DUO - FREQUENTLY ASKED QUESTIONS (FAQ)

 

Glossary

2FA (two-factor authentication):  an additional layer of authentication beyond a username and password. 2FA involves something you know (password) plus something you have with you (like Duo Mobile on your smartphone) to prevent someone from logging in with only your password. With Duo 2FA, you still enter your username and password. The second factor provided by Duo is simply an added layer of security on top of your existing credentials. We recommend using Duo Push via the Duo Mobile app to perform 2FA.

Duo Prompt:  this interactive prompt lets you choose how to verify your identity each time you log in (e.g. “Duo Push” or “Use Security Key”) to a web-based application. The Duo Prompt allows you to enroll and authenticate.

Passcode:  these are numeric codes that can be generated either via the Duo Mobile app, or a hardware token, depending on what your IT administrator permits. Passcodes may be used at any time and are particularly handy for authenticating when your 2FA device doesn't have internet or cellular service.

Push Notification (Duo Push):  a push authentication request that is sent to the Duo Mobile app on an enrolled device. Push notifications include information like the geographical location of the access device, IP address of the access device, and the application being accessed so you can verify whether the push is real or fraudulent.

Self-service portal:  You can click “Manage devices” to add additional devices or update authentication method settings right from the Duo Prompt.

YubiKey: The YubiKey is a device that makes two-factor authentication as simple as possible. Instead of a code being texted to you, or generated by an app on your phone, you press a button on your YubiKey. That's it. Each device has a unique code built on to it, which is used to generate codes that help confirm your identity. Press the button and you can log in.

 

Frequently Asked Questions (FAQ)

 

How do I enroll in Lakehead University's Duo 2FA?

If you wish to enroll in 2FA please ensure that you possess a secondary device capable of serving as your second factor, such as a YubiKey, a phone, or a tablet on which you can install the Duo App and then follow this link to the Self-Service portal where you will be guided through the enrolment process. (link: https://lakeheadu.login.duosecurity.com/devices )

 

What Lakehead Services will be protected by Duo 2FA?

All services that you login to through Lakehead University's Single-Sign-On (SSO) logon screen will be protected. After entering your username and password as usual you will then be prompted by Duo for your second factor. Once your second factor is confirmed by Duo, Lakehead's SSO system will allow you to continue on to the service.

 

Do I need a smartphone or data plan to use two-factor authentication?

No. Having a smartphone makes for an easier and more secure experience with Duo Push, however Duo also supports other second factor methods such as YubiKeys.

 

What is Duo Mobile?

Duo Mobile is a mobile application (app) that you install on your smartphone or tablet to generate passcodes for login or receive push notifications for easy, one-tap authentication on your mobile device. It works with Duo Security’s two-factor authentication (2FA) service to make your logins more secure.

 

What is the recommended two-factor authentication method?

If you have a smartphone or or tablet, we recommend Duo Push, as it is quick, easy-to-use, and secure. See an introduction to Duo Security and a demonstration of Duo Push in this short video: https://www.youtube.com/watch?v=_T_sJXnSM98

 

Do I have to give Duo my phone number?

No.  If you do not wish to provide your phone number when registering your Mobile device, then click the link "I have a tablet" in the screen which asks you to enter your phone number.  From there you will be able to continue to register your Duo Mobile app to receive Push notifications and for generating passcodes.

 

How much data does a Duo Push request use?

Duo Push authentication requests require a minimal amount of data -- less than 2KB per authentication. For example, you would only consume 1 megabyte (MB) of data if you were to authenticate 500 times in a given month.

 

Why have I stopped receiving push notifications from Duo Mobile?

There are several reasons this could be happening. Please try the following to troubleshoot:

  1. Make sure your enrolled device has a cellular network or WiFi connection.
  2. Have the Duo Mobile app open when you authenticate.
  3. Try these additional push troubleshooting steps:

○    iPhone: https://help.duo.com/s/article/2051\

○    Android: https://help.duo.com/s/article/2050

Note: If the above solutions don’t work, try using another authentication method, such as passcodes provided in the Duo Mobile app.

 

How can I authenticate if I’m somewhere with no cell signal or WiFi access?

See this Duo Knowledge Base article for information on authenticating without cell or internet service: https://help.duo.com/s/article/4449

 

How can I manage the devices I use for Duo?

In the Self-Service portal (https://lakeheadu.login.duosecurity.com/devices) you may:

  • Add additional devices
  • Deactivate Duo Mobile if you got a new phone but kept your number
  • Change the name of your device (ex. “Personal Cell” or “Work Phone”)
  • Remove a device (provided that you have two or more devices already registered)

 

I have two or more Lakehead University email accounts.  Can I use the same YubiKey for all of them?

Yes.

 

What should I do if I lost my phone or another second factor device?

Please contact IT help desk immediately.   If you already have more than one second factor device configured in Duo (e.g. a YubiKey), then you can login to the Self-Service portal at this link https://lakeheadu.login.duosecurity.com/devices and from there you can remove your lost device.

 

Can Duo see my password?

No. Your password is only verified at Lakehead University and never sent to Duo. Duo provides only the second factor, using your enrolled device to verify it’s actually you who is logging in.

 

Does using Duo give up control of my smartphone?

No. The Duo Mobile app has no access to change settings or remotely wipe your phone. The visibility Duo Mobile requires is to verify the security of your device, such as OS version, device encryption status, screen lock, etc. We use this to help recommend security improvements to your device. You always are in control of whether or not you take action on these recommendations.

 

Why am I seeing the message “Access denied. Duo Security does not provide services in your current location”?
Are there any location-based restrictions for Duo Service?

Due to U.S. regulations, Duo blocks authentications from users whose IP address originates in a country or region subject to economic and trade sanctions enforced by the U.S. Office of Foreign Assets Control (OFAC).