Skip to main content
Hidden image

Duo Security

DIFFERENT look, SAME security

Cougar using Duo Security


DUO Security Two-Step Verification at BYU


The steps for first-time enrollment and device setup can be found in the DUO Guide website.

We recommend having the Duo Guide site open on a second browser tab/window to refer back to while you step through the device setup process.

The DUO Guide site has the following steps:

  1. Introduction:
    Explains why two-step verification is important.
  2. Choose Your Verification Method:
    Shows the different verification methods you can choose from.
  3. Add Your Chosen Method:
    Walks you through how to add your chosen verification method.
  4. Add a Backup Method:
    Explains why it is a good idea to add a second verification method, but also gives you an option to skip it. If you choose to add backup method, simply follow step three again. It also explains what you will see after either skipping it or adding a backup method.


Duo Enrollment


PARENTS/GUESTS: If you are a parent or a guest, you will need to manually enroll by clicking the “Enroll” button. This process will have you log in, then it will enroll you in Duo and direct you to begin setting up a device for Duo. Following the steps in the “First-time enrollment and device setup” section.


Be aware that without being enrolled in Duo you may not be able to access certain websites and content. In addition, anyone with an active university roll cannot unenroll from duo. Active University rolls include: current faculty, staff, students, and those needing access to financial information.


  • 65-95% of all data breaches are related to compromised passwords. With Duo, someone who has your Net ID and password cannot log in to your BYU accounts without your device or passcode.

    You just need a second factor device. Here is a list of options.

    Duo is required to access BYU confidential information like direct deposit, or to make changes to personal information. This prevents hackers from seeing and changing the things they shouldn't. All employees and students are automatically enrolled in and are required to use Duo.

  • Click on 'Enroll'.
    Then, return to and click on 'Confirm Enrollment'.

    Once you're enrolled and have confirmed your enrollment, log in to a BYU website, and you will be presented with the Duo prompt page.

    If you've configured your Duo Mobile app for 'Push' notifications (recommended), a 'Push' notification will be sent to your device that has the configured Duo Mobile app installed.

    More information on second factor options can be found here.

  • If you have a question or concern, we have several ways that you can contact us.

    During business hours (9-5 p.m.), visit your Duo Access Coordinator.

    Coordinators have received training and tools to help 'Prove it's you' and troubleshoot problems. For employees, Duo Access Coordinators are usually an HR/Payroll Manager, office manager, department secretary, or CSR.

    For students, the ID Center (1057 WSC) acts as a Duo Access Coordinator for in-person visits.

    If you need additional support, you can always call BYU IT Support (801-422-4000) that acts as a Duo Access Coordinator over the phone.


  • Duo authentication options include:

    • Touch ID
    • Security Keys
    • Duo Mobile push approval
    • Yubikey passcodes
    • Duo mobile generated passcodes
    • SMS passcodes
    • Phone call approval

    More information on these options can be found here.
    SMS passcodes and Phone call approval options are the least secure of all the options, so we don't recommend that you commonly use those options.

    Using the Duo Mobile app to generate passcodes is convenient because you don't have to be connected to the network to generate a passcode. (Nice when you are in the basement of the a building where network access is often not available or spotty at best!) Consider adding two or more options or devices so you'll have choices if something goes wrong with your default device or options.

    To add or remove your devices or options, log in to a BYU website wit your current username and password. If you opted to "trust this browser", you will need to log in to a BYU website in an incognito browser. Once the Duo prompt page comes up, click on 'Other options'. Then, click on 'Manage devices.'

    Follow the instructions provided on the Duo help site here.

    For help adding a U2F token, follow the instructions here.

    To add a Duo Token, take the token to the ID Center, 1057 WSC, or your department Duo Access Coordinator. Tokens can be purchased at the BYU store.

  • If an option does not work because you can't access WIFI or you can't get a mobile signal, use the 'Passcode' option.

    You can see the passcode to use by opening Duo Mobile app and tapping your BYU account in the app to open the account. You should see a code that refreshes every minute. Type the code in the Duo prompt page.

    More help on the Duo site can be found here.

    You can also generate a passcode with a token; see the 'How do hardware tokens work?' section.

  • U2F tokens and Duo tokens are available for purchase at the BYU Store Tech register. U2F tokens only work with Chrome browsers and require a USB port, but they populate the passcode box with a simple touch.

    Duo tokens work with any browser and do not require a USB port. Duo tokens display a passcode at the touch of a button, but you must then type in the passcode in the Duo prompt.

    For help adding a U2F token, follow the instructions here.

    To add a Duo passcode token, purchase the token at the BYU Store Tech register and take the token to the ID Center, 1057 WSC, or your department Duo Access Coordinator.

  • Trusting a browser means that Duo can remember a browser that you use regularly so that you can skip the Duo prompt for a configured amount of time.

    BYU's remember device policy is set to remember the browser for 30 days.

    Note: You should not trust a browser that is on a shared or public computer (labs, classrooms, library, etc.).

    To protect your account, only trust a browser on your personal computer or device. More information on trusting a browser can be found here.