Duo Multi-Factor Authentication

Contents

Duo Security is a Multi-Factor Authentication (MFA) tool used by the University of Vermont to protect sensitive information. Upon logging in to a Duo-protected site or service, you’ll be required to perform an additional authentication step using either the Duo Mobile app or a YubiKey. If you do not have access to your primary device(s), you can use an offline code as a backup option.

Manage your MFA Devices Here

Consider enrolling a second device or safely storing a set of Offline Codes

If your primary device is forgotten, lost, or stolen, or if you need to set up a new primary device, offline codes or a second enrolled device will allow you to log in to critical UVM services.

There are four device types that you can use to provide the second factor of two-step authentication. Each device has one or more authentication options available. Expand the toggle below to view all supported methods.

Devices and supported authentication methods

Device Type	Authentication Options	Details
Smartphone	Duo Mobile push notification (recommended) Duo Mobile passcode	iOS or Android
Tablet	Duo Mobile push notification (recommended) Duo Mobile passcode	iOS or Android
Hardware Token	Passcode	A YubiKey hardware token that provides two-step codes at the push of a button
Backup Access (Offline) Codes	Passcode	A printed list of 10 passcodes that can be used when other MFA options are not available

Before you can access MFA-protected services, such as PeopleSoft or VMWare Horizon, you must enroll a device.

Not expecting a Duo push? Don't approve it!

Duo Multi-Factor Authentication (MFA) only protects UVM if we’re mindful about which MFA prompts we’re approving.

MFA using the Duo Mobile App

Enroll your Smartphone

Your smartphone needs to be connected to the internet

Click here for instructions on connecting to the UVM Wireless Network.

Visit https://account.uvm.edu/multifactor on a computer and enter your UVM NetID and password, if prompted
Already enrolled a device in Duo?

If you’ve previously enrolled a device in Duo, you may receive a prompt asking you to use your currently enrolled MFA device(s) to access this page. If none of your second factor devices are available, please contact the UVM Tech Team.
Click Activate/Manage Duo Security
Click Add Device.
Select Mobile for the type, choose the appropriate platform, enter your phone number (with area code), enter a nickname for your phone, and then click Add Device

Check your text messages

You will receive two (2) SMS text messages. The first message contains a link to download and install the Duo app on your device. If you already have the app, skip to step 7.Click here if you do not receive any text messages
If you have not already installed Duo, tap the link in the first SMS text message sent to you to launch the App Store (iOS) or Google Play store (Android)
Tap Get or Install to download and install the Duo Mobile app

Push notifications required

The Duo Mobile app uses Push notifications. If prompted, Allow Push Notifications in order to use the Push authentication method.
Once Duo Mobile is installed, open the second SMS text message you received to activate your Duo Mobile app for use with your UVM account

Open with Duo

Your phone may ask for your permission to open the Duo Mobile app. If prompted, tap the Open button. If you receive a prompt asking whether to open the link in Duo or your web browser, choose Duo.
You should now have successfully activated your Duo mobile app

Still not receiving push notifications from Duo Mobile?

Click this link for help troubleshooting Duo Push notifications on Google Android.
Click this link for help troubleshooting Duo Push notifications on Apple iOS.

Enroll your iPad or Android Tablet

Your tablet needs to be connected to the internet

Click here for instructions on connecting to the UVM Wireless Network.

Search for the Duo Mobile app in the App Store (iOS) or Google Play Store (Android) and tap Get or Install to download and install it

Push notifications required

The Duo Mobile app uses Push notifications. If prompted, Allow Push Notifications in order to use the Push authentication method.
Visit https://account.uvm.edu/multifactor on a computer and enter your UVM NetID and password, if prompted
Already enrolled a device in Duo?

If you’ve previously enrolled a device in Duo, you may receive a prompt asking you to use your currently enrolled MFA device(s) to access this page. If none of your second factor devices are available, please contact the UVM Tech Team.
Tap Activate/Manage Duo Security
Tap Add Device
Select Other/Non-phone as the type, choose the appropriate platform, enter a nickname for your tablet, and then click Add Device

Scan the QR code

The following screen shows a QR code. Leave this open so that you can scan it using the Duo Mobile app on your tablet.
In the Duo Mobile app, tap the plus icon in the upper right corner

Camera access required

Tap Allow if Duo Mobile asks for permission to access your camera. The camera will be used to scan the QR code.
Point your tablet’s camera at the QR code to associate your UVM account with the Duo Mobile app
You should now have successfully activated your Duo Mobile app

Still not receiving push notifications from Duo Mobile?

Click this link for help troubleshooting Duo Push notifications on Google Android.
Click this link for help troubleshooting Duo Push notifications on Apple iOS.

Enter your UVM NetID and password as normal, and then click Login
Click Send Me a Push to receive a (no-cost) push notification on your device
Open the Duo Mobile app on your device, and then tap Approve

Not receiving the push notification?

Ensure you’re connected to a wireless network with a good wifi signal. Click here for instructions on connecting to UVM Wireless.

After 20 seconds, the Duo push notification will expire and you will have to send a new push.

If you are still unable to receive a push notification, use a Duo Mobile generated code instead.

Enter your UVM NetID and password as normal, and then click Login
Open the Duo Mobile app on your smartphone or tablet and find the University of Vermont account
Press show to reveal a 6-digit passcode
Click Enter a Passcode on the computer, and then input the 6-digit passcode in the Passcode field and click Log In

MFA using a YubiKey

Request a YubiKey

A YubiKey is a small, USB flash drive-like device that can be worn on a key ring. When it’s plugged into your computer, you can press the button on the YubiKey to gain access to a Duo protected service.

To request a YubiKey, contact Identity and Account Management by emailing iam@uvm.edu. There is a one-time fee to your department of approximately $50 for each YubiKey, to be paid for by Chartstring.

Enter your UVM NetID and password as normal, and then click Login
Click Enter a Passcode
Insert your YubiKey into a USB port, and then touch the brass contact(s)
Your YubiKey will automatically enter a passcode and log you in

MFA using Offline Codes

Generate Backup Access (Offline) Codes

Offline passcodes should be used as a backup method when you need to provide an additional authentication factor but are unable to use other methods.

Offline codes must be safely and securely stored

These codes allow access to PeopleSoft and other protected spaces in the same way as your Duo MFA app. You are individually responsible for ensuring they are safely stored.

Visit https://account.uvm.edu/multifactor and enter your UVM NetID and password, if prompted
Already enrolled a device in Duo?

If you’ve previously enrolled a device in Duo, you may receive a prompt asking you to use your currently enrolled MFA device(s) to access this page. If none of your second factor devices are available, please contact the UVM Tech Team.
Click Activate/Manage Duo Security
Click Generate Offline Codes
Print out this list of codes and keep it in a safe place

Off-line passcodes are to be used when you need to provide an additional authentication factor but are unable to use the on-line methods (i.e. no cell service, your device’s battery is fully discharged, etc). You can provide one of the following codes as a one-time substitute for an on-line one-time password. It is highly advised that you make a copy of this list and keep it in a safe location such as in a wallet or purse.

Offline Backup Code Details

Offline codes are valid until used once (tip: cross out used passcodes).
You can use your offline codes in any order without invalidating other unused codes.
Requesting a new batch of offline codes will invalidate all previous offline codes. Only the most recent passcodes will be usable.

Enter your UVM NetID and password as normal, and then click Login
Click Enter a Passcode, and then input the offline code and click Log In

MFA using Telephony Options

Telephony (SMS and Phone Call) Options may be unavailable

As of Fall 2022, newly created accounts may not be able to use the telephony options noted below. This is part of a long term plan to improve UVM’s information security.

Add a Non-Smart Phone

The following steps will guide you through enrolling your cell phone in Duo Security for SMS authentication.

Visit https://account.uvm.edu/multifactor and enter your UVM NetID and password, if prompted
Already enrolled a device in Duo?

If you’ve previously enrolled a device in Duo, you may receive a prompt asking you to use your currently enrolled MFA device(s) to access this page. If none of your second factor devices are available, please contact the UVM Tech Team.
Click Activate/Manage Duo Security
Click Add Device
Select Mobile as the type, choose Unknown for platform, enter your phone number (with area code), enter a nickname for your phone, and then click Add Device
Your phone should now be successfully enrolled

Add a Landline or Office Phone

Visit https://account.uvm.edu/multifactor and enter your UVM NetID and password, if prompted
Already enrolled a device in Duo?

If you’ve previously enrolled a device in Duo, you may receive a prompt asking you to use your currently enrolled MFA device(s) to access this page. If none of your second factor devices are available, please contact the UVM Tech Team.
Click Activate/Manage Duo Security
Click Add Device
Select Landline as the type, enter your phone number (with area code), your phone extension (if applicable), and a nickname for your phone, and then click Add Device
Your phone should now be successfully enrolled

Enter your UVM NetID and password as normal, and then click Login
Click Text
Not seeing the Text option?

Click the I Can’t Push to this device checkbox to see additional, non-push options.
You will receive an SMS text message with a list of codes
Not receiving the codes?

If it has been more than a minute and you still have not received a text with your SMS passcodes, please ensure you have good cell service and can otherwise receive text messages.
Avoid clicking the Text option again – this will generate a new set of passcodes, rendering previous passcodes invalid.

Codes can only be used once

You will receive 10 SMS passcodes separated by spaces. Please keep track of which codes you have used – they can only be used once each.
Enter one of the codes into the Passcode field, and then press the Enter key

SMS Code Details

SMS passcodes can only be used once.
You can use SMS passcodes in any order without invalidating other unused codes.
Requesting a new batch of SMS passcodes will invalidate all previous SMS passcodes. Only the most recent passcodes will be usable.

Enter your UVM NetID and password as normal, and then click Login
Click Call under the appropriate device.
Answer the call on your selected device, and then approve the login request by pressing any key on the phone’s number pad

Frequently Asked Questions

What does Duo do?

Multi-factor authentication provides an extra layer of security when accessing sensitive data.

It is designed to thwart stolen login credentials from being used to gain access to protected services, since the thief would not have your second factor.

Am I required to use multi-factor authentication (MFA), and if so, why?

Yes.

All UVM affiliates are required to use multi-factor authentication to access any protected resource. We have implemented MFA to protect you, your information, and the University’s information.

Do I have to use Duo every time I log in?

Some services, particularly those which handle sensitive information (like PeopleSoft), will require Duo authentication each time you access them.

For less sensitive apps, like Microsoft Teams or Outlook, you will only have to use Duo again when you supply new credentials (such as after a password change).

Remember me for 7 days

UVM’s authentication page includes a checkbox to “Remember me for 7 days.” You can use this feature when accessing services through a browser, but since it requires cookies it will not work in apps such as Teams. However, Teams will not require you to provide a second authentication factor again until you change your password (or otherwise need to enter new credentials), so this feature would be of little use there anyways.

I know how to avoid phishing email messages, why do I need to use this?

Unfortunately, experience has shown that people are not as good at recognizing malicious email as you might think. Every day, members of the UVM community fall prey to these kinds of scams.

We have to take steps to ensure that we are each more than just a single click away from having our paychecks stolen or becoming victims of identity theft. There are other ways for hackers to get your credentials besides phishing, and multi-factor authentication is the best protection available against hackers.

This option is not currently available. Should UVM find a usage case that requires it without a reasonable alternative, it will be reevaluated.

Will it cost me anything to use multi-factor authentication?

It depends on which method you use, but it is highly likely that the cost will be effectively none.

The Duo Mobile app itself is free
Generating a code with the app is free
If you are connected to Wi-Fi, using the push method is free
If you are not on Wi-Fi, the push method uses a very small amount of data, and is still effectively free depending on your cellular data plan
Generating a list of one-time codes from the Multifactor setup page is free
A YubiKey comes with a one-time charge of approximately $50 to your department, not to you

Can I use security questions instead?

UVM is requiring multi-factor authentication to solve the problem of stolen, reusable credentials like passwords.

Security questions are no different from passwords in that an attacker who captures your answers to those questions via phishing, other social engineering, or malware can use them to impersonate you. The framework UVM has adopted protects against this in one of two ways:

by requiring that you have a physical device (smartphone/tablet with Duo Mobile app or YubiKey), or
by requiring a credential which is only good for a single use (the offline codes method).

What if I don’t have a smartphone or tablet?

If you don’t have a smart device, your department can request a YubiKey for you. A YubiKey is a very small device that fits on a key ring and is easy to carry around.

You may also generate a list of offline codes to keep with you as a backup – they are not recommended as a primary authentication method.

Can I set up Duo on more than one device?

Yes.

You are encouraged, but not required, to set up Duo on more than one device. This will allow you to still access Duo-protected services if you forget one of your devices at home, and it will make it easier to unenroll a lost or stolen device to prevent others from using it to log in as you.

You may add as many devices as you like on the Multi-Factor setup page. After that, when you are logging in you can choose which device Duo will send the authentication request to.

Can I use the Duo app internationally?

Yes – the Duo smartphone app is designed to work internationally.

If you install the app, it can generate the required code even without a mobile voice or data plan, and it can do this anywhere in the world.

If you have a voice or data plan, the app makes multi-factor authentication as easy as a pushing a single button. If you don’t have a voice or data plan, you can use the app to generate a code to be entered manually.

I'm already enrolled in Duo with an older device, and I just got a new phone. How do I reactivate?

To reactivate Duo with a different phone, you must remove the old device and add the new one – even if your phone number is the same.

If you still have the old device, you can use it to Login Using Push Notifications or Login with Duo Mobile generated codes, and then remove the old device and enroll your new one.

If you have another enrolled device or offline codes, use those to access the Duo Security Enrollment page.

If you do not have access to any authentication methods, you will have to contact Identity and Account Management by emailing iam@uvm.edu or calling (802) 656-2006.

I'm trying to enroll my phone, but I'm not receiving text messages. What do I do?

If you’re not receiving texts, enroll your phone as an iPad or Android tablet instead.

After adding your phone, visit the device management page and edit your device to add the phone number.

Updated on August 10, 2022

Not the solution you were looking for?

Don’t worry we’re here to help!

Submit a Help Ticket