Duo Security is a Multi-Factor Authentication (MFA) tool used by the University of Vermont to protect sensitive information. Upon logging in to a Duo-protected site or service, you’ll be required to perform an additional authentication step using either the Duo Mobile app or a YubiKey. If you do not have access to your primary device(s), you can use an offline code as a backup option.
There are four device types that you can use to provide the second factor of two-step authentication. Each device has one or more authentication options available. Expand the toggle below to view all supported methods.
Devices and supported authentication methods
Device Type | Authentication Options | Details |
---|---|---|
Smartphone |
|
|
Tablet |
|
|
Hardware Token |
|
|
Backup Access (Offline) Codes |
|
|
Before you can access MFA-protected services, such as PeopleSoft or VMWare Horizon, you must enroll a device.
MFA using the Duo Mobile App
Enroll your Smartphone
- Visit https://account.uvm.edu/multifactor on a computer and enter your UVM NetID and password, if prompted
- Click Activate/Manage Duo Security
- Click Add Device.
- Select Mobile for the type, choose the appropriate platform, enter your phone number (with area code), enter a nickname for your phone, and then click Add Device
- If you have not already installed Duo, tap the link in the first SMS text message sent to you to launch the App Store (iOS) or Google Play store (Android)
- Tap Get or Install to download and install the Duo Mobile app
- Once Duo Mobile is installed, open the second SMS text message you received to activate your Duo Mobile app for use with your UVM account
- You should now have successfully activated your Duo mobile app
Enroll your iPad or Android Tablet
- Search for the Duo Mobile app in the App Store (iOS) or Google Play Store (Android) and tap Get or Install to download and install it
- Visit https://account.uvm.edu/multifactor on a computer and enter your UVM NetID and password, if prompted
- Tap Activate/Manage Duo Security
- Tap Add Device
- Select Other/Non-phone as the type, choose the appropriate platform, enter a nickname for your tablet, and then click Add Device
- In the Duo Mobile app, tap the plus icon in the upper right corner
- Point your tablet’s camera at the QR code to associate your UVM account with the Duo Mobile app
- You should now have successfully activated your Duo Mobile app
Login using Push Notifications
Login with Duo Mobile Generated Codes
- Enter your UVM NetID and password as normal, and then click Login
- Open the Duo Mobile app on your smartphone or tablet and find the University of Vermont account
- Press show to reveal a 6-digit passcode
- Click Enter a Passcode on the computer, and then input the 6-digit passcode in the Passcode field and click Log In
MFA using a YubiKey
Request a YubiKey
A YubiKey is a small, USB flash drive-like device that can be worn on a key ring. When it’s plugged into your computer, you can press the button on the YubiKey to gain access to a Duo protected service.
To request a YubiKey, contact Identity and Account Management by emailing iam@uvm.edu. There is a one-time fee to your department of approximately $50 for each YubiKey, to be paid for by Chartstring.
Login using a YubiKey
MFA using Offline Codes
Generate Backup Access (Offline) Codes
Offline passcodes should be used as a backup method when you need to provide an additional authentication factor but are unable to use other methods.
- Visit https://account.uvm.edu/multifactor and enter your UVM NetID and password, if prompted
- Click Activate/Manage Duo Security
- Click Generate Offline Codes
- Print out this list of codes and keep it in a safe place
Off-line passcodes are to be used when you need to provide an additional authentication factor but are unable to use the on-line methods (i.e. no cell service, your device’s battery is fully discharged, etc). You can provide one of the following codes as a one-time substitute for an on-line one-time password. It is highly advised that you make a copy of this list and keep it in a safe location such as in a wallet or purse.
Login using an Offline Code
MFA using Telephony Options
Add a Non-Smart Phone
The following steps will guide you through enrolling your cell phone in Duo Security for SMS authentication.
- Visit https://account.uvm.edu/multifactor and enter your UVM NetID and password, if prompted
- Click Activate/Manage Duo Security
- Click Add Device
- Select Mobile as the type, choose Unknown for platform, enter your phone number (with area code), enter a nickname for your phone, and then click Add Device
- Your phone should now be successfully enrolled
Add a Landline or Office Phone
- Visit https://account.uvm.edu/multifactor and enter your UVM NetID and password, if prompted
- Click Activate/Manage Duo Security
- Click Add Device
- Select Landline as the type, enter your phone number (with area code), your phone extension (if applicable), and a nickname for your phone, and then click Add Device
- Your phone should now be successfully enrolled
Login using Duo SMS Text Messages
Login using a Phone Call
Frequently Asked Questions
What does Duo do?
Multi-factor authentication provides an extra layer of security when accessing sensitive data. It is designed to thwart stolen login credentials from being used to gain access to protected services, since the thief would not have your second factor.
Am I required to use multi-factor authentication (MFA), and if so, why?
Yes. All UVM affiliates are required to use multi-factor authentication to access any protected resource. We have implemented MFA to protect you, your information, and the University’s information.
Do I have to use Duo every time I log in?
Yes, but only once per day if you don’t close the web browser you’re using. This applies to each browser or private/incognito window you open to access a Duo-protected service.
I know how to avoid phishing email messages, why do I need to use this?
Unfortunately, experience has shown that people are not as good at recognizing malicious email as you might think. Every day, members of the UVM community fall prey to these kinds of scams. We have to take steps to ensure that we are each more than just a single click away from having our paychecks stolen or becoming victims of identity theft. There are other ways for hackers to get your credentials besides phishing, and multi-factor authentication is the best protection available against hackers.
Can more than one person register a phone we share?
For the time being, this is not available. Should we find a usage case that requires it without a reasonable alternative, it will be reevaluated.
Will it cost me anything to use multi-factor authentication?
It depends on which method you use, but it is highly likely that the cost will be effectively none.
- The Duo Mobile app itself is free
- Generating a code with the app is free
- If you are connected to Wi-Fi, using the push method is free
- If you are not on Wi-Fi, the push method uses a very small amount of data, and is still effectively free depending on your cellular data plan
- Generating a list of one-time codes from the Multifactor setup page is free
- A YubiKey comes with a one-time charge of approximately $50 to your department, not to you
Can I use security questions instead?
UVM is requiring multi-factor authentication to solve the problem of stolen, reusable credentials like passwords. Security questions are no different from passwords in that an attacker who captures your answers to those questions via phishing, other social engineering, or malware can use them to impersonate you. The framework UVM has adopted protects against this in one of two ways:
- by requiring that you have a physical device (smartphone/tablet with Duo Mobile app or YubiKey), or
- by requiring a credential which is only good for a single use (the offline codes method).
What if I don’t have a smartphone or tablet?
If you don’t have a smart device, your department can buy a YubiKey for you. It is a very small device that fits on a key ring and is easy to carry with you. You may also generate a list of off-line codes to keep with you as an alternative, but it is recommended that you just use these as backups and not as a primary authentication method.
Can I set up Duo on more than one device?
Yes. You are encouraged, but not required, to set up Duo on more than one device. This will allow you to still access Duo-protected services if you forget one of your devices at home, and it will make it easier to dis-enroll a lost or stolen device to prevent others from using it to log in as you. You may add as many devices as you like on the Multi-Factor setup page. After that, when you are logging in you can choose which device Duo will send the authentication request to.
Can I use the Duo app internationally?
Yes. The Duo smartphone app is designed to work internationally. If you install the app, it can generate the required code even without a mobile voice or data plan, and it can do this anywhere in the world. If you have a voice or data plan, the app makes multi-factor authentication as easy as a pushing a single button, but if you don’t, you can use the app to generate a six digit code and enter that manually.
I'm already enrolled in Duo with an older device, and I just got a new phone. What do I do?
You will have to go to the Duo Security Enrollment page to remove the old device and add the new one, even if the phone number is the same. Getting to this page will require Duo authentication. If you still have the old device, you can use it to Login Using Push Notifications or Login with Duo Mobile generated codes, and then remove the old device and enroll your new one. If you have another enrolled device or offline codes, you can also use those to access this page. If you do not have access to any authentication methods, you will have to contact Identity and Account Management by emailing iam@uvm.edu or calling (802) 656-2006.
I'm trying to enroll my phone, but I'm not receiving text messages. What do I do?
Enroll your phone using the Enroll your iPad or Android Tablet instructions instead of the phone instructions. Then, after you have added the device, you can go to the device management page and edit your device to add the phone number.