Duo two-factor authentication


To improve University security, we use Duo Security, a two-factor authentication system.

Overview:

What is two-factor authentication?

Two-factor authentication (2FA), also known as multi-factor authentication (MFA), improves security by requiring extra information or a physical device, in addition to your password, to login. It is the same kind of system that is used for access to services like online banking, or Google and Amazon.

Rather than solely relying upon your password (something you know), you also need another factor (something you have). This second factor is typically an app on your phone. This means that even if someone knows your password they won’t be able to access your account. It only takes a few extra seconds to login with the extra factor (app), but your account is much more secure, as seen here:

Computer icon , phone icon and tick icon

Why is it necessary? 

Two-factor authentication gives you an additional layer of security when you log on to University systems. For example, Scammers try to get usernames and passwords through phishing attacks, malware or data breaches, but two-factor authentication means that even if they had access to your password they won’t be able to access your account.

What systems will be covered by Duo?

Many systems, including Office 365, Windows Virtual Desktop (WVD) and Minerva are protected by Duo, and more are being added. When you login to a protected system you will still enter your username and password. After inputting your login information, Duo will ask you to complete a method of second-factor authentication. Duo does not replace or require you to change your username and password – it's simply an extra layer of security.

This does not affect how you first log on to your computer.

How do I set up Duo?

Follow the guide in Enrolling for Duo two-factor authentication.

Important: if you are using Duo Mobile in China there are some extra things you need to be aware of. Please read the article Using Duo Mobile in China.

How do I authenticate? 

We recommend using the Duo Mobile app on a smartphone or tablet, as it is the easiest way to authenticate. Using the mobile app you'll receive a simple push notification (allowing you to respond with just a tap), or passcode to authenticate your login. Read more about your authentication options in 'Duo mobile - choosing and using your authentication device' or Watch a video of how to use the mobile app

What if I don’t have a mobile phone/other device, or don’t want to use my personal device?

The Duo mobile app is the recommended (and easiest) way to authenticate. However, you can also receive an SMS text - read 'Duo mobile - choosing and using your authentication device'. If you do not have a mobile phone or other device that can use the Duo Mobile app or receive SMS messages, please contact the IT Service Desk who will be able to provide a hardware token. If you use the hardware token, you will need to type a passcode in each time you have to authenticate (rather than just clicking ‘approve’ in the Duo Mobile app).

How often will I be asked to authenticate?

You will only need to authenticate when you are using protected services (see above) and are normally asked for your University username and password. If you do not need to enter your username and password, you will not need to use Duo authentication. 

Office 365 can save your credentials so you do not need to log on each time you use it. When prompted to 'Stay signed in?' during authentication choose 'Yes'.

Dialog box with text 'Stay signed in', a checkbox for 'Don't show this again' and buttons No and Yes

The Windows Virtual Desktop will ask you for your username and password each time you use it, so you will also need to authenticate via Duo each time you use it.

How can I reduce the number of times I have to complete Duo? 

You can configure Duo to remember you for a period of time by ticking the 'Remember me' box before you authenticate with Duo.

Dialog Box 'Duo: Remember me for 30 days'

If you have configured your account to automatically send you a Push, you will either need to disable this Auto-Push or dismiss the push, in order to be able to tick the 'Remember Me' box.

To disable the Auto-Push: 

Dialogue box: Settings and DevicesDialogue Box: Duo, Confirm its really youDialogue Box: Default Device/Authentication

Important: if you are using the Safari browser (for example on an iPad) you may need to switch off "Prevent Cross-Site Tracking" in order to use Duo's 'remember me' feature. There are instructions on how to do this on a Mac and on an iPad on the Apple support site.

Using Duo Mobile in China

If you are in China or travelling to China please read this information.

Important: If you are experiencing any issues and require further assistance please refer to Duo two-factor authentication FAQs.

More information

Back to top