Duo Two-Factor Authentication FAQ

Overview:

If you have a question about Duo, start with the Duo FAQ below!

All faculty, staff and students on all WVU campuses must use Duo two-factor authentication.

Note: Two-factor is for WVU employees and students ONLY. Parents, guardians and partners may NOT use Duo two-factor to access the account of a student or employee. This is a violation of the University's Acceptable Use of Technology Resources Policy.

Passwords are compromised regularly. They’re no longer good enough to protect personal, sensitive or financial information. WVU’s data includes YOUR data. A large security breach could affect both the University’s finances and reputation, while the personal information of individuals could also be at risk.

Two-factor is also required for industries that handle credit card or financial data. That includes WVU. It’s also a cyber liability insurance requirement.

Many universities are adopting the same approach as WVU. That includes Indiana University, Baylor, Texas A&M, University of Miami, Virginia Tech and Pitt.

The most convenient method is to download the free Duo Mobile app on your smartphone and enable push notifications. After you set up your Duo account, you’ll be prompted to approve a push notification or enter a code before accessing secure WVU systems.

If you don’t have cell service or Wi-Fi coverage, you can also select ENTER PASSCODE and enter a code generated by the Duo app installed on your phone or device. Simply open the app and tap the key icon in the upper right-hand corner. That will generate a passcode that will work with any browser.

If someone tries to log into a system using your credentials, please DENY the access request and immediately go to login.wvu.edu to change your password. Your login information may have been compromised.
If you are downloading the Duo app onto an Apple device, you will need an Apple ID. View Apple's support articles to learn how to create a new Apple ID without adding a payment method or remove a payment method from your existing Apple ID. Contact Apple Support if you need help with your Apple ID.

Yes. The Duo app will work on a smart phone even if you have no cell service or Wi-Fi coverage. Simply open the app and tap the key icon in the upper right-hand corner. That will generate a passcode, so your phone essentially functions like the display token. If you don’t want to use your phone at all, we recommend you purchase the Duo Digipass display token from a WVU Barnes & Noble store.

Once you enroll in Duo, you should be prepared to add the device you intend to use. If you don’t add the device at that time, you may lose your access and will have to call the ITS Service Desk for assistance at 304-293-4444.

After setting up Duo correctly, you will be prompted to enter your WVU Login credentials when accessing certain systems such as eCampus, Portal and MIX. Then you will be prompted to confirm your identity by sending yourself a push notification or code. You will prove it’s you by either opening the notification and tapping Approve on your mobile device, or entering a code generated by the Duo Mobile app or Duo display token.

To use Duo two-factor authentication you must download the FREE Duo Mobile app on your mobile device or purchase a Duo display token for $24.98 at any WVU Barnes & Noble bookstore.

If you’re using personal funds, you can buy a Duo display token for $24.98 at any physical or online WVU Barnes & Noble bookstore. Search for "Duo Security." The display token works with any web browser or device. Just push the green button to generate a one-time code that will complete your login.

Note: Sharing either your Duo security account or your WVU Login account with anyone, including parents or guardians, is a violation of the University's Acceptable Use of Data and Technology Resources Policy.
Duo display tokens have an expected minimum battery lifetime of seven years. Attempting to change the battery will destroy the device.
Your Duo display token may fall out of sync if the button is pressed many times without using the generated codes. Make sure you store your token safely to prevent other objects from accidentally pressing the button.
No. Your token device will be associated with your account only. It cannot be shared with other users. Both devices will work for your account on any computer where you log in with your WVU username and password.

Other authentication apps will not work with WVU systems. Only Duo Mobile is compatible with systems that are behind Duo protection.

If you already have a Yubikey token, one that plugs into the USB port on your PC, you may add it as one of your device options for authentication with Duo. Directions can be found here.

Display tokens, ones that display a number when you press a button, will NOT work with Duo unless they are purchased directly from WVU. ITS will have more information on how these will be distributed later this year.

Yes. You won't be able to receive Push notifications, but if you touch the Key symbol in the Duo App, it will give you a 6-digit code to enter and get access.
Yes, but if you’re going abroad, we recommend you take a token device or print 10 one-use passcodes to take with you. View How to Generate Bypass Codes for Duo Authentication for steps to generate and use these codes. If you need assistance with other options, contact the ITS Service Desk.

No. WVU purchased a basic version of the software that only tells us your username, the IP address used and what type of device you are using to authenticate. We see what time you authenticated and logged in, or if your attempt to authenticate failed. We don’t even know what system you’re logging into. We just know whether it worked.

We need to see the IP address that was used to be able to identify situations where someone was trying to gain fraudulent access to a student account. We can tell, for example, if a bad guy trying to log in was in Kentucky while the targeted student was in Morgantown.

We are obligated to protect students’ academic and financial information, and WVU has a privacy policy that was created specifically to respect individual privacy. It limits the collection, access, use, disclosure and storage of personal data. We put this policy in place to protect students’ information, as well as that of employees, the University and third parties with whom we do business. Duo supports that policy and helps protect that data. It does not infringe on privacy. We would never select a vendor or a product that would compromise the personal information of any student or employee.

Two-factor authentication is required for access to any WVU system that contains personal, academic, financial, medical or credit/debit card information, regardless of what role you have with WVU. It’s needed for our cyber liability insurance coverage, and it is an industry standard for any business that handles payment cards. That includes universities.

Many universities are adopting the same approach as WVU, with no exemptions for any group of people, including students. Some of those schools include: Indiana University, Baylor, Texas A&M, University of Miami, Virginia Tech, the University of Kentucky and the University of Pittsburgh.
Any system or application that displays a Central Authentication Service screen and requires you to enter your Login credentials will be behind two-factor authentication. That list is always changing but will include sensitive systems including eCampus, Portal, DegreeWorks, SEI and WVU+kc (Kuali).
At some point during the next day, you will have to re-authenticate. Every session lasts 24 hours per browser/device combination. So, if you open a secure application in a new browser, you’ll have to re-authenticate even if you’re using the same computer.
The Service Desk can always generate a one-time code, but the better alternative would be a pre-emptive approach: Duo will let you print out 10 single-use codes that won't expire until you use them. Learn how to generate codes at login.wvu.edu. If you print them out and stick them in your wallet, you'll have an emergency backup. The Duo display token is another option for a backup.

If you have a secondary authentication device such as a tablet or token set up in Duo, you can use it to authenticate and set up your new mobile phone. If you do not have a secondary device set up in Duo, there are two ways to obtain a single-use passcode to authenticate.

  1. Before you replace your phone, you can visit Login.wvu.edu and click on My Login to view your Two-Factor account options. You must authenticate to access your account settings. On the My Login page, you can click a link that will generate a set of 10 passcodes for your account. You can print this list of single-use passcodes and put them in your wallet to be used as needed. Mark out each passcode after it has been used.

  2. If you do not have any passcodes written down or printed out, you can contact the ITS Service Desk (304-293-4444) for assistance. They will ask for your WVU ID number, and then provide a passcode you can use to authenticate and set up your new device.

There are two ways you can get a passcode to authenticate if you forgot your device. You can go to Login.wvu.edu and click on My Login to see a link that will generate a set of 10 passcodes for your account. You can also contact the ITS Service Desk (304-293-4444) for assistance with accessing WVU systems if you do not have a secondary device on your account.

No, they can't. That's a violation of the University's Acceptable Use of Data and Technology Resources Policy. Duo security and WVU Login accounts are for STUDENTS AND EMPLOYEES ONLY. The appropriate way for parents or guardians to access student records is through the Parent Guest Portal at parent-guest.portal.wvu.edu.

Adding someone else's device to your account also increases the likelihood of problems when you try to log into a secure application. if someone else has already added a device to your account, please contact the Service Desk at 304-293-4444 to have it removed immediately.

The wired network at HSC will not require two-factor authentication because there are hardware controls in place for security. The locations using the wired network include:

  • Morgantown, Charleston and Eastern campuses
  • HSC managed off-site locations (CED, CPRC, ICRC, RDTP)
  • Ruby Memorial Hospital and WVUH clinics

However, two-factor is required if you connect to the HSC student or WVU.Encrypted wireless networks. This also includes the HSC instructor computers in HSC classrooms.

Also, it’s important to note that HSC employees will have to use two-factor if they connect to systems from off-site, and when they travel elsewhere on WVU campuses. Health Sciences Center employees can choose to install the Duo app on their phone or to use the Duo display token; HSC will not use the Yubikey token.

Yes. Students will be required to use two-factor in all computer labs, classrooms with computer equipment, and multi-purpose classrooms used as testing labs after Aug. 1, 2018. After reviewing all of the potential implications for teaching and learning, the Office of the Provost decided that no location will be exempted from this important security initiative. No group of employees will be exempted, either.

No. Shared email addresses, also called resource accounts, CANNOT be used for two-factor authentication. Two-factor relies on the identity of the individual to prove who he or she is. Resource accounts by nature are not tied to an individual.

If you are using a shared account to access a system that requires WVU Login credentials, you will have to change your practice and log in as an individual user. This is best practice from a security standpoint as well.

For six months, you will retain your student role in WVU systems and will need to use two-factor if you are accessing your Gmail through the Portal. However, you can avoid the Portal by going directly to mix.wvu.edu/gmail. Eventually, you’ll be removed from the Duo system.

Turn it in at either of the ITS Service Centers, located at G118 of Lyon Tower and in the Vandalia Lounge of the Mountainlair. ITS will determine who the token is assigned to and contact that person to report it has been located. We will not reassign the token to the person who finds it.

Contact ITS immediately to have the device removed from your account. You can call 304-293-4444 or go to one of the ITS Service Centers, located at G118 of Lyon Tower and in the Vandalia Lounge of the Mountainlair. We will provide a one-time code for you to log in and print out 10 more codes that will let you log in while you obtain a new device.

No. If an employee is leaving WVU, and the token was purchased with either state or Research Corp. funding, the device belongs to the University and should be returned to the supervisor. If the supervisor wants to reassign the device to another employee, he or she can make the request.

ITS won’t reassign a privately purchased display token without the explicit, in-person consent of both the owner and the person to whom the token would be reassigned. Both parties must visit an ITS Service Center and provide proof of identity.

Go to any WVU Barnes & Noble bookstore, in store or online. When shopping online, type the words “Duo Digipass” in the search box.

Yes, you must use Duo if you are accessing WVU systems.

You can still authenticate two other ways: Print out 10 passcodes and carry them with you or purchase a Duo display token to generate codes on demand.

When these 10 codes are used up, you can repeat this process and print 10 more. However, you must have a device registered to your account to generate the codes. DON’T use the Duo Mobile app to generate passcodes and write them down; those are for immediate use only. As soon as you generate a new code, the previous code expires.

Duo display tokens cost $24.98 at any WVU Barnes & Noble bookstore. If purchasing online, search for the words “Duo Digipass” in the top right search box. Call the Service Desk at 304-293-4444 if you need help.

That would be our recommendation. You can purchase tokens online if you type “Duo Digipass” in the search box on any WVU Barnes & Noble site, or you can purchase them in person on the WVU campuses.

For additional information, view the Two-Factor Authentication Instruction Guides provided by the ITS Training Group. You can also browse Duo's Common Issues page for more information.

If you need additional assistance and are able to sign into this site, visit the Duo Two-Factor Authentication Support service page to submit a ticket. If you need assistance and are unable to sign into this site because you cannot authenticate using Duo, visit the Duo Two-Factor Authentication Help (Unable to Log Into Site to Submit a Ticket) service page.

Details

Article ID: 15390
Created
Thu 7/28/16 9:20 AM
Modified
Wed 4/17/19 8:12 AM

Files (2)

pdf

PROVE its you.pdf

4/28/2017 10:10:17 AM 
mp4

Two-Factor Authentication.mp4

8/31/2018 4:22:18 PM