New staff and students are automatically enrolled with Duo, a two-factor authentication system. Duo requires set up before you can log in to any protected systems (eg Office 365, Minerva, etc.).
This article explains what Duo Two-factor authentication is and which devices you can use.
Overview:
What is two-factor authentication?
Two-factor authentication (2FA), also known as multi-factor authentication (MFA), improves security by requiring extra information or a physical device, in addition to your password, to log in. It is the same kind of system that is used for access to services like online banking, or Google and Amazon.
Rather than solely relying upon your password (something you know), you also need another factor (something you have). This second factor is typically an app on your phone. This means that even if someone knows your password they won’t be able to access your account. It only takes a few extra seconds to log in with the extra factor (app), but your account is much more secure, as seen here:
- Enter your username and password as usual.
- Use your phone to verify your identity.
- You are securely logged in.
How to enrol for Duo?
Before setting up Duo, you will need your University credentials, including username and password.
For both staff and students, you will have been sent an email to your personal email address on how to set your password and access your account.
Watch this video quick start guide, or follow the steps below to enrol. If you can't see the video, view it directly on the Duo guide.
- Login to office365.leeds.ac.uk or Minerva.
- The first time you log in, you will be prompted to register for Self-Service Password Reset (SSPR) and Duo.
- When you start the Duo setup a webpage will open. Click 'Start Setup' to continue.
(If you wish to learn more about Minerva, you can do so here: https://desystemshelp.leeds.ac.uk/minerva/)
Important: The images in this article where 'Acme' is indicated relate to the University 2FA website and not your device. They will look slightly different to match the university's web branding.
Which Device can I use?
In the next section, you will be asked what type of mobile device you are adding. The following instructions are for a mobile phone (the recommended option) but the process will be similar for other devices, just follow the prompts on screen.
Important: Using DUO Mobile is the recommended way to authenticate. For information about using other authentication methods or device options, see Duo - choosing and using your authentication device.
Step-by-step guidance for Duo Mobile
Duo Mobile is an app that runs on iOS and Android phones and tablets. It's fast and easy to use and doesn't require cell services. Duo pushes login requests to Duo Mobile when you have mobile data or wifi connectivity to the internet. When you have no data service, you can generate passcodes with Duo Mobile for logging in to applications.
The current version of Duo Mobile supports iOS 13.0 or greater and Android 8 or greater.
- Select your country from the drop-down list type your mobile phone number, and then click "Add phone number."
If you're going to use Duo Mobile on a tablet (like an iPad) with no phone service, don't enter a phone number and click "I have a tablet" instead.
- If you entered a phone number, double-check that you entered it correctly and click "Yes, it's correct" to continue (or "No, I need to change it" to go back and enter the number again).
If the phone number you entered already exists in Duo as the authentication device for another user then you'll need to enter a code sent to that number by phone call or text message to confirm that you own it. Choose how you want to receive the code and enter it to complete verification and continue. - Download and install Duo Mobile on your phone or tablet from the Google Play Store or Apple App Store. Once you have Duo Mobile installed click "Next."
- Open the Duo Mobile app on your phone or tablet and add this account by scanning the QR code shown on-screen.
If you aren't able to scan the QR code, tap "Get an activation link instead" and then enter your email address to send the activation link to yourself. Follow the instructions in the email to activate the new account in Duo Mobile. - When you receive confirmation that Duo Mobile was added click "Continue".
You can now log in to Duo-protected applications with Duo Push or with a Duo Mobile passcode.
Your preferences
Duo two-factor authentication will default to the most secure method to authenticate, or the last used method if different. If you would like to use a different option or add a device, select 'Other options'.
You can then choose another option, or select 'Manage devices' to add another device.
To access the device management you'll first need to verify your identity, just as you do when logging in to a service or application protected by Duo. Click on an available option to verify your identity. If you're visiting device management to delete or update a device you don't have anymore (such as a phone you lost or replaced), be sure to pick a verification option that you still have with you. If you don't have any devices you can use to authenticate to device management, contact the IT Service Desk.
After approving a Duo authentication request, you can see all your registered devices in the device management portal.
Add Another Device
To add a new method of verifying your identity in Duo, click "Add a device" and select one of the verification options.
Duo takes you through the steps of adding the new device, just like first-time enrollment. The difference between adding a new device from device management and during first-time enrollment is that when you have finished enrolling the new device you return to the device management page to view all your registered devices, including the new one, instead of continuing to log into an application.