Skip to Knowledge Base content

Duo Two-Factor Authentication FAQ

Overview:

If you have a question about Duo, start with the Duo FAQ below!

What is two-factor authentication?

Two-factor authentication is a second layer of security besides your username and password for any kind of account. It means you have to confirm your identity in two ways – with something you KNOW and something you HAVE. Duo is the application that WVU is using.

Why do we need it?

Passwords can be compromised, so passwords alone aren’t good enough anymore when it comes to protecting your personal information, and our systems and networks. In 2018, WVU must comply with the Payment Card Industry Data Security Standard (PCI DSS). This applies to any company or institution that accepts, stores, processes or transmits credit card payments and card holder data.

A large security breach of personal data could result in big costs to the University, which would be required by state law to offer one year of credit protection services to each affected user. Our cyber-insurance policy currently carries a $255,000 premium; credit protection costs would be reflected in our renewal rates. The potential damage to our institutional reputation can’t be quantified in dollars.

How does it work?

Most users will install the free Duo Mobile application from the appropriate app store on their smart phones. For set up instructions, view the two-factor authentication instruction guides at twofactor.wvu.edu.

If you select PUSH ALERTS, an alert will appear on your cell phone when you try to log into a secure system. You can tap the APPROVE box to confirm it’s you and complete the login. If the attempt to log in is not your own, tap the red box to DENY access.

If you don’t have cell service or Wi-Fi coverage, you can also select ENTER PASSCODE and enter a code generated by the Duo app installed on your phone or device. Simply open the app and tap the key icon in the upper right-hand corner. That will generate a passcode that will work with any browser.

What if I get a request for authentication but I did not try to login to any WVU system?

If someone tries to log into a system using your credentials, please DENY the access request and immediately go to login.wvu.edu to change your password. Your login information may have been compromised.

Is the app free?

Yes, Duo Mobile is free to download in the Apple Store, Google Play Store, Windows app store, and BlackBerry World.

I need an Apple ID to download the app. How can I create one without adding a credit card or payment method?

If you are downloading the Duo app onto an Apple device, you will need an Apple ID. View Apple's support articles to learn how to create a new Apple ID without adding a payment method or remove a payment method from your existing Apple ID. Contact Apple Support if you need help with your Apple ID.

WVU doesn’t pay me a cell phone stipend. Why should I have to use my personal phone for this?

There is no cost associated with using the phone app because it uses so little of your data. Anyone who owns a smart phone should try that approach for a few weeks. We anticipate the experience will mirror those of our pilot testers, who have seen no increases on their bills.

Our research indicates that cell phones are the most popular choice for two-factor authentication because of the convenience. Most people who carry one seldom go anywhere without it. If, after two weeks, you find that the phone app isn’t effective, you may report the reason to your supervisor and request a hardware token that will generate passcodes.

General concerns about cell phone stipends and/or the use of a cell phone for your job at the University should be taken up with your supervisor. Stipends have been reduced or eliminated because of ongoing budget pressures.

I have a limited text and data plan. Do I have an alternative?

Yes. You can use a device that looks like a USB key to generate passcodes; it works with Chrome and Firefox. Plug it into your laptop or desktop computer to complete your authentication. You can also use a display token to generate codes that will work in any browser. The Duo app will work on a smart phone even if you have no cell service or Wi-Fi coverage. Simply open the app and tap the key icon in the upper right-hand corner. That will generate a passcode, so your phone essentially functions like the display token.

I chose a hardware option. Can I just leave it plugged in full time or keep it on my desk?

No. Both of those practices raise security concerns. It’s the electronic equivalent of taping a Post-It note with your password to your monitor. If you leave your device unattended, others could take advantage of your access. You should carry the Yubikey or display token with you.

 

Can I share my U2F YubiKey or Duo Display token with a friend?


No. Your token device will be associated with your account only. It cannot be shared with other users. Both devices will work for your account on any computer where you log in with your WVU username and password.

I already have a hardware token or use an authentication app. Will mine work with WVU systems?

Other authentication apps will not work with WVU systems. Only Duo Mobile is compatible with systems that are behind Duo protection.

If you already have a Yubikey token, one that plugs into the USB port on your PC, you may add it as one of your device options for authentication with Duo. Directions can be found here.

Display tokens, ones that display a number when you press a button, will NOT work with Duo are unless they are purchased directly from WVU. ITS will have more information on how these will be distributed later this year.

Will two-factor authentication work on my cell phone if I don't have cellular coverage or Wi-Fi access?

Yes. You won't be able to receive Push notifications, but if you touch the Key symbol in the Duo App, it will give you a 6-digit code to enter and get access.

Is this just for Morgantown?

No. Because we are One WVU and we use the same systems, two-factor authentication will eventually be in use on all WVU campuses, including Keyser and Beckley. It use will become mandatory during 2018, but that will be phased in.

I’m traveling overseas. Will two-factor authentication work outside the U.S.?

Yes, but if you’re going abroad, we recommend you take a token device or contact the ITS Service Desk for assistance with other options.

But isn’t this an inconvenience?

Not really. Many people already use two-factor for online banking and shopping. Social media sites ask you to confirm your identity when you try to log in from a new device or location, and you may have to enter your ZIP code when you use a credit card to buy gas. That’s two-factor at work. Even the State Auditor’s Office is now offering it on the MyApps site, where you can check your pay stub.

When is it coming?

In 2018, WVU must comply with the Payment Card Industry Data Security Standard (PCI DSS). This applies to any company or institution that accepts, stores, processes or transmits credit card payments and card holder data.

Voluntary enrollment for those interested in joining the pilot will begin with the fall 2017 semester. Starting in February 2018, the use of two-factor authentication will be required on all WVU campuses. The program will be rolled out gradually, with onsite support from ITS for departments and colleges in Morgantown, and at the Keyser and Beckley campuses.

No one will be enrolled without prior notice.

What kinds of applications require authentication?

The list will change, but for now, you must confirm your identity to use:

eCampus
portal.wvu.edu
it.wvu.edu/help
WVU+kc (Kuali Coeus)
Web Access of Office 365
its.wvu.edu/sei
Educause.edu
Cores

If I leave my desktop on when I leave for the night, will I have to log in using Duo the next morning?

At some point during the next day, you will have to re-authenticate. Every session lasts 24 hours per browser/device combination. So, if you open a secure application in a new browser, you’ll have to re-authenticate even if you’re using the same computer.

What if I lose my phone or get a new phone?

If you have a secondary authentication device such as a tablet set up in Duo, you can use it to authenticate and set up your new mobile phone. Otherwise, you should contact the ITS Service Desk at 304-293-4444 for a single-use passcode that you can use to authenticate. Eventually, you’ll be able to generate passcodes on your own, but we’re still developing that self-service feature.

I work at the Health Sciences Center. Will I have to use Duo?

The wired network at HSC will not require two-factor authentication because there are hardware controls in place for security. However, you will have to use two-factor if you connect wirelessly. Also, it’s important to note that HSC employees will have to use two-factor if they connect to systems from off-site, and when they travel elsewhere on WVU campuses.

Will I have to use two-factor authentication to read email on my phone or tablet?

That depends. If you use the email app on your device, you’ll never need to authenticate. However, if you use the Outlook Web App on any device, you’ll have to use two-factor authentication. If you check your email via portal.wvu.edu, you’ll have to authenticate only when you log in to the portal, but not a second time to read email.

I forgot my phone and don’t have a secondary device on my account, what do I do?

Contact the Service Desk for assistance with accessing WVU systems if you do not have a secondary device on your account.

I still need help!

For additional information, view the Two-Factor Authentication Instruction Guides provided by the ITS Training Group. You can also browse Duo's Common Issues page for more information.

If you need additional assistance and are able to sign into this site, visit the Duo Two-Factor Authentication Support service page to submit a ticket. If you need assistance and are unable to sign into this site because you cannot authenticate using Duo, visit the Duo Two-Factor Authentication Help (Unable to Log Into Site to Submit a Ticket) service page. 

For additional information, check these categories in the Knowledge Base:

Accounts & Access Articles

Academic Resource Articles

Administrative & Business Articles

Wi-Fi & Networking Articles

Security & Privacy Articles

Need assistance? See the following related services:

Accounts & Access Requests

Security & Privacy Requests

 

duo duo duo duo duo duo duo duo duo duo duo duo two factor two factor two factor two factor two factor two factor two factor two factor two factor two factor

duo duo duo duo duo duo duo duo duo duo duo duo two factor two factor two factor two factor two factor two factor two factor two factor two factor two factor

duo duo duo duo duo duo duo duo duo duo duo duo two factor two factor two factor two factor two factor two factor two factor two factor two factor two factor

duo duo duo duo duo duo duo duo duo duo duo duo two factor two factor two factor two factor two factor two factor two factor two factor two factor two factor

Details

Article ID: 15390
Created
Thu 7/28/16 9:20 AM
Modified
Mon 8/28/17 9:27 AM

Files (1)

pdf

PROVE its you.pdf

4/28/2017 10:10:17 AM