Duo two-factor authentication - FAQs


Please review the following Frequently Asked Questions about Duo, including guidance for set up, security and troubleshooting.

Overview:

General questions

What is Duo?

Duo is the two-factor authentication system that protects your University of Leeds account from unauthorised access. It offers different methods of adding extra security to your account, but we recommend using the free Duo Mobile app, which is available from both the Apple and Android app stores. Read more in Duo two-factor authentication.

What is two-factor authentication?

Two-factor authentication adds a second method of identity verification to secure your University of Leeds account and the devices, files and systems associated with it. It’s commonly used for online services, like banking, and works by combining something you know, your password, with something you have, like your mobile phone. This ensures that even if someone has your password, they still won’t have enough information to access your account. Read more in Duo two-factor authentication.

Why is Duo necessary?

Passwords are increasingly easy to compromise. They are often stolen, guessed or hacked - you might not even know if someone is accessing your account. Duo provides an extra layer of security to keep your account secure, even if your password is compromised. 

What services use two-factor authentication?

Many services at the University are protected by Duo two-factor authentication, including Microsoft Office 365, Minerva and Windows Virtual Desktop (WVD).

Do I still need to use Duo on campus? 

Yes. You need to use Duo to access protected University services wherever you are.

How often will I have to authenticate?

You will only need to authenticate when you are using protected services (see above) and are normally asked for your University username and password. If you do not need to enter your username and password, you will not need to use Duo authentication. 

Can I reduce the number of times I have to authenticate with Duo?

Office 365 can save your credentials so you do not need to log on each time you use it. Follow the step-by-step instructions in Duo two-factor authentication.

Getting started

Do I have to use two-factor authentication? 

Yes. All staff and students need to use two-factor authentication to be able to logon to some systems at the University, unless you've been granted a specific exemption. 

What if I don’t have a mobile phone/other device, or don’t want to use my personal device?

The Duo mobile app is the recommended (and easiest) way to authenticate. However, if you have network / wifi / device issues, you can also receive an SMS text with a passcode - read 'Using passcodes via SMS text messages'. The article explains the process and how to use the 5 passcodes sent by text message, which are an easy solution if you experience reception issues either on campus or at home.

If you do not have a mobile phone or other device that can use the Duo Mobile app or receive SMS text messages, please contact the IT Service Desk who will be able to provide a hardware token. If you use the hardware token, you will need to type a passcode in each time you have to authenticate (rather than just clicking ‘approve’ in the Duo Mobile app). See the article on 'Using the Duo mobile app' for information on how to use the app, what a push notification is, passcodes and hardware tokens.

Important: when contacting IT for a hardware token or any changes to your profile you will need to confirm your identity to comply with security protocols.

How do I set up Duo?

Duo will prompt you to enrol the first time you log in to a protected service. Simply, follow the instructions on screen to register your smartphone, tablet or other device and install the free Duo Mobile app.

Enter 'Duo Mobile' into App Store / Google Play, search and select the app matching the Duo Mobile logo Duo Mobile Logoor use the links below.

Read our article enrolling for Duo two-factor authentication

What software and operating systems are supported by the app?

For the latest information see the 'Supported devices' paragraph in the Duo guide (Duo website)

I can't use the Duo Mobile app, what other options are there?

If you can’t use the Duo Mobile app, there are two other ways to authenticate: SMS text message or hardware token. Read about choosing and using your authentication device

Can I register more than one device for Duo?

Yes. We recommend you set up Duo on more than one device, in case your primary device is lost or stolen. You can add additional devices when you first enrol or at any time after that by clicking 'Add a new device' whenever you're asked to authenticate. Read our guide Duo - adding and removing mobile devices or 'Adding a new device' (Duo website).

You can also see what devices you've registered and edit or delete them by clicking 'My Settings & Devices' whenever you're asked to authenticate.

Authentication and the mobile app

Does it cost me anything to authenticate with my phone?

No, if you are connected to a wireless network. If you are using your phone's mobile connection (4G) it will use a very small amount of data (less than 2KB for a push notification). The 'Enter a passcode' method does not use any data. 

Can I still get a code if my mobile phone doesn’t have data reception?

If you don't have any data reception on your phone, choose the passcode method of authentication. The Duo Mobile app will generate a passcode, and you can type this into the authentication prompt. Please see this article for further information on passcodes.

What happens if I don’t have my registered device (eg mobile phone) with me?

If you have a secondary device registered, you can use that instead by selecting it from the dropdown box at the top of the authentication window. If you have not registered a second device, or do not have it with you, you will need to contact the IT Service Desk using the forms on the IT homepage. .

What happens if I accidentally deny the Duo Security push notification?

You can request a new push notification from the prompt. 

I'm travelling/studying outside the UK, will Duo still work? 

Yes. Duo will continue to work as normal over wifi or mobile data. If wifi or mobile data is not available, you can still generate a passcode within the Duo Mobile app by clicking 'Show'. For more information on using passcodes read about choosing and using your authentication device.

Using Duo Mobile in China

If you are travelling to China we recommend that you download the app before you leave the UK. The Google Play store is not available in China. However, you can download the Duo Mobile App direct from the Duo website.

While in China, you may find that you need to use passcodes as your authentication method instead of receiving push notifications. For more about using passcodes read choosing and using your authentication device.

Lost/stolen/new device or software upgrade

My registered device (eg phone) is lost or stolen. What do I do?

If you've already registered another device with Duo, you can use this instead - select it from the drop-down box at the top of the authentication window. Remove the lost/stolen device straight away from your Settings in Duo. Follow the steps in adding and removing mobile devices or 'Adding a new device' (Duo website)

If you haven't registered another device with Duo, contact the IT Service Desk as soon as possible using the forms on the IT homepage. .

I’ve deleted/reinstalled the Duo Mobile app, how do I get it working again?

You'll need to reactivate the Duo Mobile app. See our step-by-step guide to reactivating Duo.

I've updated the software on my phone. How do I reactivate Duo?

You'll need to reactivate the Duo Mobile app. See our step-by-step guide to reactivating Duo.

I’ve changed my phone but kept the same number, how do I use the Duo Mobile app again?

You'll need to reactivate the Duo Mobile app. See our step-by-step guide to reactivating Duo.

I’ve changed my phone and have a different number, how do I use the Duo Mobile app again?

If you still have access to your original phone, follow the steps for adding and removing mobile devices or 'Adding a new device' (Duo website) to add your new phone on Duo before removing your original phone as a device.

If you no longer have access to your original phone, please contact the IT Service Desk for help using the forms on the IT homepage.

Security

Who has access to my phone number? 

IT Service Desk staff have access to your phone number, and the Duo mobile app collects information from your device when you attempt to authenticate using that device, but it is not used to track what you are doing. For more information see the privacy article on the Duo website.

What access does the Duo mobile app need on my mobile device? 

The Duo Mobile Apps needs access to your camera to scan a QR code when you are setting it up, and also needs to be able to send you notifications. It will not access your personal data. If you do not want to use the app, you can opt to have receive an SMS message with a passcode instead. However, this is less convenient than using the app as you'll need to type a code in every time you need to authenticate.

Does Duo see my University password?

No

What should I do if I receive an authentication request I didn't ask for?

If you receive an authentication request that you did not ask for, you should deny the request. If this happens repeatedly, your University password may have been compromised. Please change your password immediately and contact the IT Service Desk using the forms on the IT homepage.

I'm sure the authentication request has come from me, but the location is wrong. Why?

The location shown may not be accurate if you are not on campus (but should show in the right country). If you have just requested a push notification when you receive the authentication request, you can assume it is genuine.

If you had not requested a push notification, your University password may have been compromised. Please change your password immediately and contact the IT Service Desk using the forms on the IT homepage.

Technical issues

I’ve enrolled but nothing has happened

Now you are enrolled you will only be prompted for an authentication request when Office 365 requires you to enter your password. If your session is active this may not happen for some time. You will always be prompted when using a new device, client or browser for the first time. You can test for an authentication request by opening a browser window in InPrivate mode (Microsoft Edge) or Incognito mode (Chrome) and visiting www.office.com and logging in.

I’m using Microsoft Office 2013 and I can no longer access my email or Office 365.

Two-factor authentication should work with Office 2013 on PCs on campus.  If you are using a University device and working remotely your device may not have been updated to allow two-factor authentication to work with Office 2013. Please contact the IT Service Desk using the forms on the IT homepage.

If you are using a personal device you can install the latest version of Office for free by logging on to https://office365.leeds.ac.uk 

I’m using the Apple native mail App on iOS 11, or greater, and I can no longer access my email.

You will need to reconfigure the App. See Setting up email on iOS (iPhone and iPad)

Who should I contact if I have more questions about two-factor authentication?

If your question isn't answered here, you can find more advice in the Duo guide (Duo website), including answers to some common issues. If you are still having problems, please contact the IT Service Desk using the forms on the IT homepage

Important: when contacting IT you may need to confirm your identity to comply with security protocols.

Back to top