Duo Two-Factor Authentication (for University employees)
Shippensburg University is implementing two-factor authentication for some systems in order to better protect university systems and data.
Install and Manage Duo
What is Duo, what is two-factor authentication, and why do we need it?
Watch this Shippensburg University Duo training video that offers an introduction to Duo, plus instructions for how to enroll your device or phone number.
Or, view this video to learn more.
Why do we need two-factor authentication?
Login credentials are more valuable than ever and are increasingly easy to compromise. Over 90% of breaches today involve compromised usernames and passwords.
Two-factor authentication enhances the security of your account by using a secondary device to verify your identity. This prevents anyone but you from accessing your account, even if they know your password.
How will Duo change my login experience?
When logging in to an application that is protected by Duo, you will still enter your username and password. After inputting your login information, Duo requires you to approve the login via a Duo Push notification to the Duo Mobile app, phone call or passcode.
Duo does not replace or require you to change your username and password. Think of Duo as a layer of security added to your pre-existing login method.
Why is Duo Security a better user experience?
Duo Security’s free mobile app, Duo Mobile, allows you to quickly and easily approve a second-factor authentication request on your smartphone via Duo Push. If you previously used a hardware token or passcode, your smartphone now replaces that. See an example of Duo Push in action.
Setting Up Duo
The following instructions guide you through the Duo enrollment and device set-up process.
In order to enroll in Duo, you must click on the enrollment link sent to you via your Ship email account.
- Click Start setup when prompted with the Duo enrollment window.
(You will get this prompt by either clicking on the link the Duo enrollment email you should have received or when attempting to log into a Duo protected application without being enrolled.)
- Select the type of device you'd like to enroll and click Continue.
- We recommend using a smartphone for the best experience. If you use a smartphone, you will need to install the Duo mobile app.
- The following instructions guide you through the smartphone setup (you can also enroll a tablet or landline telephone).
- Enter the number of the smartphone that you'll have with you when logging in to Ship applications.
- Select the type of phone you are registering.
- Install the Duo Mobile app from the Apple or Android app store. Duo Mobile is an app that runs on your smartphone and helps you authenticate quickly and easily.
- After installing the app, return to the Duo enrollment window and click I have Duo Mobile installed.
- Open the Duo app on your smartphone, tap the + button, and use your smartphone to scan the barcode on the computer screen.
(The app will automatically open its built-in scanner when you click on +)
A green checkmark indicates that your account has been properly linked on your phone.
Can't scan the barcode? Click Email me an activation link instead and follow the instructions.
- Select the option for the default authentication method that you'd prefer upon log in from the drop down.
- Click Finish Enrollment.
- When Duo Mobile is activated, click Continue. You should see this confirmation screen:
An additional layer of authentication beyond a username and password. 2FA involves something you know (password) plus something you have with you (like Duo Mobile on your smartphone) to prevent someone from logging in with only your password. With Duo 2FA, you still enter your username and password. The second factor provided by Duo is simply an added layer of security on top of your existing credentials. We recommend using Duo Push via the Duo Mobile app to perform 2FA.
This interactive prompt lets you choose how to verify your identity each time you log in (e.g. “Duo Push” or “Call Me”) to a web-based application. The Duo Prompt allows you to enroll and authenticate.
These are numeric codes that can be generated either via the Duo Mobile app, SMS (text message), or a hardware token. Passcodes may be used at any time and are particularly handy for authenticating when your 2FA device doesn't have internet or cellular service.
A push authentication request that is sent to the Duo Mobile App on an enrolled device. Push notifications include information like the geographical location of the access device, IP address of the access device, and the application being accessed so you can verify whether the push is real or fraudulent.
Frequently Asked Questions (FAQs)
No. Having a smartphone makes for an easier and more secure experience with Duo Push. However, it is also possible to enroll a non-smartphone mobile device or landline to receive SMS (text) passcodes or phone calls. If you are in need of an alternative authentication option, please contact the Technology Help Desk.
Duo Mobile is a mobile application (app) that you install on your smartphone or tablet to generate passcodes for login or receive push notifications for easy, one-tap authentication on your mobile device. It works with Duo Security’s two-factor authentication (2FA) service to make your logins more secure.
If you are a user of a system which requires Duo two-factor authentication, you will receive an enrollment email. Follow the direction in the email to complete your enrollment. If you have not received the email, please contact the Technology Help Desk for assistance.
If you have a smartphone or tablet, we recommend Duo Push, as it is quick, easy-to-use, and secure. See an introduction to Duo Security and a demonstration of Duo Push in this short video.
Duo Push authentication requests require a minimal amount of data -- less than 2KB per authentication. For example, you would only consume 1 megabyte (MB) of data if you were to authenticate 500 times in a given month.
There are several reasons this could be happening. Please try the following to troubleshoot:
- Make sure your enrolled device has a cellular network or WiFi connection.
- Have the Duo Mobile app open when you authenticate.
- Try these additional push troubleshooting steps:
- If the above solutions don’t work, try using another authentication method, such as passcodes provided in the Duo Mobile app.
- Contact the Technology Help Desk for further assistance.
See this Duo Knowledge Base article for information on authenticating without cell or internet service.
- Open the Cisco AnyConnect client and click on Connect.
- In the Group field, choose Split.
- Enter your username (not email address) and password.
- In the Duo auth method field, enter "push", "sms", "phone", or the passcode.
- "push" using the Duo Mobile app is the fastest
- "sms" will require you to re-enter your password and the texted passcode
If you are currently able to authenticate with a device, you may log in to the Duo Management Portal.
Log in at Ship's Intranet page:
Authenticate with Duo using the Duo app (push), passcode (SMS/text or hardware token), or phone call:
Once in the portal, you may:
- Add additional devices
- Designate your "default" device that receives authentication requests in addition to your preferred authentication method
- Deactivate Duo Mobile if you got a new phone but kept your number
- Change the name of your device (ex. "Personal Cell" or "Work Phone")
- Remove a device
Learn more about managing your devices.
Please contact the Technology Help Desk at 717-477-HELP (x4357) or email@example.com immediately.
No. Your password is only verified by Shippensburg University systems and never sent to Duo. Duo provides only the second factor, using your enrolled device to verify it’s actually you who is logging in.
No. The Duo Mobile app has no access to change settings or remotely wipe your phone. The visibility Duo Mobile requires is to verify the security of your device, such as OS version, device encryption status, screen lock, etc. We use this to help recommend security improvements to your device. You always are in control of whether or not you take action on these recommendations.