1. Home
  2. Departments
  3. Information Security
  4. DUO Security
  5. DUO Security FAQs

DUO Security FAQs

Authenticating

Two-factor authentication provides added security by prompting you to enter a unique code at sign in, in addition to your passphrase. The unique code, generated by your phone, is used only once. You can prompt the code from a device of your choosing (typically your smartphone). Using the DUO Mobile smartphone app (for iOS, Android) is the simplest and preferred method for obtaining the second-factor codes, but tokens and other methods are available.

  • A user can be tricked into giving away their Network ID and passphrases through a malicious email or phishing or other online scams.
  • Many people reuse passwords or passphrases on other websites (Amazon; LinkedIn). If compromised, attackers often publish or sell the passphrases.
  • A user shares their Network ID and/or passphrase (in violation of CWRU policy) with someone else.
  • A user logs in from an infected computer where attackers continue to run and record keystrokes of the users' passwords and/or passphrases (Keylogger).

Note: Make sure you’ve already purchased a YubiKey security key, and added that security key to your Duo account.

  1. Insert your security key.
  2. Go to the CWRU online application to which you want to log in.
  3. At the CWRU prompt, enter your NetID and password.

    You should see the following screens displayed:
    Duo screens prompting you to authenticate with your security key. Insert your key, then touch either metal sensors or a 'Y' enclosed circle.
  4. If your security key has metal sensors on either side, use your thumb and index finger to lightly touch and then release each of the protruding metal sensors simultaneously. If your key has a ‘Y’ enclosed in a circle, lightly touch that circle.

    You should see the following Duo confirmation screen:

 

  1.  

  2. Image of Duo authentication confirmation screen.

You’re now logged in to the CWRU application.

Verified Duo Push is a new version of Duo Push with enhanced security. Instead of tapping the green check-mark (Approve) button in the Duo Mobile app, you will enter a six-digit code into the app. 

Troubleshooting

If you have already logged in with DUO on your browser session (for example, to access your email, HCM, or MyApps), the enrollment app will see that you are logged in and redirect you to a success message. This behavior, verifying that your DUO authentication method is working properly, is normal for this app, and is vital for many users to understand that they have successfully used DUO.

  • If you logged in to an application that uses DUO (such as webmail, HCM, MyApps, etc), and you selected the Remember Me for 120 Hours option, the enrollment app will only be able to log you in.
  • In order to "Add a New Device" (or change a device), open an Incognito browser session in either Google Chrome or Firefox and proceed to the enrollment page. Do not select "Remember Me for 120 Hours" when signing in.
    • To open an Incognito session in Chrome, open Chrome and use the keyboard shortcut Ctrl + Shift + N.
    • To open an incognito/private session in Firefox, open Firefox and use the keyboard shortcut Ctrl + Shift + P.

You may have trouble receiving push requests if there are network issues between your phone and DUO. Many phones have trouble determining whether to use the WiFi or cellular data channel when checking for push requests. Here are some ways to troubleshoot:

  • Try turning on airplane mode, and then turning it off.
  • Try turning off WiFi on your phone and then request the code again using cellular data.
  • Check the time and date on your phone and make sure they are correct. If the date and time on your phone are manually set, try changing your device's date and time configuration to sync automatically with the network.

iOS users can run a troubleshooting tool within DUO Mobile version 3.32.0 or later. To run the tool:

  • Open the DUO Mobile app on your iOS device and tap the "Edit" button in the top left of the accounts list screen, then tap the name of the account that is not receiving push requests.
  • Next, tap the "Get Started" button in the "Missing Notifications?" section of the "Accounts Details" screen.
  • DUO Mobile performs the test. If any step fails, you will receive further troubleshooting suggestions. After completing the suggested actions, tap "Run test again" to retry.