Duo Two-Factor Authentication FAQ


If you have a question about Duo, start with the Duo FAQ below.

All faculty, staff and students on all WVU campuses must use Duo two-factor authentication.

Note: Two-factor is for WVU employees and students ONLY. Parents, guardians and partners may NOT use Duo two-factor to access the account of a student or employee. This is a violation of the University's Acceptable Use of Technology Resources Policy.

Passwords are compromised regularly. They’re no longer good enough to protect personal, sensitive or financial information. WVU’s data includes YOUR data. A large security breach could affect both the University’s finances and reputation, while the personal information of individuals could also be at risk.

Two-factor is also required for industries that handle credit card or financial data. That includes WVU. It’s also a cyber liability insurance requirement.

Many universities are adopting the same approach as WVU. That includes Indiana University, Baylor, Texas A&M, University of Miami, Virginia Tech and Pitt.

The most convenient method is to download the free Duo Mobile app on your smartphone and enable push notifications. After you set up your Duo account, you’ll be prompted to approve a push notification or enter a code before accessing secure WVU systems.

If you don’t have cell service or Wi-Fi coverage, you can also select ENTER PASSCODE and enter a code generated by the Duo app installed on your phone or device. Simply open the app and tap the key icon in the upper right-hand corner. That will generate a passcode that will work with any browser.

If someone tries to log into a system using your credentials, please DENY the access request and immediately go to login.wvu.edu to change your password. Your login information may have been compromised.
If you are downloading the Duo app onto an Apple device, you will need an Apple ID. View Apple's support articles to learn how to create a new Apple ID without adding a payment method or remove a payment method from your existing Apple ID. Contact Apple Support if you need help with your Apple ID.
If you’re using personal funds, you can buy a Duo display token for $24.98 at any physical or online WVU Barnes & Noble bookstore. Search for "Duo Security." The display token works with any web browser or device. Just push the green button to generate a one-time code that will complete your login.

Note: Sharing either your Duo security account or your WVU Login account with anyone, including parents or guardians, is a violation of the University's Acceptable Use of Data and Technology Resources Policy.
Duo display tokens have an expected minimum battery lifetime of seven years. Attempting to change the battery will destroy the device.
Your Duo display token may fall out of sync if the button is pressed many times without using the generated codes. Make sure you store your token safely to prevent other objects from accidentally pressing the button.
No. Your token device will be associated with your account only. It cannot be shared with other users.

Other authentication apps will not work with WVU systems. Only Duo Mobile is compatible with systems that are behind Duo protection.

Display tokens, ones that display a number when you press a button, will NOT work with Duo unless they are purchased directly from WVU. ITS will have more information on how these will be distributed later this year.

Yes. Just open the app and tap the drop-down arrow next to your account to generate and enter a passcode. At that point, your phone will be functioning like a Duo token.
Yes, but if you’re going abroad, we recommend you take a token device or print 10 one-use passcodes to take with you. View How to Generate Bypass Codes for Duo Authentication for steps to generate and use these codes. If you need assistance with other options, contact the ITS Service Desk.

No. WVU purchased a basic version of the software that only tells us your username, the IP address used and what type of device you are using to authenticate. We see what time you authenticated and logged in, or if your attempt to authenticate failed. We don’t even know what system you’re logging into. We just know whether it worked.

We need to see the IP address that was used to be able to identify situations where someone was trying to gain fraudulent access to a student account. We can tell, for example, if a bad guy trying to log in was in Kentucky while the targeted student was in Morgantown.

We are obligated to protect students’ academic and financial information, and WVU has a privacy policy that was created specifically to respect individual privacy. It limits the collection, access, use, disclosure and storage of personal data. We put this policy in place to protect students’ information, as well as that of employees, the University and third parties with whom we do business. Duo supports that policy and helps protect that data. It does not infringe on privacy. We would never select a vendor or a product that would compromise the personal information of any student or employee.

Any system or application that displays a Central Authentication Service screen and requires you to enter your Login credentials will be behind two-factor authentication. That list is always changing but will include sensitive systems including eCampus, Portal, DegreeWorks, SEI and WVU+kc (Kuali).

If you have a secondary authentication device such as a tablet or token set up in Duo, you can use it to authenticate and set up your new mobile phone. If you do not have a secondary device set up in Duo, there are two ways to obtain a single-use passcode to authenticate.

  1. Before you replace your phone, you can visit Login.wvu.edu and click on My Login to view your Two-Factor account options. You must authenticate to access your account settings. On the My Login page, you can click a link that will generate a set of 10 passcodes for your account. You can print this list of single-use passcodes and put them in your wallet to be used as needed. Mark out each passcode after it has been used.

  2. If you do not have any passcodes written down or printed out, you can contact the ITS Service Desk (304-293-4444) for assistance. They will ask for your WVU ID number, and then provide a passcode you can use to authenticate and set up your new device.

There are two ways you can get a passcode to authenticate if you forgot your device. You can go to Login.wvu.edu and click on My Login to see a link that will generate a set of 10 passcodes for your account. You can also contact the ITS Service Desk (304-293-4444) for assistance with accessing WVU systems if you do not have a secondary device on your account.

No, they can't. That's a violation of the University's Acceptable Use of Data and Technology Resources Policy. Duo security and WVU Login accounts are for STUDENTS AND EMPLOYEES ONLY. The appropriate way for parents or guardians to access student records is through the Parent Guest Portal at parent-guest.portal.wvu.edu.

Adding someone else's device to your account also increases the likelihood of problems when you try to log into a secure application. if someone else has already added a device to your account, please contact the Service Desk at 304-293-4444 to have it removed immediately.

The wired network at HSC will not require two-factor authentication because there are hardware controls in place for security. The locations using the wired network include:

  • Morgantown, Charleston and Eastern campuses
  • HSC managed off-site locations (CED, CPRC, ICRC, RDTP)
  • Ruby Memorial Hospital and WVUH clinics

However, two-factor is required if you connect to the HSC student or WVU.Encrypted wireless networks. This also includes the HSC instructor computers in HSC classrooms.

Also, it’s important to note that HSC employees will have to use two-factor if they connect to systems from off-site, and when they travel elsewhere on WVU campuses. Health Sciences Center employees can choose to install the Duo app on their phone or to use the Duo display token; HSC will not use the Yubikey token.

Yes. Students will be required to use two-factor in all computer labs, classrooms with computer equipment, and multi-purpose classrooms used as testing labs after Aug. 1, 2018. After reviewing all of the potential implications for teaching and learning, the Office of the Provost decided that no location will be exempted from this important security initiative. No group of employees will be exempted, either.

No. Shared email addresses, also called resource accounts, CANNOT be used for two-factor authentication. Two-factor relies on the identity of the individual to prove who he or she is. Resource accounts by nature are not tied to an individual.

If you are using a shared account to access a system that requires WVU Login credentials, you will have to change your practice and log in as an individual user. This is best practice from a security standpoint as well.

Students will be required to use Duo until their student role in STAR ends, which can be up to 100 days after the end of the last semester attended.

Retirees who are not Emeritus or otherwise working for WVU are exempt and will not need two-factor to check email.

Turn it in at either of the ITS Service Centers, located at G118 of Bennett Tower and in the Vandalia Lounge of the Mountainlair. ITS will determine who the token is assigned to and contact that person to report it has been located. We will not reassign the token to the person who finds it.

Contact ITS immediately to have the device removed from your account. You can call 304-293-4444 or go to one of the ITS Service Centers, located at G118 of Bennett Tower and in the Vandalia Lounge of the Mountainlair. We will provide a one-time code for you to log in and print out 10 more codes that will let you log in while you obtain a new device.

No. If an employee is leaving WVU, and the token was purchased with either state or Research Corp. funding, the device belongs to the University and should be returned to the supervisor. If the supervisor wants to reassign the device to another employee, he or she can make the request.

ITS won’t reassign a privately purchased display token without the explicit, in-person consent of both the owner and the person to whom the token would be reassigned. Both parties must visit an ITS Service Center and provide proof of identity.

Go to any WVU Barnes & Noble bookstore, in store or online. When shopping online, type the words “Duo Digipass” in the search box.

You can still authenticate two other ways: Print out 10 passcodes and carry them with you or purchase a Duo display token to generate codes on demand.

When these 10 codes are used up, you can repeat this process and print 10 more. However, you must have a device registered to your account to generate the codes. DON’T use the Duo Mobile app to generate passcodes and write them down; those are for immediate use only. As soon as you generate a new code, the previous code expires.

Duo display tokens cost $24.98 at any WVU Barnes & Noble bookstore. If purchasing online, search for the words “Duo Digipass” in the top right search box. Call the Service Desk at 304-293-4444 if you need help.

For additional information, view the Two-Factor Authentication Instruction Guides provided by the ITS Training Group. You can also browse Duo's Common Issues page for more information.

If you need additional assistance and are able to sign into this site, visit the Duo Two-Factor Authentication Support service page to submit a ticket. If you need assistance and are unable to sign into this site because you cannot authenticate using Duo, visit the Duo Two-Factor Authentication Help (Unable to Log Into Site to Submit a Ticket) service page.


Article ID: 15390
Thu 7/28/16 9:20 AM
Thu 6/6/19 10:08 AM

Files (2)


PROVE its you.pdf

4/28/2017 10:10:17 AM 

Two-Factor Authentication.mp4

8/31/2018 4:22:18 PM