What is Multi-Factor Authentication (MFA)?
MFA adds a second layer of security to your online accounts. Verifying your identity using a second factor (like your phone or a hardware token) prevents anyone but you from logging in, even if they know your password.
How It Works
- Enter username and password as usual
- A "push" notification is sent to your registered device to verify your identity
- You are securely logged in
Why Do I Need This?
Passwords are increasingly easy to compromise. They can often be stolen, guessed, or hacked — you might not even know someone is accessing your account. MFA adds a second layer of security, keeping your account secure even if your password is compromised. This second factor of authentication is separate and independent from your username and password — Duo never sees your password. IT can provide a bypass code in emergencies such as when your phone is malfunctioning.
If someone is trying to impersonate you and logs in with your stolen username and password, you will receive an unsolicited Duo "push" notification to your registered mobile device.
Never respond to a Duo push notification that you did not initiate.
What are the Requirements to use Duo on my Mobile phone?
Minimum version requirements for software and hardware are listed here: iOS requirements, Android requirements. You must have access to the internet on your phone. Users who need to authenticate from secure areas (such as a SCIF on a miltary base), areas that have no internet access, or areas that do not allow personal phones will need to use another method to authenticate. A hardware token (Yubikey) or token generator can be provided if necessary. Talk to your supervisor or DRG Program Manager if this applies to you.
Table of Contents:
Section – Logging into a computer online
1. Ensure you are connected to Wi-Fi. (see red arrow below)
2. Once connected, login normally.
3. At the next screen hit “Send Push” to send a push notification to your phone.
4. Open your phone and go to Duo Mobile or the hit the notification and then hit the green “Approve”.
(jump to top)
Section – Logging into a Computer Offline (no internet)
1. At the login screen log in how you normally would.
2. Open the DUO app on your phone and select “Windows Offline”
3. At the next screen input the Windows Offline Code from your Duo Mobile app.
4. Once logged in connect to a Wi-Fi Network or continue to work offline.
(jump to top)
Section – How to use a Token Generator
Use a Hardware Token with the Traditional Duo Prompt
1 - To authenticate using a token generator, click the Enter a Passcode button at the Duo prompt.
2 - Press the button on your token generator to generate a new passcode, type it into the space provided, and click Log In or Verify (or type the generated passcode in the "second password" field).
3 - Using the "Device:" drop-down menu to select your token is not necessary before entering the passcode.
(jump to top)
Section – YubiKey Hardware Token Login Instructions and Offline Enrollment
1 - Log into laptop with your username and password.
2 - Checkmark “Remember me for 9 hours” when you get to the Duo Security prompt.
3 - Click into the passcode entry field and then tap the metal surface on your token with the "Y" on it and it will automatically input a code and sign you in.
4 - As soon as you do that you should be prompted to set up Offline Enrollment. Please make sure you select the Security Key (YubiKey) option to and then hit Activate Now.
5 - Follow the on-screen instructions on your laptop to finish the setup of Offline Enrollment for your YubiKey token.
(jump to top)
Section – How to activate a new phone
When you enroll in Duo for the first time and choose to add an Android device or use Duo Push, you're shown a QR code to scan with the Duo Mobile app to complete activation.
1 - Launch Duo Mobile and tap Set up account.
2 - To proceed with adding your initial Duo account to Duo Mobile, tap Use a QR code.
3 - Use your camera to scan the QR code shown by Duo Enrollment in your browser. If you're prompted to allow Duo Mobile permission to take pictures and record video, please grant it.
4 - Give the new account a name to complete adding it to Duo Mobile.
5 - It's a good idea to take a few minutes to practice approving and denying Duo authentication requests if you haven't used Duo before. Tap Practice now to go through some training screens like this one. If you feel comfortable using Duo Mobile to log in to applications you can tap Skip.
6 - You'll see your newly-added Duo account in the accounts list. Now you're able to respond to Duo Push authentication requests, or generate passcodes to log in to applications.
(jump to top)
Section – Office 365 Apps and other Online Services - Login instructions
1 - You will see the below prompt show up in the Desktop Outlook app. Please verify that the address is correct and then hit Next.
2 - Input your password for that account and hit Login.
3 - This step has 2 versions, Offline and Online
(Offline)
If you have a Yubikey, at the next prompt hit your YubiKey tokens green light “Y” and it will automatically input the code and move onto the next prompt.
If you have a Token Generator, you can type in the code here.
(Online)
If you choose to send push to phone for verify, make sure your phone is selected and click send push.
Open your phone and go to Duo Mobile or the hit the notification and then hit the green “Approve”.
4 - Next hit “Yes, this is my device” so that it will remember you for the next 9 hours.
(jump to top)