What should I know about Duo Two Factor Authentication?

What is two-factor authentication?


Two-factor authentication adds a second layer of security to your online accounts. Verifying your identity using a second factor (like your phone or other mobile device) prevents anyone but you from logging in to your account, even if they know your password.


Wayne State University is working with a company called Duo Security for our two-factor authentication solution for employees and faculty. The service features:


  • One-click authentication from your mobile device via a free app.
  • Offline authentication available when needed.
  • SMS, landline and non-phone methods available if necessary.


At this point, we do not offer two-factor authentication to students.


Why is two-factor authentication needed?


With the number of stolen passwords and hacking attempts on the rise, it is important to ensure the safety and security of WSU data. By using two-factor authentication, we can ensure that critical university systems are only accessed by authorized users.


Who can use two-factor authentication?


Any employee that is logging in to a protected service may use two-factor authentication.


Which services are protected using two-factor authentication?


The Wayne State VPN and Self Service Banner (pay stubs, tax forms, direct deposit, etc.) are currently configured for two-factor authentication. You will only need to enroll yourself once to take advantage of two-factor authentication, no matter which service or website you access securely.


Do I need any special equipment in order to enroll or use two-factor authentication?


WSU and Duo Security's two-factor system uses something most of us already have -- a smartphone. A smartphone is the best choice since it provides the greatest level of security. It allows you to use the Duo Mobile app, letting you receive push notifications for easy, one-tap authentication, or choose to receive a phone call or text.


Is the Duo Mobile app safe to download and use?


Yes, it is safe to download the Duo Mobile app from the Apple App Store, the Google Play Store or the Windows store.


How do I enroll?


The first time you visit a service that requires two-factor authentication, you will be automatically prompted to complete the one-time enrollment after you log in with your AccessID and password. The system will guide you through the enrollment process, allowing you to use two-factor authentication.


After I enroll, what happens when I try to log in to a protected service?


When you try to access a service which is protected by two-factor authentication, you will first be required to type in your AccessID and password like usual. Once that is complete, the system will then prompt you for your second method to verify your identity, which typically is your smartphone. Your phone will automatically get a notification, call or text confirming that you wish to log in. Once you approve the notification on your phone, the protected system will automatically continue and log you in without any further intervention.


Is there a guide that can help show me how the two-factor process works?


Yes. You may visit guide.duosecurity.com to see examples and screenshots of the process in action. You may also watch Wayne State Two Factor Duo Enrollment (YouTube) that details the two-factor authentication process at WSU. 


Can I add more registered devices or change my current ones?


At the Duo prompt, you may click on the My Settings and Devices link. Duo will authenticate using your existing device, after which you may add additional methods by clicking on Add another device near the bottom, or modify/delete their existing devices by clicking Device Options next to any particular device.


You may also manage your devices via Account Management in Academica. Learn more at kb.wayne.edu/238839.


What is happening to my data and password?


Your protected data and your password are never transmitted to the Duo two-factor system; only your username is transmitted to facilitate the two-factor authentication process.


Does the Duo Mobile application use up any cellular data?


If your device is not attached to a Wi-Fi network like WSU-SECURE, you may use a small amount of data from your cellular plan.


What happens if I can't use my data service on my smartphone?


The Duo Mobile app can work without using the push notifications. Once enrolled, you may open up the Duo Mobile app and tap on the key icon next to Wayne State University and a 6-digit code will be displayed. You may then use the passcode by typing it into the authentication screen.


You may also choose to to authenticate via phone call or text message. The phone call will ask you to answer and press the pound key (#), while the text message will offer a short code for you to type into the authentication screen on your computer.


What if I have unreliable or terrible cell service?


Same thing regarding the Duo Mobile app -- it does not require data service. You can just tap the key icon and put in the 6-digit code into the authentication screen, or authenticate with a call or text.


What if I do not have a smartphone?


While the smartphone features of the two-factor system make it extremely easy to use, they are not necessary. You can use a regular cellphone; Duo can send 10 codes at a time as an SMS message. You can read this text message and enter in one of the codes at the screen when the authentication prompts you. Each code can only be used once and Duo reminds you which one is next -- for example, Use the code that begins with 2


You may try this out by logging in and first clicking the green Enter a Passcode button. If you don't have a code, click the blue Text me new codes button beneath that.


What if I only have an office phone?


You can enroll a regular landline -- most likely your office phone. The Duo system will call this office phone and ask you to push the pound key (#) to log in.


What if I lose my phone or mobile device?


Contact the C&IT Help Desk immediately to disassociate your lost device from your account. They can then assist you in re-associating your account to a new mobile device.


What if I need to log in for an emergency and I don't have my registered phone with me?


Contact the C&IT Help Desk for exceptional situations in which you need to log in but do not have any registered devices with you.


Are there options for people without any kind of phone?


Other options are available on an exception basis in rare cases where a phone is not available or appropriate. Please contact the C&IT Help Desk for more information.


Users also have the option to purchase a USB authentication key from the C&IT Help Desk. Learn more at kb.wayne.edu/250848.


What do I do if I have additional questions?


Please contact the C&IT Help Desk for any questions or issues you have with the service.


Can I use the campus Duo two-factor service to secure a system I am managing?


Yes. Please contact a member of the Information Security Office to discuss how the Duo two-factor service can be integrated into your system.