HOW DUO WORKS
FIRST TIME ENROLLMENT AND DEVICE SET-UP
The steps for first-time enrollment and device setup for Duo can be found in this guide.
Following the Duo guide website you will find the following steps:
Toggle ItemStep One: Introduction
Explains why two-step verification is important.
Toggle ItemStep Two: Choose Your Verification Method
Shows the different verification methods you can choose from.
Toggle ItemStep Three: Add Your Chosen Method
Walks you through how to add your chosen verification method.
Toggle ItemStep Four: Add a Backup Method
Explains why it is a good idea to add a second verification method, but also gives you an option to skip it. If you choose to add backup method, simply follow step three again. It also explains what you will see after either skipping it or adding a backup method.
We recommend having the Duo guide site open on a second browser tab/window while you step through the device setup process to refer to.
If you are a parent or a guest, you will need to manually enroll by clicking the “Enroll” button. This process will have you log in, then it will enroll you in Duo and direct you to begin setting up a device for Duo. Following the steps in the “First-time enrollment and device setup” section.
You can also come back to this page and click the “Unenroll” button to unenroll from Duo at any time. Be aware that without being enrolled in Duo you may not be able to access certain websites and content.
HELP WITH DUO TWO STEP VERIFICATION
Toggle Item1. IS DUO NECESSARY AND WHY IS IT REQUIRED TO ACCESS CERTAIN PAGES?
Sixty-five to ninety-five percent of all data breaches are related to compromised passwords. With Duo, someone who has your Net ID and password cannot log in to your BYU accounts without your device or passcode.
Anyone with a Net ID and password can enroll in Duo!
You just need a second factor device. Here is a list of options.
Duo is required to access BYU confidential information like direct deposit, or to make changes to personal information. This prevents hackers from seeing and changing the things they shouldn't. All employees and students are automatically enrolled in and are required to use Duo.
Toggle Item2. HOW DOES IT WORK?
Click on 'Enroll'.
Then, return to https://duo.byu.edu and click on 'Confirm Enrollment'.
Once you're enrolled and have confirmed your enrollment, log in to a BYU website, and you will be presented with the Duo prompt page.
If you've configured your Duo Mobile app for 'Push' notifications (recommended), a 'Push' notification will be sent to your device that has the configured Duo Mobile app installed.
More information on second factor options can be found here.
Toggle Item3. SCAN THE QR CODE USING YOUR DEVICE (FOR DUO MOBILE APP ONLY)
If you have a question or concern, we have several ways that you can contact us.
During business hours (9-5 p.m.), visit your Duo Access Coordinator.
Coordinators have received training and tools to help 'Prove it's you' and troubleshoot problems. For employees, Duo Access Coordinators are usually an HR/Payroll Manager, office manager, department secretary, or CSR.
For students, the ID Center (1057 WSC) acts as a Duo Access Coordinator for in-person visits; BYU IT Support (801-422-4000) acts as a Duo Access Coordinator over the phone.
For a complete list of Duo Access Coordinators, click here.
Toggle ItemWHAT DEVICES CAN I USE AND HOW DO I MANAGE THEM?
Duo authentication options include:
- Touch ID
- Security Keys
- Duo Mobile push approval
- Yubikey passcodes
- Duo mobile generated passcodes
- SMS passcodes
- Phone call approval
More information on these options can be found here.
SMS passcodes and Phone call approval options are the least secure of all the options, so we don't recommend that you commonly use those options.
Using the Duo Mobile app to generate passcodes is convenient because you don't have to be connected to the network to generate a passcode. (Nice when you are in the basement of the a building where network access is often not available or spotty at best!) Consider adding two or more options or devices so you'll have choices if something goes wrong with your default device or options.
To add or remove your devices or options, log in to a BYU website wit your current username and password. If you opted to "trust this browser", you will need to log in to a BYU website in an incognito browser. Once the Duo prompt page comes up, click on 'Other options'. Then, click on 'Manage devices.'
Follow the instructions provided on the Duo help site here.
For help adding a U2F token, follow the instructions here.
To add a Duo Token, take the token to the ID Center, 1057 WSC, or your department Duo Access Coordinator. Tokens can be purchased at the BYU store.
Toggle ItemWHAT IF I CAN'T GET A SIGNAL OR DON'T HAVE WIFI?
If an option does not work because you can't access WIFI or you can't get a mobile signal, use the 'Passcode' option.
You can see the passcode to use by opening Duo Mobile app and tapping your BYU account in the app to open the account. You should see a code that refreshes every minute. Type the code in the Duo prompt page.
More help on the Duo site can be found here.
You can also generate a passcode with a token; see the 'How do hardware tokens work?' section.
Toggle ItemHOW DO HARDWARE TOKENS WORK?
U2F tokens and Duo tokens are available for purchase at the BYU Store Tech register. U2F tokens only work with Chrome browsers and require a USB port, but they populate the passcode box with a simple touch.
Duo tokens work with any browser and do not require a USB port. Duo tokens display a passcode at the touch of a button, but you must then type in the passcode in the Duo prompt.
For help adding a U2F token, follow the instructions here.
To add a Duo passcode token, purchase the token at the BYU Store Tech register and take the token to the ID Center, 1057 WSC, or your department Duo Access Coordinator.
Toggle ItemWHAT DOES "TRUST THIS BROWSER" MEAN AND DO I HAVE TO COMPLETE THE DUO PROMPT FOR EVERY LOGIN?
Trusting a browser means that Duo can remember a browser that you use regularly so that you can skip the Duo prompt for a configured amount of time.
BYU's remember device policy is set to remember the browser for 30 days.
Note: You should not trust a browser that is on a shared or public computer (labs, classrooms, library, etc.).
To protect your account, only trust a browser on your personal computer or device. More information on trusting a browser can be found here.