LEARN HOW DUO SECURITY

Sixty-five to ninety-five percent of all data breaches are related to compromised passwords. The benefit of using Duo is that, even if someone somehow found out your Net ID and password, that person couldn’t log in as you without also stealing your phone, tablet, hardware device, or stored passcodes. By using your phone or other device to sign in, you add an additional wall of security to your account, making it almost impossible for someone to hack into it.

Additionally, there are certain data that cannot be accessed except if the user is enrolled in Duo. Examples include direct deposit information and financial statements. Enroll in Duo, and take control of your account!

After you sign up for Duo, the log-in process is like this:

1) Go to a BYU website and push “Log in”
2) Enter your Net ID and password
3) Provide your second verification step (multiple options)

a) Option #1: “Send Me a Push” (A notification comes to your Duo Mobile app; you push a button on your phone or tablet)
b) Option #2: “Call Me” (Receive a phone call on your registered landline [office phone or home phone], cell phone, or smart phone; push any button)
c) Option #3: “Enter a Passcode” (Type a numeric passcode into the box provided)

i) Generate a one-time use 6-digit passcode by pushing the key icon on the Duo Mobile App (does not require cell service or wifi)
ii) Receive a text message containing ten one-time use 7-digit passcodes to a registered mobile device
(push “Text me new codes” in the blue banner at the bottom of the screen; codes are valid until all are used)
iii) Generate a one-time use long numeric passcode with a hardware device that you purchased at the BYU Store (coming soon)

Note: There is also an option to check “Remember me for 30 days” on the Duo portal screen. If you check this box, your browser becomes your second verification step, and you don’t have to complete step #3 for an entire month (as long as you use the same browser on the same device, and don’t clear your cookies).

Anyone who signs in to BYU website, from anywhere in the world, can use Duo! Duo is not just for smartphone users. You can use Duo with a tablet, a generic mobile phone, a landline (office phone or home phone), or even a hardware device (which generates passcodes, sometimes by plugging into your USB port). Whatever your technology level, Duo has an option for you.

No. If you are going to be logging in to BYU sites frequently, Duo has a “Remember me for 30 days” function where you can set your Duo account to remember the device and internet browser that you logged in from. It is up to you how often you are asked to manually complete the second verification step.

To select “Remember me for 30 days,” simply check the box on the Duo portal before providing your second verification method.

Yes. You can add more than one phone to your Duo account. This option is especially handy for BYU employees who have both a cell phone and an office phone. Adding an additional phone to your Duo account can provide you with a backup if you forget your phone at home.

Prepare for the situation in which you don’t have your phone (battery dies, it gets left at home, etc.) by having ten 7-digit passcodes texted to you. Once you receive the codes, store them in your wallet or another safe location to be used when needed. Request these codes by clicking “Enter a Passcode” on the Duo sign-in page, then pushing, “Text me new codes” in the blue banner at the bottom of the screen.

If your phone gets stolen, immediately contact your Duo access coordinator. We can suspend account access until you get your phone back.

Enrolling in Duo is a two-step process. First, you sign up for Duo and configure your settings. Completing this step provides extra security to your account by requiring you to log in with Duo, but does not give you access to certain sensitive data pages (such as direct deposit information and financial statements). Second, you prove it’s really you by visiting a Duo access coordinator in person, receiving a phone call, or entering an email verification code. Once you’ve proven that it’s really you who signed up, you’ll be able to access sensitive data pages (such as direct deposit information and financial statements).

If you have a question or concern, we have several ways that you can contact us. During business hours (9–5 p.m.), visit your Duo access coordinator. The Office of IT also has a 24-hour helpline at 801-422-4000.

Yes and no. For security reasons, all BYU employees (including student employees) will be required to use Duo. Additionally, certain data (including direct deposit information and financial statements) cannot be viewed or edited unless the user has logged in with two-step verification. If you wish to access such data, you will be required to enroll in Duo. For the time being, non-employee students are encouraged, but not required, to enroll in two-step verification.

Duo access coordinators are people who have been specifically trained to answer questions about Duo, troubleshoot any problems you run into, and, if necessary, issue a bypass code. There are multiple access coordinators in each department across campus. Duo access coordinators for students can be found at the ID Center, 1057 WSC (for in-person help), or via BYU IT Support (801-422-4000, for over-the-phone support). For employees, Duo access coordinators are usually department secretaries or CSRs. For the full list of current Duo access coordinators, click here.

The Duo roll-out is happening in two phases.

During Phase 1, certain pages that contain sensitive data will be protected by Duo, but Duo will not yet be mandatory. Specifically, pages that show social security numbers, pages that allow you to change direct deposit information, pages that reveal confidential financial statements, as well as some pages that allow you to update personal contact information, will all be protected by two-step verification. In other words, unless you have signed up and proven it was really you who did so, you will not be able to access such pages. This prevents hackers from seeing and changing things they shouldn’t! Phase 1 goes into effect June 30, 2017.

Phase 2 is scheduled to begin during Fall semester 2017. During Phase 2, all employees (including student employees) will be required to use Duo.

Nothing! “Two-step verification” and “two-factor authentication” are two different words for the same thing. BYU prefers to use “two-step verification”; Duo prefers to use “two-factor authentication.”

No. Duo provides a great deal of flexibility and you do not need a smart phone to use it.

The recommended smart phone option makes two-step verification extremely easy, but a lot of other easy options exist as well. Duo can send a text message with ten passcodes to a regular cell phone, place a voice call to your office landline, home landline, or cell phone; receive a passcode from a hardware device; or generate passcodes on your tablet.

If you find yourself without cell service, Duo pushes, phone calls, and texts might not get to your phone. However, account passcodes (texted to you beforehand, accessed directly through the Duo Mobile app, or generated with a hardware device) will always work in these areas.

If you find yourself without wifi, Duo pushes might not get to your phone. However, phone calls and passcodes (texted to you beforehand, accessed directly through the Duo Mobile app, or generated with a hardware device) should still work.

Go to any BYU site in an incognito browser (ctrl+shift+n) and sign in with your Net ID and password. The Duo portal will appear, and you can click the link on the left called “My Settings & Devices.” From here, you can add, remove, or update a device; change your default device; reactivate Duo Mobile; or change the way you log in (“Ask me to choose an authentication method,” “Automatically call this device,” or “Automatically send me a Duo push”.

More On Managing Your Devices ››

There are three ways to get a passcode.

(1) As you log in, pressing the “key” icon on the Duo Mobile app generates a 6-digit passcode that can be typed in. This option works independently of cell phone service and Internet connection. This code refreshes regularly and should be used immediately.

(2) If cell phone service is available, you can request a set of 10 passcodes to be sent to you at one time. This is done by logging in with your Net ID and password, pushing “Enter a Passcode,” and then, in the blue banner at the bottom of the screen, selecting “Text me new codes.” You will then receive a text message containing a set of 10 new codes. Keep these codes in a safe place so that you can use them if you ever forget your phone. Once you use a code, it expires. To help you know which code you left off on, the screen will say something like, “Your next SMS passcode starts with 2.” Once you’ve used all ten codes, 10 new codes will be generated and texted to you automatically.

(3) You can also use a hardware device to generate passcodes. To use such devices is easy! Once you’ve purchased one, you simply have to plug it into your computer and push a button. Then, a passcode will be generated and you can enter it into the passcode box.

Yes and no. Because Duo is connected to BYU’s log-in screen (CAS), you will need to provide a second verification method every time you log in to a BYU website. However, if you select “Remember me for 30 days” on a personal device, information in your browser will become your new verification method, and you won’t need to manually enter anything into Duo for an entire month.

Notes: If you want Duo to remember you on multiple devices, you will need to push “Remember me for 30 days” on each device you would like to use. Also, “Remember me for 30 days” is unlikely to work on shared computers such as lab computers and classroom podium computers.

Using “Remember me for 30 days” is easy! On the Duo portal, there’s a checkbox that says, “Remember me for 30 days.” Before you sign in, check this box–and then you won’t have to manually interact with Duo for 30 days!

Note: If you’ve selected “Automatically send me a Duo push” or “Automatically call this device,” then you will have to push “Cancel” before you can check “Remember me for 30 days.” Once you’ve checked it, select a verification method, and finish signing in.

Once you’ve signed up for Duo, you’ll be asked to confirm your identity in one of the following ways:
– Pushing a button on the Duo Mobile app
– Receiving a phone call and pushing any button
– Entering a 6-digit passcode generated by the key icon within the Duo Mobile app
– Entering one of ten 7-digit passcodes previously texted to you
– Entering a long passcode generated by a hardware device you purchased at the BYU Store (coming soon).

We encourage you to contact your Duo access coordinator with feedback, or with questions or concerns about the project in general.

We encourage you to already have a list of passcodes stowed somewhere safe (backpack, car, wallet, etc.) that you can use if you don’t have your phone (passcodes can be texted to your phone and then saved for later use; they never expire until you use them or until you request a new set of 10). That way, you can just enter one of the passcodes and not have to do anything else to login. We also encourage you to associate multiple devices with your account (cell phone, landline [office phone or home phone], tablet, hardware device, etc.), so that you aren’t reliant on only one method. If you find yourself in a situation where you’ve forgotten your phone, don’t have any back-up codes stored, and haven’t associated a second device with your account, however, you can contact your Duo access coordinator for assistance.

If you still have the same phone number, go to any BYU site in an incognito browser (ctrl+shift+n), and, after you enter in your Net ID and password, click on the “My settings and Devices” link (left). Log in using a passcode or by receiving a phone call. Find your old phone listed under “My Devices” and then click the button called “Device Options”. Click “reactivate Duo Mobile” and follow the directions to re-link your new phone to your account. Please note that this method will only work if you have the same phone number. If you cannot log in, contact your Duo access coordinator.

If you have changed your number, go to any BYU site in an incognito browser (ctrl+shift+n), and, after you enter in your Net ID and password, click on the “Add a new device” link (left). Log in using a passcode (remember, you should have 10 stored in a safe place!) or by receiving a phone call. Select the type of phone that you want to add (either “mobile” or “landline.” Type in the phone number. If it is a mobile phone, indicate what type of mobile phone it is (iPhone, Android, Windows Phone, or Other). If it’s a smart phone, download the app and scan the barcode.

Certain pages are protected by Duo because they contain sensitive data. If you’ve enrolled in Duo but still can’t access certain pages, there are two possible explanations. First, it may be that you don’t have rights. After enrolling in Duo, everyone has rights to see their OWN information—but not necessarily anyone else’s. In order to see other people’s sensitive data, you will need to be granted permission from BYU. Talk to your employer for more information. Second, it may be that you haven’t proven that it was really you who signed up. For more information, click here.

Passcodes are numeric account access codes that enable you to login. They act like a one-time password and are normally six or seven numbers long. The best part about passcodes is that you do not need cell phone service or an internet connection to use them. They will work in areas of campus that are “dead spots” such as the basement of the JFSB.

You can get passcodes in two different ways. The first way is to have Duo send you a text with ten passcodes (log in with your Net ID and password, click on “Enter a Passcode,” then, in the blue banner at the bottom of the screen, push “Text me new codes”). Each of these codes can be used only once. Once one of them is used, it will expire, and you will have to use the next code in the set to login. The other way you can get a passcode is through the Duo Mobile app. Hit the “key” icon within the app and the app will give you a code to use even without a cell service or wifi.

You can also purchase a hardware device that automatically generates passcodes for you. Such devices can be purchased at the BYU Store (coming soon).

All three methods require you to register a device to serve as your second method of verification. You have the option of registering a smartphone, basic phone, tablet, landline (office phone or home phone), or hardware device with the Duo program. A good rule of thumb is to first register the one you use the most. Later, you can also register additional devices.

When you want to login, after you enter your Net ID and password on a BYU website, you will see three different buttons. The three options are: Send Me a Push, Call Me, or Enter a Passcode.

A Duo push is a push notification that is sent to your smartphone or tablet that you will then press to accept and complete the login process. A phone call will require you to answer your phone and press any button to complete the login process. A passcode is a 6-digit number generated by the key icon within the Duo Mobile app, one of ten 7-digit numbers previously texted to you, or a long number automatically generated by a hardware device.

Unless you’re the type of person who deletes your web cache and cookies on a normal basis, you will probably want to select, “Ask me to choose an authentication method.” This will allow you to use multiple verification methods, including Duo Push (push a button on the Mobile App), Phone Call (answer the phone and push any button), Enter Passcode (type in a numeric code), and Remember Me (don’t do anything; the app will remember your browser).

However, if you are the type of person who deletes your web cache and cookies on a normal basis, you may want to select “Automatically send me a Duo Push” or “Automatically call this device.” Either of these options can save you a little bit of time—but they also restrict you from using some of the other verification methods. If you select “Automatically send this device a Duo Push” or “Automatically call this device,” you will have to push “Cancel” during the log in process if you would like to check “Remember me for 30 days.”

To add mobile phone, landline (office phone or home phone), or tablet, go to my.byu.edu or any other BYU site in an incognito browser (ctrl+shift+n), log in which your Net ID and password, and then, once the Duo Portal pops up, click the link on the left called “Add a New Device.” Then, finish signing in with Duo, and follow the directions to register the new device.

To add a hardware device, you will need to visit your Duo access coordinator or go to a central location on campus (COMING SOON).

To remove a device, go to my.byu.edu or any other BYU site in an incognito browser (ctrl+shift+n), log in which your Net ID and password, and click the link on the left called “My Settings & Devices.” Finish signing in with your second verification method. Then, locate the device you would like to remove, push “Device Options,” and then click the red trash can icon. Confirm that you want to remove the device by pushing “Remove.”

Note: If you only have one device associated with your Duo account, you will not be given the option to remove it.

If you enter an incorrect passcode too many times, your account will be locked. This is a security measure that prevents hackers from guessing passcodes and getting into your account. If your account gets locked, you have two options. First, you can wait. After about five minutes, your account will automatically unlock itself, and you will be able to try logging in again. Second, you can contact your Duo access coordinator, explain the situation, and ask them to unlock your account.

To reactivate Duo Mobile for a given device, go to my.byu.edu or any other BYU site in an incognito browser (ctrl+shift+n), log in which your Net ID and password, and click the link on the left called “My Settings & Devices.” Finish signing in with your second verification method, and then locate the device whose Duo Mobile you would like to reactivate, push “Device Options,” and then click “Reactivate Duo Mobile.” The Duo Portal will then give you instructions on what to do next. Follow the instructions!

To change your default device, go to my.byu.edu or any other BYU site in an incognito browser (ctrl+shift+n), log in which your Net ID and password, and click the link on the left called “My Settings & Devices.” Finish signing in with your second verification method, and then select a new default device from the drop-down menu.

Note: If you only have one device associated with your Duo account, it will be your default device. If you would like to change to a different default device, you will have to first “Add another device.”

COMING SOON: Hardware devices can be purchased at the BYU Store (coming soon). However, users cannot add them to their own accounts. To add a hardware device to your account, you will need to visit your Duo access coordinator or go to a central location on campus (coming soon).

Yes. Just click on the “Remember me” button for a specific browser and then you won’t be asked for authentication on that browser for 30 days. So, you can have your computer browser of choice and your phone’s browser both remember you during the same 30-day period. Just check the “Remember me” button in each browser you frequently use and you are ready to go.

A bypass code is a special passcode that you can get from your Duo access coordinator if you have no other way to log in. For security reasons, you can only get a bypass code if you visit your Duo access coordinator in person. Bypass codes are most commonly issued when users lose or forget their phones, and do not have back-up codes stored in a safe place. Avoid having to use a bypass code by requesting ten 7-digit passcodes be texted to you, and then storing the codes in a safe place (such as a wallet).

When you push “Remember me for 30 days,” you are telling Duo to begin using your browser cookies as your second step to verification. This means that, as long as you don’t clear your cookies, use the same browser, and use the same device, you will be able to sign in with Duo automatically (not having to answer the phone, receive a push, or enter a passcode) for an entire month!

Rest assured, Duo will not give your phone number out to third parties, send you unwarranted text messages, or spam you with phone calls. The only time that Duo will use your phone number is when you’re logging in. Even then, it won’t send you a text or phone call until you tell it to!

If there isn’t enough memory on your phone to download the Duo mobile app, there are a few things you should be aware of.

First, downloading the mobile app is necessary if you want to use Duo Push or generate a passcode instantaneously, without wifi or cell service. It is not, however, necessary for receiving phone calls or text messages. This means that, even if you don’t have space for the mobile app, you should still register your cell phone with Duo! To do this, register it as “Other (and cell phones),” rather than an iPhone, Android, or Windows Phone.

Second, most people find that, instead of foregoing Duo Mobile entirely, it’s preferrable to clear out extraneous data (pictures, videos, downloaded files, etc.), make space for Duo Mobile, and download it after all! This is because the options offered by Duo Mobile–Duo Push and instantly-generated passcode–are incredibly convenient and useful. Of course, it’s still your decision in the long run. 🙂

If “Remember me” sometimes works, but sometimes doesn’t, it is probably because you are using different browsers or devices, and you have only pushed “Remember me for 30 days” on some of them. To ensure that “Remember me” works as often as possible, we recommend that you you push “Remember me for 30 days” every time you see the Duo log-in screen.

Another reason that “Remember me” may not always work is that some computers (especially in labs and classrooms) are automatically re-imaged every day or after after sign out. This means that the cookie that Duo uses to remember you on that computer automatically gets deleted after a period of time, and thus cannot perform its function of remembering you. The best thing you can do if you find yourself in that situation is to always be prepared with your smartphone, tablet, cell phone, hardware token, or passcodes.

If you are in the habit of clearing your own cache and cookies, know that this also clears the “Remember me” function from Duo.

The bar at the bottom of the screen will pop up and change color according to the following scheme:

Green: Preferences
Blue: Log-in actions

Basically, if a blue bar pops up, it means that you have pre-selected your authentication method. For example, if you automatically send a push to your phone, a blue bar will pop up on the screen with a button that says “Cancel” that you can click to invalidate the push. A green bar is just a way for the program to notify you of the preferences you change within your settings panel.