65-95% of all data breaches are related to compromised passwords. With Duo, someone who has your Net ID and password cannot log in to your BYU accounts without your device or passcode.

You just need a second factor device. Here is a list of options.

Duo is required to access BYU confidential information like direct deposit, or to make changes to personal information. This prevents hackers from seeing and changing the things they shouldn't. All employees and students are automatically enrolled in and are required to use Duo.

Click on 'Enroll'.
Then, return to https://duo.byu.edu and click on 'Confirm Enrollment'.

Once you're enrolled and have confirmed your enrollment, log in to a BYU website, and you will be presented with the Duo prompt page.

If you've configured your Duo Mobile app for 'Push' notifications (recommended), a 'Push' notification will be sent to your device that has the configured Duo Mobile app installed.

More information on second factor options can be found here.

If you have a question or concern, we have several ways that you can contact us.

During business hours (9-5 p.m.), visit your Duo Access Coordinator.

Coordinators have received training and tools to help 'Prove it's you' and troubleshoot problems. For employees, Duo Access Coordinators are usually an HR/Payroll Manager, office manager, department secretary, or CSR.

For students, the ID Center (1057 WSC) acts as a Duo Access Coordinator for in-person visits.

If you need additional support, you can always call BYU IT Support (801-422-4000) that acts as a Duo Access Coordinator over the phone.

Duo authentication options include:

• Touch ID
• Security Keys
• Duo Mobile push approval
• Yubikey passcodes
• Duo mobile generated passcodes
• SMS passcodes
• Phone call approval

More information on these options can be found here.
SMS passcodes and Phone call approval options are the least secure of all the options, so we don't recommend that you commonly use those options.

Using the Duo Mobile app to generate passcodes is convenient because you don't have to be connected to the network to generate a passcode. (Nice when you are in the basement of the a building where network access is often not available or spotty at best!) Consider adding two or more options or devices so you'll have choices if something goes wrong with your default device or options.

To add or remove your devices or options, log in to a BYU website wit your current username and password. If you opted to "trust this browser", you will need to log in to a BYU website in an incognito browser. Once the Duo prompt page comes up, click on 'Other options'. Then, click on 'Manage devices.'

Follow the instructions provided on the Duo help site here.

For help adding a U2F token, follow the instructions here.

To add a Duo Token, take the token to the ID Center, 1057 WSC, or your department Duo Access Coordinator. Tokens can be purchased at the BYU store.

If an option does not work because you can't access WIFI or you can't get a mobile signal, use the 'Passcode' option.

You can see the passcode to use by opening Duo Mobile app and tapping your BYU account in the app to open the account. You should see a code that refreshes every minute. Type the code in the Duo prompt page.

More help on the Duo site can be found here.

You can also generate a passcode with a token; see the 'How do hardware tokens work?' section.

U2F tokens and Duo tokens are available for purchase at the BYU Store Tech register. U2F tokens only work with Chrome browsers and require a USB port, but they populate the passcode box with a simple touch.

Duo tokens work with any browser and do not require a USB port. Duo tokens display a passcode at the touch of a button, but you must then type in the passcode in the Duo prompt.

For help adding a U2F token, follow the instructions here.

To add a Duo passcode token, purchase the token at the BYU Store Tech register and take the token to the ID Center, 1057 WSC, or your department Duo Access Coordinator.

Trusting a browser means that Duo can remember a browser that you use regularly so that you can skip the Duo prompt for a configured amount of time.

BYU's remember device policy is set to remember the browser for 30 days.

Note: You should not trust a browser that is on a shared or public computer (labs, classrooms, library, etc.).

To protect your account, only trust a browser on your personal computer or device. More information on trusting a browser can be found here.