Duo Multi-Factor Authentication

1. On your mobile device, launch the App Store or Play Store and search for “Duo Mobile.”
2. Tap Get or Install next to Duo Mobile (by Duo Security LLC) to download the app.
3. Visit any Duo-protected webpage on your computer, such as Brightspace or Outlook on the web, and sign in with your NetID.
4. Click Next to advance through the 3 Welcome to Duo prompts.
5. When prompted to select an option, click Duo Mobile.
6. Enter your phone number and click Add phone number.
7. Verify the number matches what you entered, and then click Yes, it’s correct.
8. Since you already installed the Duo app on your phone, click Next.
9. The page will now display a QR code.
10. Open the Duo Mobile app on your phone and follow the prompts to add an account using a QR code.
11. Use your phone to scan the QR code on your computer screen.
12. Your device should now be successfully enrolled as a Duo device. Click Continue to complete setup.

1. Search for the Duo Mobile app in the App Store (iOS) or Google Play Store (Android) and tap Get or Install to download and install it.
   
   Push notifications required

   The Duo Mobile app uses Push notifications. If prompted, Allow Push Notifications in order to use the Push authentication method.

2. On your computer, visit account.uvm.edu/multifactor and sign in with your NetID.
3. Click Next to advance through the 3 Welcome to Duo prompts.
4. When prompted to select an option click Duo Mobile.
5. Click I have a tablet.
6. Since you already installed the Duo app on your device, click Next.
7. The page will now display a QR code.
8. Open the Duo Mobile app on your tablet and follow the prompts to add an account using a QR code.
9. Use your tablet to scan the QR code on your computer screen.
10. Your device should now be successfully enrolled as a Duo device. Click Continue to complete setup.

If you’ve already enrolled a device in Duo, the process for enrolling further devices changes. This process will be the same for both phones and tablets, and you can also use these instructions to add your phone to a departmental account even if it’s already protecting your personal account.

1. Visit https://account.uvm.edu/multifactor and log in with the account you’d like to add a device to.
2. Click Activate/Manage Duo Security, and then proceed through Duo using your primary device if prompted.
3. Click the Add device button to create a new device listing.
4. Specify the platform of the device and add a nickname, but list the type as “Other/Non-phone” even if the device is a phone. When you are done filling out this information, click Add Device.
5. The page will now display a QR code.
6. Open the Duo Mobile app on your device and follow the prompts to add an account using a QR code.
7. Use your device to scan the QR code on your computer screen.
8. Your device should now be successfully enrolled in Duo.

Certain actions, such as getting a new phone or new SIM card, may deactivate your Duo Mobile app. This is because the app will see the phone as an unrecognized device, even if the phone number hasn’t changed. For detailed instructions on reactivating or restoring the app, please refer to our guide.

1. Enter your UVM NetID and password as normal, and then click LOG IN.
2. Duo will send a (no-cost) push notification on your device.
3. Open the Duo Mobile app on your device and tap Approve.
4. If you’re the only person who uses this computer, click Yes, this is my device, and Duo will remember you for 7 days. Otherwise, select No.

1. Enter your UVM NetID and password as normal, and then click LOG IN.
2. Open the Duo Mobile app on your smartphone or tablet, find the University of Vermont account, and tap on it to reveal a 6-digit Passcode.
   
3. Click Other options on the computer.
4. Click Duo Mobile passcode and input the 6-digit passcode in the Passcode field and click Verify.

A YubiKey is a small, USB flash drive-like device that can be worn on a key ring. When it’s plugged into your computer, you can press the button on the YubiKey to gain access to a Duo protected service.

To request a YubiKey, contact Identity and Account Management by emailing iam@uvm.edu and specify whether the new YubiKey should be USB-A or USB-C. There is a one-time fee to your department of $50 for each YubiKey, to be paid for by Chartstring.

Students are not eligible for a YubiKey at this time, but if you are interested, you are encouraged to submit a Footprints request so we know there is interest.

1. Enter your UVM NetID and password as normal, and then click LOG IN.
2. Click Other options on the computer.
3. Select YubiKey passcode.
4. Insert your YubiKey into a USB port, and then touch the brass contact(s).
   
5. Your YubiKey will automatically enter a passcode and log you in.

Offline passcodes should be used as a backup method when you need to provide an additional authentication factor but are unable to use other methods (i.e. no cell service, your device’s battery is fully discharged, etc).

1. Visit https://account.uvm.edu/multifactor and log in with your UVM NetID and password, if prompted.
2. Click Activate/Manage Duo Security.
   Already have a device enrolled in Duo?

   If you’ve previously enrolled a device in Duo, you may receive a prompt asking you to use your currently enrolled MFA device(s) to access this page. If none of your second-factor methods are available, please contact the UVM Tech Team.

3. Click Generate Offline Codes.
4. Print out the list of generated codes and keep it in a safe place.

1. Enter your UVM NetID and password as normal, and then click LOG IN.
2. Click Other options.
3. Click Bypass code, input an offline code, and click Verify.
   Offline codes are good for one use only

   You may want to cross out offline codes that you’ve used so that you know which ones are still available.

The following steps will guide you through enrolling your cell phone in Duo Security for SMS authentication.

1. Visit https://account.uvm.edu/multifactor and log in with your UVM NetID and password, if prompted.
2. Click Activate/Manage Duo Security.
3. Already have a device enrolled in Duo?

   If you’ve previously enrolled a device in Duo, you may receive a prompt asking you to use your currently enrolled MFA device(s) to access this page. If none of your second-factor methods are available, please contact the UVM Tech Team.

4. Click Add Device.
5. Select Mobile as the type, choose Unknown for platform, enter your phone number (with area code), enter a nickname for your phone, and then click Add Device.
6. Your phone should now be successfully enrolled. Non-smartphone users can ignore any texts they receive at this time about installing or activating Duo Mobile.

1. Visit https://account.uvm.edu/multifactor and log in with your UVM NetID and password, if prompted.
2. Click Activate/Manage Duo Security.
3. Already have a device enrolled in Duo?

   If you’ve previously enrolled a device in Duo, you may receive a prompt asking you to use your currently enrolled MFA device(s) to access this page. If none of your second-factor methods are available, please contact the UVM Tech Team.

4. Click Add Device.
5. Select Landline as the type, enter your phone number (with area code), your phone extension (if applicable), and a nickname for your phone, and then click Add Device.
6. Your phone should now be successfully enrolled.

1. Enter your UVM NetID and password as normal, and then click LOG IN.
   
2. Click Other options.
3. Click Text message passcode.
4. You will receive an SMS text message with a list of codes.
   Not receiving the codes?

   If it has been more than a minute and you still have not received a text with your SMS passcodes, please ensure you have good cell service and can otherwise receive text messages.
   Avoid clicking the Text option again – this will generate a new set of passcodes, rendering previous passcodes invalid.

   
   
   

   Codes can only be used once

   You will receive 10 SMS passcodes separated by spaces. Please keep track of which codes you have used – they can only be used once each.

5. Enter one of the codes into the Passcode field, and click Verify.

1. Enter your UVM NetID and password as normal, and then click Login.
   
2. Click Other options on the computer.
3. Click Phone call under the appropriate device.
4. Answer the call on your selected device, and then approve the login request by pressing any key on the phone’s number pad.

Multi-factor authentication provides an extra layer of security when accessing sensitive data.

It is designed to thwart stolen login credentials from being used to gain access to protected services, since the thief would not have your second factor.

Yes.

All UVM affiliates are required to use multi-factor authentication to access any protected resource. We have implemented MFA to protect you, your information, and the University’s information.

When enrolling a device in Duo Mobile, you are not able to associate the same phone number with multiple accounts.

To work around this using your tablet or your smartphone, follow the instructions above for enrolling an iPad or Android Tablet. This process presents a QR code that you can scan in your Duo Mobile app.

To log in, you’ll need to use push notifications or Duo Mobile generated codes – telephony options will be unavailable.

UVM’s authentication page includes a checkbox to “Remember me for 7 days.” You can use this feature when accessing services through a browser to avoid having to use Duo for that service every time you log in.

For most installed apps, like Microsoft Teams or Outlook, you will only have to use Duo again if you supply new credentials (such as after a password change).

Unfortunately, experience has shown that people are not as good at recognizing malicious email as you might think. Every day, members of the UVM community fall prey to these kinds of scams.

We have to take steps to ensure that we are each more than just a single click away from having our paychecks stolen or becoming victims of identity theft. There are other ways for hackers to get your credentials besides phishing, and multi-factor authentication is the best protection available against hackers.

This option is not currently available. Should UVM find a usage case that requires it without a reasonable alternative, it will be reevaluated.

It depends on which method you use, but it is highly likely that the cost will be effectively none.

• The Duo Mobile app itself is free.
• Generating a code with the app is free.
• If you are connected to Wi-Fi, using the push method is free.
• If you are not on Wi-Fi, the push method uses a very small amount of data, and is still effectively free depending on your cellular data plan.
• Generating a list of one-time codes from the Multifactor setup page is free.
• A YubiKey comes with a one-time charge of approximately $50 to your department, not to you.

UVM is requiring multi-factor authentication to solve the problem of stolen, reusable credentials like passwords.

Security questions are no different from passwords in that an attacker who captures your answers to those questions via phishing, other social engineering, or malware can use them to impersonate you. The framework UVM has adopted protects against this in one of two ways:

• by requiring that you have a physical device (smartphone/tablet with Duo Mobile app or YubiKey), or
• by requiring a credential which is only good for a single use (the offline codes method).

If you don’t have a smart device, your department can request a YubiKey for you. A YubiKey is a very small device that fits on a key ring and is easy to carry around.

You may also generate a list of offline codes to keep with you as a backup – they are not recommended as a primary authentication method.

Yes.

You are encouraged, but not required, to set up Duo on more than one device. This will allow you to still access Duo-protected services if you forget one of your devices at home, and it will make it easier to unenroll a lost or stolen device to prevent others from using it to log in as you.

You may add as many devices as you like on https://account.uvm.edu/multifactor. After that, when you are logging in you can choose which device Duo will send the authentication request to.

If your phone number changes while traveling, telephony options (calls and texts) will likely stop working. However, the Duo smartphone app is designed to work internationally – if you install and activate the app before leaving, it can generate the required code even without a mobile voice or data plan, and it can do this anywhere in the world.

If you have a voice or data plan, the app makes multi-factor authentication as easy as a pushing a single button. If you don’t have a voice or data plan, you can use the app to generate a code to be entered manually.

If you’re not receiving texts, enroll your phone as an iPad or Android tablet instead.

After adding your phone, visit the device management page and edit your device to add the phone number.