Duo 2FA: Two-Factor Authentication at Medaille University

Duo 2FA: Two-Factor Authentication at Medaille University

Duo 2FA Stopping Hackers in Their Tracks

Duo 2FA

Two-Factor Authentication
at Medaille University

left
vcenter
white
hide-text-shadow

What is 2FA and What is its Purpose?

2FA is another layer of security to verify your identity while using Medaille University’s applications. In addition to a password, 2FA requires you to provide a second piece of information to confirm your identity when logging into your computer or accessing web-based applications on your computer.

Duo 2FA Policies & Procedures

When you log in to a Medaille University resource, such as Medaille360, Blackboard, Banner, Medallion, Microsoft Outlook Web Access, etc., you’re first prompted for your Medaille username and password. Your username and password serve as the first layer of protection. Each system uses them to confirm that you’re authorized to access the resource you’re logging in to.

With 2FA, you’re then prompted to provide a second form of authentication. You can use any device you’ve activated Duo 2FA (typically a smartphone or tablet) to confirm your identity and complete the login process.

 

Two-Factor Authentication is mandatory for Medaille employees to activate and use.

 

Why are we implementing 2FA?

  1. The FBI’s cyber division warned that ransomware poses a huge risk for higher education (June 2021).
  2. Education is the most affected sector for malware attacks. In the last 30 days, there have been over 6.1 million malware attacks against higher education institutions, compared to 900,000 against the second-most affected industry (Business and Professional Services)
  3. If you are able to log in to 2FA protected resources, you have access to confidential and/or proprietary data, if only your own. If someone else were to gain access to your Medaille University account, they would have unauthorized access to that same information. Because of the many ways cybercriminals can and do obtain passwords, a password alone provides increasingly limited protection against unauthorized access. Two-factor authentication significantly reduces the risk of unauthorized access.
dark_blue

Activating Duo on Your Smartphone or Tablet

1. Once you receive the Duo Security Enrollment email, please click on the provided link to enroll the device of your choice.

 

2. You will land on the Duo Setup screen. Click Start setup.

 

3. Choose device type and click Continue.

 

4. Enter requested information and click Continue.

 

5. Confirm the info you've provided is correct and click Continue.

 

6. If you haven't already, install the Duo Mobile app on your iOS or Android device. Once you have installed the Duo Mobile app, click I have Duo Mobile.

 

7. Finish activation by clicking Take me to Duo Mobile.

 

8. Confirm intent to open in Duo Mobile by clicking Open.

 

9. Duo 2FA activation is complete! Use Duo Mobile as your second form of authentication whenever prompted during login.

Frequently Asked Questions

gray

2FA is required for all active staff, faculty and sponsored affiliate accounts. Once 2FA is activated for your account, you have up to 14 business days to set up your device. After that period, you will be required to set up a device before login is permitted.

Yes, you can configure several devices on your Duo account. To add a new device, navigate to a secure Medaille network to access the Duo Prompt, such as 360.medaille.edu, click "Add a new device" and follow onscreen prompts. A list of supported and recommended devices will also be provided here.

How to Add a New Device to Duo - Horizontal Screen

How to Add a New Device to Duo - Vertical Screen

Only applications that support Microsoft's Modern Authentication libraries prompt for Duo two-factor authentication. This is a Microsoft — not Duo — limitation.

Mobile applications that support Modern Authentication libraries are as follows:

  • The native Mail app on iOS 11.x+
  • Microsoft Outlook app on iOS version 10.x and greater
  • Microsoft Outlook app on Android

Duo 2FA does not provide support for software OTP applications like Google Authenticator, Authy and FreeOTP. However, you can use the Duo mobile app with other online services and web applications. Learn more about third-party accounts.

Duo Mobile cannot see your user data like your contacts, it cannot read your text messages, it cannot access your photos (but it can use your camera to scan a QR code if you explicitly allow that permission), it cannot access your files, it cannot erase your device, it cannot see information about other applications on your device. Duo Mobile cannot track your location. In general, the only personal data that Duo Mobile knows about you are the service accounts that you explicitly add to Duo Mobile. However, Duo does not track personal data about these accounts — only the name of the service.

The Duo mobile application will also ask you whether you wish to share application usage information with the creator of the Duo product. This is optional to allow or deny.

For additional information, please see Duo's Privacy Information.

To enable the Duo Push notification, do the following:

Step 1. Log in to Medaille360

Step 2. In the Duo Prompt, click on My Settings and Devices to access the Self-Service Portal, then click Send Me a Push to authenticate and access the Duo portal.

Step 3. Approve the pending Push request on your smartphone.

Step 4. Under Default Device, in the "When I log in" section, click on the dropdown menu, select "Automatically send this device a Duo Push" and click Save.

The next time you authenticate to Medaille360, Duo will automatically send you a Push request to your default mobile device.

Passcode via text message is only available upon request and is not the preferred 2FA authentication method because of the increase in SIM card swap scam.

Step 1: At the Duo prompt, please click on Enter a Passcode

Step 2: At the bottom right corner of the window, click on Text me new codes

Step 3: A one-time passcode is sent to your registered phone number via SMS text messaging. Enter the passcode and click on Log In. A one-time passcode cannot be re-used.

To reduce how often 2FA is required on a particular trusted device, you can enable the Remember me for 30 days setting by checking the box.

Have a new phone? Want to add a security key? You can easily add new devices from the Duo Prompt. If you upgraded your phone and you do not have the original device, please contact helpdesk@medaille.edu for instruction.

 

Setup a New Device

Step 1. Log in to Medaille360

Step 2. If you have the automatic "Duo Push" set, click Cancel
Otherwise, click on Add a new device.

Step 3. Proceed with your 2nd factor authentication by clicking Send Me a Push or Enter a Passcode.

Step 4. Choose the new device you want to add. 

Step 5. Select your device type and click Continue.

Step 6. Install the Duo Mobile app on your new device and click I have Duo Mobile installed.

Step 7. Scan the barcode with the app's built-in barcode scanner.

Step 8. The "Continue" button is clickable after you scan the barcode successfully.

Step 9. The new device is added and listed with your other devices. You can click Add another device to start the setup process again.

  • Duo Mobile is supported on Android version 8 and above, and iOS 12 and above. If you do not have a compatible phone, please check the other 2FA methods.
  • Duo Mobile is a free application. There is no fee or charge for downloading or installing the application.
  • You may need your password for your device’s app store to download the application. Ensure that you know your password before you begin.

Step 1. Go to the App Store (iOS devices) or Google Play Store (Android devices) on your mobile phone.

Step 2. In the Search Bar, enter ‘Duo Mobile’ and then tap ‘Search’. Then select ‘Duo Mobile’ from the search results.

Step 3. Next to the application, tap on download to install Duo Mobile.

Step 4. After Duo Mobile has been installed, tap on ‘Open’ to open the app.

Step 5. Tap ‘Allow’ to enable notifications from Duo Mobile (you need to enable notifications from Duo, so that you can receive the push notifications and approve the Duo authentication requests).

Step 6. You are ready to add your Medaille account.

When logging into your account, you will be prompted to choose between ‘Send me a Push’ or ‘Enter a Passcode’.

 

Send Me a Push method

This method is the preferred method as it is both highly secure as well as being most convenient for those with a smartphone and tablet. Validating your logins is a simple one-touch action.

Step 1. Click on ‘Send me a Push’.

Step 2. Open the Duo Mobile app and tap on 'Request Waiting'. Tap to Respond.

Step 3. Select ‘Approve’ to login into your account.

 

Enter a Passcode method

This uses the same app as the Push method, but instead of the one-touch validation, you make use of the passcode provided by the app. The advantage of this method is that it will work even without an active data or cellular connection.

Step 1. Click on ‘Enter a Passcode’.

Step 2. Open the Duo Mobile app and tap on Medaille University. A 6-digit number will be displayed.
Note: The passcode is one-time use. To generate new passcodes, simply swipe down on your smartphone screen or press on the circular blue arrow.

Step 3. Enter the 6-digit and click Log in.

If you upgraded or changed your phone and you do NOT have your old device, please contact helpdesk@medaille.edu for assistance and do not proceed with the instructions below.

If you still have your old device:

Step 1. Log in to Medaille360.

Step 2. In the Duo prompt, click on My Settings and Device to access the Self-Service Portal, then click Send Me a Push to authenticate and access the Duo portal.

Step 3. Approve the pending Push request on your old device.

Step 4. Click on Device Options next to the device you want changed.

Step 5. If this is a new phone with the same number, click Reactivate Duo Mobile. For new phone with a new number, click on the trash can and then click on +Add another device.

Step 6. Select your phone type and click Continue.

Step 7. Install the Duo Mobile app on your phone and click I have Duo Mobile installed.

Step 8. Scan the barcode with the app's built-in barcode scanner.

Step 9. The "Continue" button is clickable after you scan the barcode successfully.

Step 10. Click on Back to Login.

Medaille University has elected to use the more secure Duo 2FA authentication methods.

 

Duo Push (Preferred Method)

Duo Push Method Screen

Install the Duo Security Mobile app on your smartphone to receive push notifications. Once this is installed, and you attempt to login to secure applications like Medaille360 and O365, you’ll receive a push notification on your smartphone. Open the notification, and you’ll see a green checkmark and a red x. Simply tap the green checkmark to gain access. Using the Duo app also adds an extra physical layer of security to any smartphone with a passcode enabled.

Concerned about data usage? Duo Push uses very little data. 500 pushes to your device will use 1 MB of data in total. This is roughly equivalent to loading one webpage on your smartphone.

 

Passcodes

Duo Passcodes Screen

Use the Duo Security mobile app to generate temporary passcodes. This option does not require WiFi or data, so this is a great option if you’re traveling or if you have limited or no cell/internet service. Open your Duo mobile app, tap the key icon, and it will reveal a passcode. Log into the application, choose the enter a passcode option, enter the code, and you’re in!

 

Duo Hardware Token

Duo Hardware Token

The Duo hardware token will generate temporary passcodes.

If you uninstalled and re-installed the Duo Mobile app or if you upgraded your smartphone and re-installed the app, please contact helpdesk@medaille.edu to re-activate the Duo Mobile app.

If you did not re-install the app or upgrade your smartphone, open the Duo Mobile App. You should see a green label "Request Waiting. Tap to Respond..."

If you do not have a smartphone or have a regular phone, there are other available methods that you can use.

 

Duo Mobile App - "Passcode" Authentication

This uses the same app as the "push" method, but instead of the one-touch validation, you make use of the passcode provided by the app. The advantage of this method is that it will work even without an active data or cellular connection.

 

Duo Hardware Token

A Duo hardware token is small fob that generates passcodes for Duo access. This works similarly to the Duo Mobile passcode option above, but without the need for a smartphone; although you do need to keep your token handy, usually on your keychain. Contact helpdesk@medaille.edu to learn more. 

Request Duo Token

Note: Token shipping and delivery may take 2-4 weeks, and your 2FA activation period will be extended to ensure you are not required to set up 2FA prior to having the token.

 

Passcode via Text Message

If the Duo Mobile app is not compatible with your phone and the hardware token is not suitable, you can enable passcodes via text message. When validating, you will receive a passcode that you can use; this requires cellular service availability. Email helpdesk@medaille.edu to learn more.

Log in to Medaille360 and choose My Settings and Devices from the Duo prompt to remove the lost device.

If you are unable to access My Settings and Devices, contact helpdesk@medaille.edu to have the lost device disabled, and to have an alternate device added.

2FA assurance levels

A higher degree of assurance is offered by any 2FA protection than a static password alone provides. Within the realm of 2FA options, some methods have a higher degree of protection than others. The security level threshold acceptable for a given 2FA protected application will vary with the risk posed by that application. As such, for applications that require a sufficiently high assurance level, less secure 2FA options will not be allowed.

Medaille University has elected to use the more secure Duo 2FA authentication methods. Passcode via Text Message and Phone Call methods are only available upon request.

 

2FA Criteria Comparison & Assurance Levels

2FA Authentication Method Assurance Level Self-Serve 2FA Setup? Phone # Required? Cellular Network Connection Required?
Duo Mobile App High Yes No No
Duo Hardware Token Moderate - High No No No
Text Message Low Yes Yes Yes
Phone Call/Landline Low Yes Yes Yes (or landline)

 

The Duo 2FA solution offers a number of convenient and easy-to-use features and options to suit the range of uses and needs of the entire Medaille community. The following is a summary of the available methods.

 

Duo Mobile App - "Push" Authentication

This is the preferred method as it is both highly secure as well as being most convenient for those with a smartphone. Once set up, validating your logins is a simple one-touch action. To use it, install the Duo Mobile app from the Apple or Google app store. It is available at no charge for Android 8.0+ and iOS 12.0+. (If you do not see the app, your device may not meet minimum system requirements) Requires an active data or cellular data connection to work.

 

Duo Mobile App - "Passcode" Authentication

This uses the same app as the "push" method, but instead of the one-touch validation, you make use of the passcode provided by the app. The advantage of this method is that it will work even without an active data or cellular connection.

 

Duo Hardware Token

A Duo hardware token is small fob that generates passcodes for Duo access. This works similarly to the Duo Mobile passcode option above, but without the need for a smartphone; although you do need to keep your token handy, usually on your keychain.

Note: Token shipping and delivery may take 2-4 weeks, and your 2FA activation period will be extended to ensure you are not required to set up 2FA prior to having the token.

 

Passcode via Text Message

If the Duo Mobile app is not compatible with your phone and the hardware token is not suitable, you can enable passcodes via text message. When validating, you will receive a passcode that you can use; this requires cellular service availability. Email helpdesk@medaille.edu for more information.

 

hide
hide-title
show-tags
  • UNIQUE VISITORS:73
  • TOTAL VISITORS:80