in as you.
-
Multi-factor authentication, such as Duo, is required as part of federal requirements under the
Gramm-Leach-Bliley Act.
Why do I need Duo?
-
Duo protects access to your campus accounts, even if your Bengal ID or passwords are guessed or stolen.
-
Even if someone steals or hacks your password, they can't log into protected services because they won't have access to your phone, tablet, or token.
What services are protected by Duo?
Duo primarily protects services that use ISU's single-sign-on system, such as Banner, MyISU, Moodle, and Box. If you are not presented with a Duo two-step login request, that service does not require it.
Who is required to use Duo?
Once Duo is completely rolled out, all ISU faculty, staff, and students will be required to use it for ISU systems and applications that have been enabled.
How does Duo work?
-
You can use a smartphone or tablet that most of us already have. This is the preferred method at ISU. It allows you to use the Duo Mobile app to receive push notifications for easy, one-tap authentication.
-
Once you have successfully enrolled in Duo, you are ready to start using it. When logging into a Duo-protected service or application, you will enter your username and password as usual when signing onto ISU systems. After entering your login information, Duo will require you to complete a second verification process using a registered device linked to your Duo account, such as a smartphone.
Note: We have alternatives available if you do not have a mobile device or cannot use the Duo app.
What are the benefits of Duo?
-
Ensure users are legitimate at every access attempt
-
Verify the trustworthiness of each device used to access ISU applications
-
Limit and monitor sensitive information exposure
-
Simple and secure interface for every login
Duo Mobile
Duo Mobile is a FREE mobile device application (app) that you install on your smartphone or tablet to receive push notifications (or generate passcodes) for login with easy, one-tap authentication. It works with Duo to make your logins more secure.
Is the Duo Mobile app safe to download and use?
Duo Mobile is available on Android and iOS through their respective app stores.
Which iOS Versions are Supported By Duo Mobile?
If you have issues downloading the Duo Mobile app, check to make sure your version of Android or iOS is supported. Go to
Find your Operating System for assistance locating what system you currently have.
How much data does the Duo Mobile app use?
500 pushes to a device will use about one MB or 1/1000 GB of data, roughly equivalent to loading one webpage on a smartphone.
Authentication
Using the Duo Push (Push Notification) with a smartphone is the ISU preferred way as it is the easiest, fastest, most reliable, & most secure method to authenticate.
- Note: You will always be prompted for your last-used Duo authentication method.
Duo Push (ISU Recommended)
-
Enter your ISU username and password when signing onto an ISU-protected services
-
Click Send me a Push
-
Open the Duo Mobile app request titled Are you logging in to ISU Single Sign On?
-
Click Approve (green button)
- Notes:
-
If you have turned off notifications for the Duo app you can also manually open the app to approve.
-
Once a push notification is sent, you have 60 seconds to approve the request
Passcode (Great option when you don't have a network connection)
Duo will work in airplane mode, in areas without a cellular signal, or in locations that don't have a Wi-Fi signal, because the Duo Mobile app installed on your smartphone can generate Duo Passcodes without a network connection.
If you select the Duo Mobile passcode option as your authentication method, you will use a six-digit code generated by the Duo Mobile app to authenticate.
- Open the Duo Mobile app on your device
- Click Show to view the passcode
- Click Copy
- Paste the Code into the requested ISU service
Bypass Code
A bypass code is a set of temporary single-use codes created to access Duo-protected applications. If your device is temporarily unavailable (e.g., mobile service is disrupted, the device is lost or stolen, etc.) or if you temporarily can't use your enrolled device (e.g., on a plane without mobile data services, traveling to a protected country or taking a test, etc.) the ability to generate bypass codes is available.
- Sign in to ISUs Password and Account Management Portal
- Go to the IAM Login Page on a desktop or laptop
- Type your Username
- Type your Password
- Click Manage Security from the Profile Tabs
- Create Bypass Codes
- Scroll down to the Bypass Codes section
- Click GENERATE RANDOM CODES
-
Click PRINT BYPASS CODES to generate a pdf of the codes you can print off.
Token
Idaho State University (ISU) faculty, staff, and students may request a hardware token for Duo Authentication. A hardware token is a small electronic security device that may be attached to a keychain. Tokens are assigned to users to generate an authentication code to access ISU services.
-
Initiate a Login by accessing a Duo service
-
Type your ISU username and password
-
Select Enter Passcode from the Choose Your Authentication Method
-
Click the Green Button on your security token
-
Type the Six (6) Digit Number that appears on your token into the box on your service
-
Click Login
Notes:
-
Using the Duo Mobile app on a smartphone is preferred for a number of reasons, including greater security and having one fewer “thing” to keep track of.
-
Enter your passcode in a timely matter to ensure it does not expire.
Note: You can select “Remember me for 12 hours” to bypass Duo authentication for twelve (12) hours. This applies to one (1) computer, IP address, and web browser. You will still be prompted to authenticate to Duo if you open another web browser or use another computer.
-
Log in to a
Duo-protected service like
MyISU, or
Moodle
-
Check the box "Remember me for 12 hours."
-
Click Send Me a Push or Enter a Passcode
Remember Me Feature
You can select “Remember me for 12 hours” to bypass Duo authentication for twelve (12) hours. This applies to one (1) computer, IP address, and web browser. You will still be prompted to authenticate to Duo if you open another web browser or use another computer.
-
Log in to a
Duo-protected service like
MyISU, or
Moodle
-
Check the box "Remember me for 12 hours."
-
Click Send Me a Push or Enter a Passcode
Traveling with Duo
Most people can use the Duo Mobile app on a smartphone or tablet when traveling. The app can generate a passcode even if you don't have a cellular or WiFi connection.
Plan Ahead
Duo offers multiple options to meet your needs when traveling. You might be able to use your regular Duo option if you need to log in to a Duo-protected system or application while traveling. Or you may, however, need to use alternative options depending on your preferred choice and travel plans.
FAQ
Why don't I get push notifications?
-
Android: Under most circumstances, if your phone is on, can receive messages, and the screen is active, the app will pop open for a Duo Push request. On the other hand, if the phone is on, able to receive messages, and the screen is inactive (dark), you should get an alert (a sound or vibration) and a message that you have received a Duo Login Request. Open the Duo app and Approve or Deny the request.
-
Apple: Apple phones don't allow this. If your phone is on and can receive messages, you should receive a message asking, "Are you logging in to Fischer Web SDK?". You can click the request and Approve or Deny the request. Under some circumstances, some Apple devices do not display a message indicating that you have received a Duo Push Request. If this happens, open the Duo app and Approve or Deny the request.
I selected "Remember me for 12 hours," but Duo still asks me to authenticate.
Selecting “Remember me for 12 hours” allows you to bypass Duo authentication for a period of twelve (12) hours. This applies to one (1) computer, IP address, and web browser.
- Note: You will be prompted to authenticate to Duo if you open another web browser or use another computer.
I don't have my Duo device (phone, etc.). How do I log in?
Please call the IT Service Desk for exceptional situations in which you need to log in but do not have your registered device. They will verify your identity and provide you with a temporary passcode.
My account is LOCKED...
You will automatically be locked out when five (5) consecutive failed login attempts occur and will need to wait a period of time for the lock to clear before you try again.
- This might be caused by but not limited to the following:
-
Not approving multiple push notifications because the Duo Mobile app is not open
-
Selecting the wrong device or a device that’s not properly enrolled
-
Fraudulent log-in attempts without the user's knowledge
What should I do if I get a Duo push notification I didn't expect?
You should report all Duo Push messages that you did not generate to the IT Service Desk. This may signify someone attempting unauthorized access to your account, and your password may be compromised. Deny the push notification and then confirm that it’s a fraudulent attempt. You should change your ISU password if this occurs.
I can't log in to Duo says my account is DISABLED. What should I do?
If you get a message from Duo indicating that your account is disabled, please contact the IT Service Desk. After verifying your identity, they will be able to help you re-enable your Duo account.
Firefox says I have the latest update, but Duo says I'm Out-of-Date.
Windows (10/11) or a MacOS (10.15 or newer)
Possible Issues:
There is an extended support installation called Extended Support Release which is available for older devices but can also be downloaded on newer devices. This installation of Firefox will not receive the lasted updates and cannot be used with Duo. You can see if you have this by following the steps listed above.
Solution:
This can be resolved by simply installing the default version of Firefox from the website ( https://www.mozilla.org/en-US/firefox/new/ ). Be sure to create a backup of your bookmarks or sign in and activate the sync option. You can now uninstall the ESR installation of Firefox and replace it with the default using the setup tool downloaded from Firefox.
Should I allow my Duo mobile app to update automatically?
Yes. Keeping the Duo app up-to-date will ensure that any security vulnerabilities are resolved as quickly as possible.
My Duo Device has been Lost/Stolen/Destroyed
If your authentication device has been lost/stolen/destroyed, contact the IT Service Desk for a temporary passcode so you are able to access your ISU services. The team can disable your device from being able to authenticate with Duo.
I got a new device; how do I transfer Duo?
-
Download the Duo Mobile app to your new device
-
Open Duo on your old device
-
Go to Settings
-
View QR Code
-
Open your camera on your new device and scan the QR code from your old device
I changed my device and can't authenticate with Duo.
If you can't log in using your device, contact the IT Service Desk. After verifying your identity, they can help you re-activate your device or add a new device.
The numbers I enter from the Duo token are not working.
The Duo token may be out of sync and may need to be resynchronized with Duo. This occurs when the green button on the token is pressed multiple times without using the generated numbers to multi-factor in.
For assistance, please contact the IT Service Desk.
Tutorials & Training
-
Go to the
Duo's Website for additional guides, videos, instructions, and more.
-
-
-