Duo: Frequently Asked Questions

By November 2019, Duo will be required at sign-in for all UMN faculty, staff, student, sponsored, and POI accounts.  For instructions on setting up Duo, check the Duo self-help guide

Privacy and Security

Equipment and Accessibility

Getting in and Opting out of Duo

 

Privacy and Security

Q: How is Duo safer than a password?

Recent security breaches at peer universities have shown that passwords simply aren't enough anymore.  Duo adds a second layer of security to your information by using two-factor authentication: the two factors are your password (something you know), and a device of your choosing (something you have).  With two-factor authentication, even if someone is trying to log in using your password, you will be notified via Duo; you will be able to deny them access to your information. That is how Duo protects against phishing, social engineering, password brute-force attacks, and attackers exploiting weak or stolen credentials. 

Q: Can't I get a text message instead of downloading an app?

In 2017, security experts at Positive Technologies proved that text and SMS messages can be intercepted by hackers. This means that authentication methods that rely on SMS and text messaging aren't enough anymore. While installing another app is not always a popular choice, Duo Mobile is currently the best way to safeguard your information and identity.

Q. Does Duo see my password?

A. No. The University system verifies your Internet password with its internal systems, and never sends it to Duo. Duo provides only the second factor€”the "something you have." Duo stores very little information€”just enough to do its job.

  

Equipment and Accessibility

Q. How does Duo handle accessibility issues?

A. Because Duo has so many ways to authenticate your identity, it is expected that Duo Security will be able to accommodate every user.  If you have questions about Duo's accessibility, contact the University's Disability Resource Center.

Q. Do I need to have a smartphone to use Duo?

A. No. We recommend that users who have a smartphone choose to use it, since smartphones are the easiest to use with Duo and the most cost-effective for the University.  However, you can also use a cell phone, a landline (such as your office or home phone), a tablet, or your own U2F token (that plugs into the USB port of a computer); hardware tokens are also available. A complete and up-to-date list of authentication methods is available on the Duo Security website

Q. What if I forget my smartphone at home?

A. We encourage users to set up multiple authentication methods with Duo, so that when one method is unavailable, you have others from which to choose. For example, you could set up your smartphone for "push,"  as well as your office phone or an iPad in case your smartphone is elsewhere. In addition, users can also generate a set of bypass codes themselves on my-account.umn.edu as a backup authentication method.  Finally, if you have no backup authentication methods, contact Technology Help.

Q. Does it cost me money to authenticate with my smartphone? 

A. "Push" authentication uses a very small amount of Internet data traffic to function (a few kilobytes per login). Voice calls are sent only when you request them, and would be billed by your carrier like any other inbound voice call. The U will not reimburse users for any expenses incurred. If you would incur significant expense using Duo on a smartphone, then you may want enroll an alternative, such as a landline.

Q. What if I have a new phone, but am keeping the same phone number?

A. You will need to add your new phone to Duo, and assign it the same phone number.  Follow the steps in Duo:  Add a New Phone.

Q. I have stopped receiving Push notifications on Duo mobile.

A. You may have trouble receiving Push requests if there are network issues between your phone and our service. Turning the phone to airplane mode and then back to normal operating mode often resolves these sort of issues, if there is a reliable internet connection available. You can also turn off the WiFi connection on your device and use the cellular data connection instead.

Check the time and date on your phone and make sure they are correct. If the date and time on your phone are manually set, try changing your device's configuration to sync the date and time automatically with the network.

Q. Who can have a Duo token?  Will there be a charge for it?

A. There are two ways for you to use a token with Duo.  If you provide your own U2F token, you will be able to set it up yourself in Google Chrome beginning in October 2018. There is no charge for this service, aside from the cost of the U2F token itself.

The Identity Management service will also pay for and manage the distribution of hardware tokens; there will be no charge to users or departments. If a hardware token is the most appropriate authentication method for you or your staff, please contact Technology Help or go to a Technology walk-in location to request a hardware token. 

For international distribution, the user's department will be responsible for sending the token to the user.

 Q. What do I do with my Duo token when I leave the University?

A. Please return it to IT Data Security

Q:  Can I use Duo with a non-US phone number?

A: Yes, however the "Call Me" feature is limited to most phones in US and Canada area codes. This is to conserve resources. Duo Push and Passcodes on smartphones will still work as normal, even if that phone has an international number.

Getting in and opting out of Duo

Q. How will managers submit requests to set new employees for Duo?

A. This is part of the existing Access Request process handled by OIT Data Security. If access to a system that requires two-factor authentication is requested for a user, and the user is not set up for Duo, OIT Data Security will enable them to use it as part of the provisioning process. The plan is to send an email to the user at that point, informing them how to enroll their devices in Duo.

Q. How can I opt out of Duo?

A. As of November 2019, Duo authentication is required for all current students, faculty, POI, and sponsored account holders at the University of Minnesota. Opting out of Duo is not an option once Duo has been associated with your account. If you are unable to set up Duo at the time of your annual Internet ID password reset, please contact Technology Help for assistance.

Q. What if I'm no longer a student, POI, faculty member, or sponsored account holder?

A. Duo is associated with your account, and not with your status at the University.  Once Duo has been associated with your account, it is no longer possible to opt out of it.  You will need to continue authenticating with Duo as long as you are using your UMN account.

Q. I'm a retired employee, why am I being asked to enroll in Duo? 

A. Retirees who have University compensation, benefits, access to student data, and/or are otherwise an active member of the University community (such as faculty emeritus) are required to enroll in Duo.