Skip to Knowledge Base content

Duo Two-Factor Authentication FAQ

Overview:

If you have a question about Duo, start with the Duo FAQ below!

Two-factor authentication is a second layer of security besides your username and password for any kind of account. It means you have to confirm your identity in two ways – with something you KNOW and something you HAVE. Duo is the application that WVU is using.

All faculty, students and staff in all WVU locations must use two-factor, although the requirement kicks in at different times. Faculty were first. All employees, including student workers and anyone with Emeritus status, will be required to use it after May 10, 2018. Students have until Aug. 31, 2018, to voluntarily activate their accounts and enroll their devices. 

Employees and students at WVU Parkersburg may voluntarily enroll in two-factor now. ITS will work with that campus on a separate timeline for making the use there mandatory.

Retirees who are not Emeritus or otherwise working for WVU are exempt and will not need two-factor to check email.

Passwords can be and are compromised regularly. They’re no longer good enough to protect personal, sensitive or financial information. WVU’s data includes YOUR data. A large security breach could affect both the University’s finances and reputation, while the personal information of individuals could also be at risk.

Two-factor is also required for industries that handle credit card or financial data, including WVU, and it is a cyber liability insurance requirement.

Many universities are adopting the same approach as WVU, with no exemptions for any group of people or any location on campus. That includes the student population. Some of the schools taking the same approach as us are Indiana University, Baylor, Texas A&M, University of Miami, Virginia Tech and Pitt.

Most users will install the free Duo Mobile application from the appropriate app store on their smart phones. For set up instructions, view the two-factor authentication instruction guides at twofactor.wvu.edu.

If you select PUSH ALERTS, an alert will appear on your cell phone when you try to log into a secure system. You can tap the APPROVE box to confirm it’s you and complete the login. If the attempt to log in is not your own, tap the red box to DENY access.

If you don’t have cell service or Wi-Fi coverage, you can also select ENTER PASSCODE and enter a code generated by the Duo app installed on your phone or device. Simply open the app and tap the key icon in the upper right-hand corner. That will generate a passcode that will work with any browser.

If someone tries to log into a system using your credentials, please DENY the access request and immediately go to login.wvu.edu to change your password. Your login information may have been compromised.
Yes, Duo Mobile is free to download in the Apple Store, Google Play Store and Windows app store. View the How to Download Duo and Set Up Your Phone for instructions and information about compatible devices. 
If you are downloading the Duo app onto an Apple device, you will need an Apple ID. View Apple's support articles to learn how to create a new Apple ID without adding a payment method or remove a payment method from your existing Apple ID. Contact Apple Support if you need help with your Apple ID.

There is no cost associated with using the free Duo Mobile smartphone app because it uses so little of your data. Cell phones are the most popular choice for two-factor authentication because of the convenience. Most people seldom go anywhere without one. If you find the app isn’t effective, speak to your supervisor about using a hardware token that will generate passcodes.

You probably already use your phone for a work-related purpose, if only to check email or let your boss know that you’ll be out sick. General concerns about cell phone stipends and/or the use of a cell phone for your job, however, should be taken up with your supervisor.

Stipends have been reduced or eliminated because of ongoing budget pressures. ITS considers the use of your phone for two-factor authentication incidental, much like the incidental use of a WVU computer to email your significant other or check your Facebook account on a break.

Yes. You can use a device that looks like a USB key to generate passcodes; it can only be used with the Chrome web browser. Plug it into your laptop or desktop computer to complete your authentication. You can also use a display token to generate codes that will work in any browser. The Duo app will work on a smart phone even if you have no cell service or Wi-Fi coverage. Simply open the app and tap the key icon in the upper right-hand corner. That will generate a passcode, so your phone essentially functions like the display token.

Once you enroll in Duo, you should be prepared to add the device you intend to use. If you don’t add the device at that time, you may lose your access and will have to call the ITS Service Desk for assistance at 304-293-4444.
If you’re using personal funds, you can buy a Duo display token for $24.98 at any physical or online WVU Barnes & Noble bookstore. Search for "Duo Security." The display token works with any web browser or device. Just push the green button to generate a one-time code that will complete your login. You can also purchase a display token at an ITS Service Center. We have one in Brooke Tower and one in the Mountainlair.

If you're using state or Research Corp. funds to purchase hardware, you should use Mountaineer Marketplace. You get to it through portal.wvu.edu.

Note: Sharing either your Duo security account or your WVU Login account with anyone, including parents or guardians, is a violation of the University's Acceptable Use of Data and Technology Resources Policy.
Duo display tokens have an expected minimum battery lifetime of seven years. Attempting to change the battery will destroy the device.
No. Both of those practices raise security concerns. It’s the electronic equivalent of taping a Post-It note with your password to your monitor. If you leave your device unattended, others could take advantage of your access. You should carry the Yubikey or display token with you.
No. Your token device will be associated with your account only. It cannot be shared with other users. Both devices will work for your account on any computer where you log in with your WVU username and password.

Other authentication apps will not work with WVU systems. Only Duo Mobile is compatible with systems that are behind Duo protection.

If you already have a Yubikey token, one that plugs into the USB port on your PC, you may add it as one of your device options for authentication with Duo. Directions can be found here.

Display tokens, ones that display a number when you press a button, will NOT work with Duo unless they are purchased directly from WVU. ITS will have more information on how these will be distributed later this year.

Yes. You won't be able to receive Push notifications, but if you touch the Key symbol in the Duo App, it will give you a 6-digit code to enter and get access.
No. Because we are One WVU and we use the same systems, two-factor authentication will eventually be in use on all WVU campuses, including Keyser and Beckley. It use will become mandatory during 2018, but that will be phased in.
Yes, but if you’re going abroad, we recommend you take a token device or print 10 one-use passcodes to take with you. View How to Generate Bypass Codes for Duo Authentication for steps to generate and use these codes. If you need assistance with other options, contact the ITS Service Desk.
Not really. Many people already use two-factor for online banking and shopping. Social media sites ask you to confirm your identity when you try to log in from a new device or location, and you may have to enter your ZIP code when you use a credit card to buy gas. That’s two-factor at work. Even the State Auditor’s Office is now offering it on the MyApps site, where you can check your pay stub.
All faculty and staff are already using it. Students in all locations will have to use two-factor starting on Aug. 31, 2018. We are regularly communicating these deadlines.
Any system or application that displays a Central Authentication Service screen and requires you to enter your Login credentials will be behind two-factor authentication. That list is always changing but will include sensitive systems including eCampus, Portal, DegreeWorks, SEI and WVU+kc (Kuali).
At some point during the next day, you will have to re-authenticate. Every session lasts 24 hours per browser/device combination. So, if you open a secure application in a new browser, you’ll have to re-authenticate even if you’re using the same computer.
The Service Desk can always generate a one-time code, but the better alternative would be a pre-emptive approach: Duo will let you print out 10 single-use codes that won't expire until you use them. Learn how to generate codes at login.wvu.edu. If you print them out and stick them in your wallet, you'll have an emergency backup. The Duo display token is another option for a backup.

If you have a secondary authentication device such as a tablet or token set up in Duo, you can use it to authenticate and set up your new mobile phone. If you do not have a secondary device set up in Duo, there are two ways to obtain a single-use passcode to authenticate.

  1. Before you replace your phone, you can visit Login.wvu.edu and click on My Login to view your Two-Factor account options. You must authenticate to access your account settings. On the My Login page, you can click a link that will generate a set of 10 passcodes for your account. You can print this list of single-use passcodes and put them in your wallet to be used as needed. Mark out each passcode after it has been used.

  2. If you do not have any passcodes written down or printed out, you can contact the ITS Service Desk (304-293-4444) for assistance. They will ask for your WVU ID number, and then provide a passcode you can use to authenticate and set up your new device.

There are two ways you can get a passcode to authenticate if you forgot your device. You can go to Login.wvu.edu and click on My Login to see a link that will generate a set of 10 passcodes for your account. You can also contact the ITS Service Desk (304-293-4444) for assistance with accessing WVU systems if you do not have a secondary device on your account.

No, they can't. That's a violation of the University's Acceptable Use of Data and Technology Resources Policy. Duo security and WVU Login accounts are for STUDENTS AND EMPLOYEES ONLY. The appropriate way for parents or guardians to access student records is through the Parent Guest Portal at parent-guest.portal.wvu.edu.

Adding someone else's device to your account also increases the likelihood of problems when you try to log into a secure application. if someone else has already added a device to your account, please contact the Service Desk at 304-293-4444 to have it removed immediately.

The wired network at HSC will not require two-factor authentication because there are hardware controls in place for security. The locations using the wired network include:

  • Morgantown, Charleston and Eastern campuses
  • HSC managed off-site locations (CED, CPRC, ICRC, RDTP)
  • Ruby Memorial Hospital and WVUH clinics

However, two-factor is required if you connect to the HSC student or WVU.Encrypted wireless networks. This also includes the HSC instructor computers in HSC classrooms.

Also, it’s important to note that HSC employees will have to use two-factor if they connect to systems from off-site, and when they travel elsewhere on WVU campuses. Health Sciences Center employees can choose to install the Duo app on their phone or to use the Duo display token; HSC will not use the Yubikey token.

That depends. If you use the email app on your device, you’ll never need to authenticate. However, if you use the Outlook Web App on any device, you’ll have to use two-factor authentication. If you check your email via portal.wvu.edu, you’ll have to authenticate only when you log in to the portal, but not a second time to read email.
Yes. Students will be required to use two-factor in all computer labs, classrooms with computer equipment, and multi-purpose classrooms used as testing labs after Aug. 1, 2018. After reviewing all of the potential implications for teaching and learning, the Office of the Provost decided that no location will be exempted from this important security initiative. No group of employees will be exempted, either.

No. Shared email addresses, also called resource accounts, CANNOT be used for two-factor authentication. Two-factor relies on the identity of the individual to prove who he or she is. Resource accounts by nature are not tied to an individual.

If you are using a shared account to access a system that requires WVU Login credentials, you will have to change your practice and log in as an individual user. This is best practice from a security standpoint as well.

For six months, you will retain your student role in WVU systems and will need to use two-factor if you are accessing your Gmail through the Portal. However, you can avoid the Portal by going directly to mix.wvu.edu/gmail. Eventually, you’ll be removed from the Duo system.

For additional information, view the Two-Factor Authentication Instruction Guides provided by the ITS Training Group. You can also browse Duo's Common Issues page for more information.

If you need additional assistance and are able to sign into this site, visit the Duo Two-Factor Authentication Support service page to submit a ticket. If you need assistance and are unable to sign into this site because you cannot authenticate using Duo, visit the Duo Two-Factor Authentication Help (Unable to Log Into Site to Submit a Ticket) service page.

Details

Article ID: 15390
Created
Thu 7/28/16 9:20 AM
Modified
Tue 6/19/18 3:59 PM

Files (2)

pdf

PROVE its you.pdf

4/28/2017 10:10:17 AM 
mp4

Two-Factor Authentication.mp4

4/3/2018 10:24:21 AM