Duo Two-Factor Authentication FAQ

Overview:

If you have a question about Duo, start with the Duo FAQ below.

All faculty, staff and students on all WVU campuses must use Duo two-factor authentication.

Note: Two-factor is for WVU employees and students ONLY. Parents, guardians and partners may NOT use Duo two-factor to access the account of a student or employee. This is a violation of the University's Acceptable Use of Technology Resources Policy.

Passwords are compromised regularly. They’re no longer good enough to protect personal, sensitive or financial information. WVU’s data includes YOUR data. A large security breach could affect both the University’s finances and reputation, while the personal information of individuals could also be at risk.

Two-factor is also required for industries that handle credit card or financial data. That includes WVU. It’s also a cyber liability insurance requirement.

Many universities are adopting the same approach as WVU. That includes Indiana University, Baylor, Texas A&M, University of Miami, Virginia Tech and Pitt.

The most convenient method is to download the free Duo Mobile app on your smartphone and enable push notifications. After you set up your Duo account, you’ll be prompted to approve a push notification or enter a code before accessing secure WVU systems.

If you’re a WVU employee, you’ll be prompted to set up Duo the first time you try to access a secure system. If you’re a student, you’ll be prompted 48 hours after you register for classes. You’ll need access to a computer and have your smartphone in hand. To make the process go faster, download the Duo Mobile app on your smartphone before you begin. When you’re ready, click Start setup and follow the on-screen instructions. Refer to the Set Up Duo Two-Factor on a Smartphone or Tablet article for more information.
Any system or application that displays a Central Authentication Service (CAS) screen and requires you to enter your Login credentials will be behind two-factor authentication. That list is always changing, but includes secure systems like Outlook email, MIX email, eCampus, Portal, DegreeWorks, SEI and WVU+kc (Kuali).
Yes. You can purchase a Duo display token from your campus’s WVU Barnes & Noble Bookstore, either in-store or online. To authenticate, you’ll press the green button on the device to generate and enter a code.
No. Other authentication apps and security tokens will not work with WVU systems. Only Duo Mobile is compatible with systems that are behind Duo protection.

If an employee is leaving WVU, and the token was purchased with either state or Research Corp. funding, the device belongs to the University and should be returned to the supervisor. If the supervisor wants to reassign the device to another employee, he or she can make the request.

ITS won’t reassign a privately purchased display token without the explicit, in-person consent of both the owner and the person to whom the token would be reassigned. Both parties must visit an ITS Service Center and provide proof of identity.

Yes. Just open the app and tap the drop-down arrow next to your account to generate and enter a passcode. At that point, your phone will be functioning like a Duo token.

No. WVU purchased a basic version of the software that only tells us your username, the IP address used and what type of device you are using to authenticate. We see what time you authenticated and logged in, or if your attempt to authenticate failed. We don’t even know what system you’re logging into. We just know whether it worked.

We need to see the IP address that was used to be able to identify situations where someone was trying to gain fraudulent access to a student account. We can tell, for example, if a bad guy trying to log in was in Kentucky while the targeted student was in Morgantown.

We are obligated to protect students’ academic and financial information, and WVU has a privacy policy that was created specifically to respect individual privacy. It limits the collection, access, use, disclosure and storage of personal data. We put this policy in place to protect students’ information, as well as that of employees, the University and third parties with whom we do business. Duo supports that policy and helps protect that data. It does not infringe on privacy. We would never select a vendor or a product that would compromise the personal information of any student or employee.

Yes. Two-factor is required in all computer labs, classrooms with computer equipment, and multi-purpose classrooms used as testing labs. After reviewing all the potential implications for teaching and learning, the Office of the Provost decided that no location will be exempted from this important security initiative. No group of employees will be exempted, either.

No. Shared email addresses, also called resource accounts, CANNOT be used for two-factor authentication. Two-factor relies on the identity of the individual to prove who he or she is. Resource accounts by nature are not tied to an individual.

If you are using a shared account to access a system that requires WVU Login credentials, you will have to change your practice and log in as an individual user. This is best practice from a security standpoint as well.

Yes, but if you’re going abroad, we recommend bringing a Duo display token or 10 single-use backup passcodes.

If you forgot your mobile device or Duo display token and don’t have a backup method, you’ll have to call the Service Desk at 304-293-4444 to get help. To avoid this, add another device to your Duo account, or print 10 single-use backup codes.

Students will be required to use Duo until their student role in STAR ends, which can be up to 100 days after the end of the last semester attended.

Retirees who are not Emeritus or otherwise working for WVU are exempt and will not need two-factor to check email.

Details

Article ID: 15390
Created
Thu 7/28/16 9:20 AM
Modified
Fri 6/28/19 3:35 PM

Related Articles (1)