Duo Security

Duo: FAQ

On December 19, 2018, Duo will be required in order to access University services. Duo is a two-factor authentication solution that allows us to provide more comprehensive security on our systems. Below you'll find a list of frequently asked questions and information that will help you better understand what Duo is and how to get enrolled.

For more details, you can also visit Duo Security's own enrollment guide.

*Please note: You will need to enroll in Duo even if you are already enrolled in our current two-factor solution. Duo is an entirely new service that will be replacing the current tool.

What is Two-factor Authentication?

Online security is a complicated issue. In order to fully and effectively protect the information of students, faculty, and staff at Miami University, IT Services utilizes the two-factor authentication tool Duo.

Two-factor authentication is the act of using a two-step login process. The first factor is always the same: your Miami password. The second factor involves creating randomized access codes every time you log into University resources.

This extra step is designed to help verify that you are, in fact, who you say you are. Malicious actors trying to gain access to your account may have the password, but they wouldn’t have access to the second factor.

How do I get started using Duo?

Enrolling in Duo is quick, easy, and painless. When you enroll, you will need to choose your default method for receiving access codes.

On September 4, we will begin asking you to enroll in Duo. We recommend that you download the Duo Push app to your smartphone or tablet. It’s the most convenient, cheapest way to authenticate.

You can also enroll when you access University resources for the first time after the mandatory enforcement date of December 19.

IMPORTANT: None of the phone numbers collected through an individual's enrollment in two-factor authentication will be shared with any other applications or offices.

Our Knowledge Base links you to Duo guides for getting set up with your preferred device.

View Duo guides

How do I receive two-factor access codes? (What are the acceptable devices?)

There are several ways you can receive access codes. At Miami, you can:

  • Install the Duo Push app on your smartphone, smart watch, or tablet. With the app, you have two options: push notifications or Mobile Passcode.
  • Sign up to receive a code via landline phone call.
  • Opt into receiving SMS messages.
  • Contact IT Help to receive a temporary bypass.
  • Purchase a hardware security token (YubiKey) from the Miami University Campus Store.

We recommend that if you have a smartphone or tablet, you download the Duo Push app and utilize it as your primary method of authentication. It’s quick, easy, free, and painless.

How do I authenticate using Duo?

How you authenticate depends on the device and method you choose for two-factor authentication.

  • If you choose to receive notifications from the Duo Push app on your smartphone or other smart device, when you log in, you will simply have to grant access from the app. A push notification will be sent to your device, and you review the request and tap Approve to authenticate. Internet or cellular access is required.
  • If you opted to use a Duo Mobile Passcode, simply launch the Duo Push app on your device and click the key icon to see your current six-digit code. Internet or cellular access is NOT required for this option, since the passcodes are attached to a certain time stamp.
  • If you choose to receive phone calls, you will receive an automated phone call that requires you to press or tap any key on your phone to authenticate.

How often do I need to authenticate?

For the typical user, you will authenticate once every 14 days on your primary computer.

However, there are a few factors that may cause that number to vary, including:

  • The website you’re accessing (for added security, some sites always require a two-factor authentication -- such as access to the W-2 forms found through BannerWeb).
  • Your individual browser settings (whether or not you clear cookies or are using an incognito browser).
  • Whether or not you use more than one computer and web browser (Two-factor authentication is requested at least 14 days for each computer and each browser you use to access protected websites).
  • Whether you check the “Remember me for 14 days” box during the login process.

Why do I need Duo?

The unfortunate reality of our world is that hackers are routinely trying to steal your passwords and use them for various evil things like stealing your identity, stealing money from Miami, changing grades, and a host of other terrible things. As more and more of the members of the Miami community have been affected in these ways, we have come to realize, as most universities have, that a solution like Duo is a necessity.

Students, faculty, and staff will be required to use Duo after the Fall 2018 semester ends. On December 19, if you have not yet enrolled in Duo, when you attempt to access a password-protected Miami service (email, BannerWeb, myMiami, etc), you will be prompted to enroll.

I am an alumni, retiree, or emeriti. How will Duo affect me?

Unfortunately, our licensing terms do not allow us to provide Duo to our alumni, retiree, or emeriti populations. Anyone who is in one of these groups will only be protected by their Miami password. This highlights the importance of following good password practices!

Why did we make the switch to mandatory, University-wide two-factor?

As an institution, Miami University is responsible for the security of the personal information of all its faculty, staff, and students. Adding another step in the authentication process for accounts helps prove the person trying to access resources, which cuts down on phishing and safeguards data more effectively.

What happens when I lose my Duo device or leave it at home?

It happens to the best of us -- either we misplace something or forget to grab it on the way out the door. In this situation, call IT Help at 513 529-7900 and, once you've verified your identity, they will be authorized to give you bypass codes. At this point, you will not need two-factor to log in to your account for the next 24 hours. Don't forget your second-factor device after this!

What if I’m traveling internationally?

We recommend that anyone who travels internationally and needs to log in to Miami websites use the Duo Mobile Passcode option or a hardware token. You can use the Duo Mobile Passcode option to generate your authentication code without an internet or cellular connection. If you don’t have a smartphone or tablet, hardware tokens that generate codes are available for purchase at the Miami bookstore.

Announcing Duo

Maintaining a secure computing environment is one of the main goals of Miami University Information Technology Services. Enabling two-factor authentication across the entire range of online University resources is one step in the right direction toward that goal.

Please take a moment to read our statement about the move to Duo.