We’ve compiled a list of frequently asked questions related to Duo multi-factor authentication.
If you’d like to enroll a device in Duo, or if you need help accessing Duo protected services, please see this guide.
Multi-factor authentication provides an extra layer of security when accessing sensitive data. It is designed to thwart stolen login credentials from being used to gain access since the thief would not have your second factor.
Yes. All UVM affiliates will be required to use multi-factor authentication to access any resource protected by Duo. We are implementing MFA to protect you, your information, and the University's information.
Yes, but only once per day if you don't close the web browser you're using. This applies to each browser or private/incognito window you open to access a Duo protected service.
Unfortunately, experience has shown that people are not as good at recognizing malicious email as you might think. Every day, members of the UVM community fall prey to these kinds of scams. We have to take steps to ensure that we are each more than just a single click away from having our paycheck stolen or becoming a victim of identity theft. There are other ways for hackers to get your credentials besides phishing, and multi-factor authentication is the best protection available against hackers.
First, you will be asked to provide your NetID and NetID password on the single sign-on page (Webauth). Next, you will be asked to pick a method of providing or being contacted for your second factor. This second factor can be a smartphone app (Push), a pre-generated list of off-line codes, a text message to a device, or via automated calls to a mobile or landline phone.
For the time being this is not available. Should we find a usage case that requires it without a reasonable alternative, it will be reevaluated.
It depends on which method you use, but it is highly likely that the cost will be effectively none.
- The Duo mobile App itself is free.
- Generating a code with the App is free.
- The push method to the App, if you are connected by Wi-Fi, is free. The push method, using very little data, is effectively free via cellular data depending on your data plan.
- Generating a list of one-time codes from the Multi-Factor setup page is free.
- Sending an SMS text message to your mobile phone may incur charges depending on your texting plan.
- Using the call method and your mobile phone may incur minutes charges depending on your phone plan.
- The YubiKey comes with a one-time charge of $40 to your department, not you.
UVM is requiring multi-factor authentication to solve the problem of stolen, reusable credentials like passwords. Security questions are no different from passwords in that an attacker who captures your answers to those questions via phishing, other social engineering, or malware, can use them to impersonate you. The framework UVM has adopted protects against this in one of two ways:
- by requiring that you have a physical device (Duo Mobile app, SMS, phone, and Yubi Key methods), or
- by requiring a credential which is only good for a single use (the offline codes method).
If you don’t have a cell phone, Duo allows you to use your landline (office, home) phone. You would receive an automated phone call that requires you to hit any button to confirm your identity. You may also generate a list of off-line codes to keep with you as an alternative to the app, text, and voice options.
No. Duo provides a great deal of flexibility and you do not need a smartphone to use it. The recommended smartphone/mobile device option makes multi-factor authentication extremely convenient, but other easy options exist as well. Duo can send a text message to a cell phone or place a voice call to your office landline phone or cell phone. Alternatively, you may generate a list of off-line codes to keep with you.
Yes. You are encouraged (but not required) to set up Duo on more than one device in case you forget your mobile phone at home or are not at your office phone. You may add as many phones/devices as you like, landline and/or mobile, on the Multi-Factor setup page. After that, when you are logging in you can choose which line Duo will send the authentication request to (via smartphone app, SMS text message, or voice phone call depending on what you chose).
Yes. The Duo smartphone app is designed to work internationally. If you install the app, it can generate the required code without need of either a mobile voice or data plan, and it can do this anywhere in the world.If you have a voice or data plan, the app makes multi-factor authentication as easy as a pushing a single button, but if you don't have one of those things, you can use the app to generate (by pressing the key symbol) a six digit code and enter that manually.
When you get a new phone, the Duo app will lose its association with your UVM account. Each device has a unique ID separate from your phone number.
If the phone number of your new phone is the same, you can still authenticate using the phone call or SMS option, but the push option will not work until the Duo app is re-activated.
You may use any web browser to access the Duo management page to generate off-line codes.
We encourage you to add multiple devices when enrolling in Duo multi-factor authentication, for example, your office phone. If you have not setup another phone, you can do so at any time using the Duo management page.
You may remove your own device using the Duo management page from any web browser, or Contact Identity and Account Management (IAM) at (802) 656-2006 immediately and we will lock your Duo account to prevent malicious activity.
The Duo smartphone app provides options that work without a data plan, a texting plan, or even a connection, if necessary. The Duo app can generate the required code without need of a Wi-Fi connection, a cell signal, or data plan, and it can do so anywhere in the world.