Duo Two-Factor Authentication
-
Duo two-factor authentication (2FA) is required for remote access from outside our trusted network.
-
Although it may seem like an inconvenience, two-factor authentication is a solution used to protect you from scammers accessing your information and to protect you from scammers impersonating you.
-
As more and more people become victim to advanced targeted phishing email campaigns and unknowingly give their password to scammers through an external website that looks like ours, as well as more and more external database exploits happen where people are using same or similar passwords, we have seen an ever-increasing number of compromised accounts. With 2FA enforced, a scammer is unable to access protected resources and information by only knowing your password.
Duo 2FA Enrollment Info
-
Simply go to the Duo Management Portal at https://duo.commonwealthu.edu/ to enroll your device or manage your devices.
-
If you have a smartphone, we highly recommend you enroll through the web browser on the device (i.e. Chrome, Safari, Firefox). This helps ensure you choose the correct app from the app store and streamlines activating your account on the device. When you need a second factor in order to log on remotely, using the “Duo Push” authentication method for the "Duo Mobile" app (by "Duo Security") on a smartphone is the most secure and user-friendly method.
-
If you do not have a smartphone, you may enroll a basic cell phone from a computer web browser.
-
If you do not ever access your account from outside the trusted network, then enrolling is not required.
-
If you do not have a mobile device, you may sign-out a small Duo hardware token for your keyring from the technology helpdesk, which will allow you to obtain passcodes.
How Duo 2FA changes your logon experience
-
2FA combines something you know (your password) with something you have (like your mobile phone).
-
When you log in to a Duo-protected application from outside our trusted network, you will still enter your password. Then you will be required to verify your identity, such as through a push notification on your smartphone or a text message passcode on a basic cell phone.
-
If your password becomes compromised and a scammer attempts to access your account remotely with your password through a Duo-protected application, they will not be able to successfully log in. If you did not trigger a Duo push notification by logging in to a Duo-protected app from outside the university network, be sure NOT to approve the logon attempt. This will keep the scammer out of your account and alert Network Services that your password is compromised, at which time you should change your password immediately.
Duo 2FA when travelling abroad
-
If you travel outside the country without the mobile device(s) you've enrolled into Duo, you need to sign-out a Duo hardware token from the technology helpdesk prior to departure.
-
If you have your U.S. cell phone (or tablet) that you’ve enrolled and activated, you will be able to do a Duo Push if you have it connected via Wi-Fi or foreign Data mobile service.
-
If you will not have Wi-Fi or foreign data mobile service, you can open the "Duo Mobile" app to obtain a passcode (even when it’s not connected to the Internet).
-
If you won’t have your enrolled and activated mobile devices (tablet and/or smartphone), then you would need a duo hardware token to obtain a passcode.
Duo 2FA options in detail
-
You are able to enroll smartphones, basic cell phones, and tablets. If you have none of these, you will be able to obtain a small duo hardware token for your keyring from the technology helpdesk. You may also ask the helpdesk to enroll a landline telephone number for your account if you prefer and if it would be sufficient for all of your remote access use cases.
-
The second factor available depends on your enrolled devices. You can do Duo Push (Internet-connected smartphone or tablet), text message passcode (basic cell phone), voice call (landline phone), or passcode (Duo hardware token or Duo Mobile app on offline/online smartphone or tablet).
-
When you are logging on to a standard web resource, you are able to choose your authentication method such as "Send Me a Push", "Enter a Passcode", or "Call Me". In order to get a text message passcode, click "Enter a Passcode", and then click "Text me new codes".
-
When you are accessing a non-standard resource, such as the Remote Access Service through VPN it works a little differently. There is a second password field that we labeled "Duo Passcode (Optional)". If you leave the field blank, it will attempt an automatic authentication method based on your enrolled devices, so check your primary device for either a Duo Push notification (if your Duo Mobile app is activated) or a voice call (if your Duo Mobile app is not activated or you only have a basic cell phone/landline enrolled) to approve the logon. To override the automatic method, you are able to enter the words "push" (duo push), "phone" (voice call), or "sms" (text message) in the second password field to tell Duo how you would like to authenticate. Alternatively, you may obtain a passcode from the Duo Mobile app, Duo hardware token, or from the "sms" option and enter the passcode directly into the second password field ("Duo Passcode") when logging on. If you have multiple devices enrolled, you may specify a different enrolled device by including the number of the device, i.e. for your second device, you would use "push2", "phone2", or "sms2".
-
When accessing a standard web-based resource with typical browser settings, you should be able to choose a "Remember me for 30 days" option during logon to prevent future second-factor challenges in that browser during the time period. If this is not working, please check the FAQ section of our Duo 2FA Guide.
-
If you go in to your “My settings & devices” option to configure a default action, this will prevent you from being able to check the “Remember me” box every 30 days, so setting a default option does not necessarily give you the most convenient experience.
More Information on Duo 2FA