Townsquare/Dstillery pixel
4CE53030-CF0C-67E7-7D845E0B5CDEC0DD
74C4FA9A-4DD8-4EC6-8BF7085F86821F41

Duo FAQs

Duo FAQs

Duo is a security solution which adds a second layer (factor) of protection when you attempt to access a secure system.  Your password is the first factor, something you know, and your phone becomes your second factor, something you have. Even if someone has stolen your password, as long as they don’t also have your Duo connected phone or security device (the second factor) they won’t be able to access the system.

Hamilton is identifying the systems containing our sensitive data and placing Duo in front of them to help further protect our data.

No. Having a smartphone makes for an easier/more secure experience and is the preferred method, but it is also possible to enroll a non-smartphone mobile device or landline to receive phone calls or use a LITS supplied hardware token (that can function in place of a smartphone or landline call).

Duo Mobile is a mobile application (app) that you install on your smartphone or tablet to generate passcodes for login or receive push notifications for easy, one-tap authentication on your mobile device. It works with Duo Security’s two-factor authentication (2FA) service to make your logins more secure.  For Android devices it can be found in the Google Play store and for Apple IOS devices it can be found in the iTunes App store.

If you have a smartphone or or tablet, we recommend Duo Push, as it is quick, easy-to-use, and secure. See an introduction to Duo Security and a demonstration of Duo Push in this short video: https://www.youtube.com/watch?v=_T_sJXnSM98

Duo Push authentication requests require a minimal amount of data -- less than 2KB per authentication. For example, you would only consume one megabyte (MB) of data if you were to authenticate 500 times in a given month.

When connecting to the VPN, you need to select the group HamiltonCollege and then you will be prompted for a second password.

In the Second Password field, enter either the six digit code (no spaces) you receive when launching the Duo app OR enter push and click OK. If you entered push, you MUST have notifications for the App turned on as you’ll receive a push notification on your phone that you will need to respond to on your phone. From there, you will continue as you normally do.

Once we have all VPN users on Duo, the group hamilton-wd will no longer be a choice.

There are several reasons this could be happening. Please try the following to troubleshoot:

1. Make sure your enrolled device has a cellular network or WiFi connection.

2. Have the Duo Mobile app open when you authenticate.

3. Restart the phone.

4. Try these additional push troubleshooting steps:

iPhone: https://help.duo.com/s/article/2051

Android: https://help.duo.com/s/article/2050

If the above solutions don’t work, try using another authentication method, such as passcodes provided in the Duo Mobile app.

If your authentication device (phone or tablet) does not have internet connectivity or network signal, you will not be able to use Duo Push or phone call to complete authentication. However, there are other options that will allow you to complete multi-factor authentication. If you know that you will be going to a location where only your computer will have internet but your authentication device will not, make sure to request and test one of the alternate methods before you travel.  One of the possible alternate methods include passcodes from the Duo Mobile app.

See this Duo Knowledge Base article for information on authenticating without cell or internet service: https://help.duo.com/s/article/4449

If you have access to the “My Settings & Devices” link at the Duo Prompt and are currently able to authenticate with a device, you may:

  • Add additional devices
  • Designate your “default” device that receives authentication requests in addition to your preferred authentication method
  • Deactivate Duo Mobile if you got a new phone but kept your number
  • Change the name of your device (ex. “Personal Cell” or “Work Phone”)
  • Remove a device

Learn more about managing your devices here: https://guide.duo.com/manage-devices

If your phone number hasn't changed:

  1. Log in to Duo protected Hamilton application https://my.hamilton.edu (using an incognito tab will always prompt a Duo authentication challenge)
  2. Select Call Me to complete the Duo authentication
  3. Click Device Options
  4. Select Reactivate Duo Mobile
  5. Select your type of phone
  6. If you have not already done so, you will be prompted to download the Duo app on your new phone.
  7. Follow the instructions to re-enable the duo app on your new phone

You can also complete the process from the Duo Mobile App. Instructions:

 

If you have a new phone number, please contact the LITS Help Desk at 315-859-4181 or helpdesk@hamilton.edu.

If your phone number hasn't changed:

  1. Log in to Duo protected Hamilton application https://my.hamilton.edu (using an incognito tab will always prompt a Duo authentication challenge)
  2. Select Call Me to complete the Duo authentication
  3. Click Device Options
  4. Select Reactivate Duo Mobile
  5. Select your type of phone
  6. If you have not already done so, you will be prompted to download the Duo app on your new phone.
  7. Follow the instructions to re-enable the duo app on your new phone

You can also complete the process from the Duo Mobile App. Instructions:

 

If you have a new phone number, please contact the LITS Help Desk at 315-859-4181 or helpdesk@hamilton.edu.

No. Your password is only verified by a Hamilton server and never sent to Duo. Duo provides only the second factor, using your enrolled device to verify it’s actually you who is logging in.

No. The Duo Mobile app has no access to change settings or remotely wipe your phone. The visibility Duo Mobile requires is to verify the security of your device, such as OS version, device encryption status, screen lock, etc. We use this to help recommend security improvements to your device. You always are in control of whether or not you take action on these recommendations.

You have to authenticate with Duo the first time you log in to a protected application. For some web applications, there is an additional setting in the Duo authentication box that will allow users greater convenience. By clicking the Remember this device checkbox, your device will be treated as a trusted device for a 7 day period. This applies to web applications that originate from the same computer using the same browser. 

The Remember this device option does not apply to the VPN or other stand-alone applications.

Remember me checkbox grayed out?  If you have set Duo to send you a push notification automatically, the Remember me for 15 days checkbox may be grayed out.  Cancel the push by clicking the blue Cancel button in the lower right corner of the window. You will then be able to click the checkbox.  Then you will need to click the Send Me a Push button (or choose another option if you wish) to authenticate.  If the Remember me for 7 days option is not checked, you will need to choose your authentication method each time Duo is used.  Additionally, you may need to clear your browser cache to enable/disable this option.

The token may have drifted out of sync. Wait 30 minutes for your Duo account to unlock and then you can fix the token by logging in with a passcode generated by the token three times in a row.

1.    At the Two-Step Login authentication prompt, press the token's button.

2.    Enter the passcode that is generated.

3.    Click Log In.

4.    Repeat this process with 3 different passcodes in a row. The fourth passcode should work.

If you get a random Duo Push, please use the DENY button to reject the Duo multi-factor authentication prompt.

Duo Mobile uses your device camera during enrollment to scan a QR code.

Open the Duo application and the push should be there waiting. If it still doesn't appear right away, you can "drag" the duo screen down to force a refresh and the prompt should appear as expected. Also check "Notifications" on your phone to make sure you are allowing Duo to notify you.

Too many authentication failures, including missing push notifications or entering invalid passcodes, will cause your account to be locked out for 30 minutes. You can wait for the 30 minutes to pass and try authenticating again, or contact the Help Desk to reactivate your account.

No comments yet.

Last updated: November 12, 2019

Contact

Team Name

Help Desk

Office Location
Burke Library
198 College Hill Road
Clinton, NY 13323
Hours
Mon-Thu 8 a.m. - 10 p.m.
Fri 8 a.m. - 8 p.m.
Sat - Sun 10 a.m. - 10 p.m.

The $400 million campaign to provide students with a life-altering education.

Learn More About the Campaign

Site Search