What is Duo Multi-Factor Authentication (MFA)?
Duo is a security solution which adds a second layer (factor) of protection when you attempt to access a secure system. Your password is the first factor, something you know, and your phone becomes your second factor, something you have. Even if someone has stolen your password, as long as they don’t also have your Duo connected phone or security device (the second factor) they won’t be able to access the system.
Why is Hamilton implementing Duo Multi-Factor Authentication (MFA)?
Hamilton is identifying the systems containing our sensitive data and placing Duo in front of them to help further protect our data.
Do I need a smartphone or data plan to use Multi-Factor Authentication (MFA)?
No. Having a smartphone makes for an easier/more secure experience and is the preferred method, but it is also possible to enroll a non-smartphone mobile device or landline to receive phone calls or use a LITS supplied hardware token (that can function in place of a smartphone or landline call).
What is Duo Mobile?
Duo Mobile is a mobile application (app) that you install on your smartphone or tablet to generate passcodes for login or receive push notifications for easy, one-tap authentication on your mobile device. It works with Duo Security’s two-factor authentication (2FA) service to make your logins more secure. For Android devices it can be found in the Google Play store and for Apple IOS devices it can be found in the iTunes App store.
What is the recommended Multi-Factor Authentication (MFA) method?
If you have a smartphone or or tablet, we recommend Duo Push, as it is quick, easy-to-use, and secure. See an introduction to Duo Security and a demonstration of Duo Push in this short video: https://www.youtube.com/watch?v=_T_sJXnSM98
How much data does a Duo Push request use?
Duo Push authentication requests require a minimal amount of data -- less than 2KB per authentication. For example, you would only consume one megabyte (MB) of data if you were to authenticate 500 times in a given month.
My VPN password no longer works, what do I do?
When connecting to the VPN, you need to select the group HamiltonCollege and then you will be prompted for a second password.
In the Second Password field, enter either the six digit code (no spaces) you receive when launching the Duo app OR enter push and click OK. If you entered push, you MUST have notifications for the App turned on as you’ll receive a push notification on your phone that you will need to respond to on your phone. From there, you will continue as you normally do.
Once we have all VPN users on Duo, the group hamilton-wd will no longer be a choice.
Why have I stopped receiving push notifications from Duo Mobile?
There are several reasons this could be happening. Please try the following to troubleshoot:
1. Make sure your enrolled device has a cellular network or WiFi connection.
2. Have the Duo Mobile app open when you authenticate.
3. Restart the phone.
4. Try these additional push troubleshooting steps:
If the above solutions don’t work, try using another authentication method, such as passcodes provided in the Duo Mobile app.
How can I authenticate if I’m somewhere with no cell signal or WiFi access?
If your authentication device (phone or tablet) does not have internet connectivity or network signal, you will not be able to use Duo Push or phone call to complete authentication. However, there are other options that will allow you to complete multi-factor authentication. If you know that you will be going to a location where only your computer will have internet but your authentication device will not, make sure to request and test one of the alternate methods before you travel. One of the possible alternate methods include passcodes from the Duo Mobile app.
See this Duo Knowledge Base article for information on authenticating without cell or internet service: https://help.duo.com/s/article/4449
How can I manage the devices I use for Duo?
If you have access to the “My Settings & Devices” link at the Duo Prompt and are currently able to authenticate with a device, you may:
- Add additional devices
- Designate your “default” device that receives authentication requests in addition to your preferred authentication method
- Deactivate Duo Mobile if you got a new phone but kept your number
- Change the name of your device (ex. “Personal Cell” or “Work Phone”)
- Remove a device
Learn more about managing your devices here: https://guide.duo.com/manage-devices
What should I do if I lost my phone?
Please contact the LITS Help Desk immediately at 315-859-4181 or firstname.lastname@example.org.
What if I get a new phone after I installed Duo on my old phone?
Please contact the LITS Help Desk at 315-859-4181 or email@example.com for assistance.
Can Duo see my password?
No. Your password is only verified by a Hamilton server and never sent to Duo. Duo provides only the second factor, using your enrolled device to verify it’s actually you who is logging in.
Does using Duo give up control of my smartphone?
No. The Duo Mobile app has no access to change settings or remotely wipe your phone. The visibility Duo Mobile requires is to verify the security of your device, such as OS version, device encryption status, screen lock, etc. We use this to help recommend security improvements to your device. You always are in control of whether or not you take action on these recommendations.
What services are currently protected by Duo?
The following services have Duo in front of them; this does not include all systems that have Duo enabled. Additional systems that store or process sensitive College data are continually being evaluated and protected with Duo MFA.
- My Hamilton (includes SiteManager and interacting with other custom programming done by Web Services)
- Self Service (also known as Student or Academic Planning)
If you have any questions or concerns about a service which is or is not currently protected by multi-factor authentication, please contact Hamilton’s Information Security Officer, Jerry Tylutki: firstname.lastname@example.org
How do I enable the "Remember this device" option?
You have to authenticate with Duo the first time you log in to a protected application. For some web applications, there is an additional setting in the Duo authentication box that will allow users greater convenience. By clicking the Remember this device checkbox, your device will be treated as a trusted device for a 7 day period. This applies to web applications that originate from the same computer using the same browser.
The Remember this device option does not apply to the VPN or other stand-alone applications.
Will I need Duo for my Email?
No, Duo is not integrated with Google services at this time, including your email. You should still protect your Google account with Google's 2-Step authentication. Duo will protect Hamilton College systems and services that store or process personal information, such as My.Hamilton and the Hamilton College directory.
What happens if I'm not enrolled on October 1?
The Duo Enrollment date is October 1, 2019. Users enrolled in Duo MFA will notice no change on that date. Users that are not enrolled in Duo on October 1 will be presented with the normal Hamilton College login screen requiring their username and password. After submitting their user credentials to log in, the Duo enrollment process will be initiatied prompting users to enroll in Duo before proceeding. Access will not be permitted without a Duo authentication.
"Remember me" option grayed out in Duo.
Remember me checkbox grayed out? If you have set Duo to send you a push notification automatically, the Remember me for 30 days checkbox may be grayed out. Cancel the push by clicking the blue Cancel button in the lower right corner of the window. You will then be able to click the checkbox. Then you will need to click the Send Me a Push button (or choose another option if you wish) to authenticate. If the Remember me for 30 days option is not checked, you will need to choose your authentication method each time Duo is used. Additionally, you may need to clear your browser cache to enable/disable this option.
My passcode from the token is not accepted. I'm now locked out.
The token may have drifted out of sync. Wait 15 minutes for your Duo account to unlock and then you can fix the token by logging in with a passcode generated by the token three times in a row.
1. At the Two-Step Login authentication prompt, press the token's button.
2. Enter the passcode that is generated.
3. Click Log In.
4. Repeat this process with 3 different passcodes in a row. The fourth passcode should work.
Last updated: November 12, 2019