Duo: Decide What Devices to Enroll

We strongly recommend enrolling at least 2 devices to ensure that you are able to access Duo at all times - even if you have lost your smartphone or are working somewhere with no cell service. Because so many authentication options are available, we expect that every user will be able to find at least 2 methods that work for them. 
Please note: It is possible to remove a device from your Duo Device list; but once you have opted in to Duo Security at Sign in, it is not possible to opt out or remove your account.

Which devices should you enroll?

Smartphone or tablet

Smartphones and tablets are the most popular tools to enroll in Duo, because they are easy to use when authenticating (and because users often carry a mobile device at all times). Read Enroll a Mobile Device to begin.

Several authentication methods are available with a smartphone or tablet:

Note:  If you are enrolling a new phone (but already have a Duo account), you can use these instructions.

Non-smart cellphones

You don't need a smartphone to stay secure with Duo! Enroll your non-smart cell phone and when asked to choose your authentication method, select the Call Me. Then answer the phone! When you hear an automated voice, press any number key on your phone to authenticate your identity.

For times when you do not have cell service, a landline or self-generated Duo bypass codes are great backup options. They come in single-use sets of ten and are good for one year (365 days). Print them and keep them someplace safe.

Landline phone or Google Voice

These are good choices if you work somewhere with no cell service or don't have a smartphone or tablet. They are also excellent backup choices; if you forget your mobile device, you can still authenticate using Google Voice on your computer or on a campus-issued landline. Finally, they're a good choice for low-vision or no-vision users. Read Add a Landline Authentication to begin.

Note: University accounts created after March 2019 are ineligible for Google Voice. 

To authenticate with a landline or Google Voice

Use the Call Me option. Answer the phone! When you hear an automated voice, press any number key on your phone to authenticate your identity.

Security Key (U2F token) (desktop computer or laptop)

Security keys (also known as U2F tokens), may be a good choice for low-vision users, people who do not have smartphones or tablets, and people who work in areas with no cell service or wifi. You must provide your own Security Key. You can purchase one from most electronics retailers. You can set it up yourself by following these instructions. A U2F token plugs into your USB port and when tapped (or when the button is pressed) sends a signed response to Duo to validate your log in.

A U2F token is inserted into a USB drive and emits a very bright green light.

  • The University of Minnesota currently supports security keys (U2F tokens). However these devices work only with the following browsers: Google Chrome version 41 or later or Opera version 40 or later.
  • There is no charge for this service, aside from the cost of the Security Key itself

To authenticate with a security key:

There are several types of security keys, and each one has its own instructions. Usually, you will insert your security key into your computer's USB drive and then tap a flashing light on the security key

Hardware token

Duo hardware tokens are small fobs that generate passcodes. They are suitable as a primary device for users who do not have (or prefer not to use) mobile devices. The University does NOT recommend using a hardware token as your backup device

A Duo hardware token is shown.  It is displaying a sample passcode.


  • Each hardware token is tied to one user. The passcodes generated by that token can only be used by that user
  • We recommend requesting a token only if you have a business need or are unable to use Duo on other devices
  • To request a token, visit a walk-in location. You can also request a hardware token and verify your identity via video; call 1-HELP ((612) 301-4357) to initiate that process

Note: Hardware tokens:

  • have an expected battery life of 2-3 years; and
  • can get out of sync if the button is pressed many times and the codes are not used (this can occur if you carry your token at the bottom of a bag, or if someone presses the button frequently without using the codes)

To authenticate with a hardware token:

Duo will display a passcode on your token. Type the numbers you see on the token into the Duo screen on your computer. Be sure you are holding the token with the green button on the left and the Duo logo above the numbers! 

Additional Information

Setup & Use Two-Factor Authentication (Self-Help Guide)

Add a New Phone

Use Two-Factor Authentication for all University Sign-in Pages