DUO Security FAQs | University Technology, [U]Tech | Case Western Reserve University

Authenticating

Two-factor authentication provides added security by prompting you to enter a unique code at sign in, in addition to your passphrase. The unique code, generated by your phone, is used only once. You can prompt the code from a device of your choosing (typically your smartphone). Using the DUO Mobile smartphone app (for iOS, Android) is the simplest and preferred method for obtaining the second-factor codes, but tokens and other methods are available.

Why do I need to use DUO?

A user can be tricked into giving away their Network ID and passphrases through a malicious email or phishing or other online scams.
Many people reuse passwords or passphrases on other websites (Amazon; LinkedIn). If compromised, attackers often publish or sell the passphrases.
A user shares their Network ID and/or passphrase (in violation of CWRU policy) with someone else.
A user logs in from an infected computer where attackers continue to run and record keystrokes of the users' passwords and/or passphrases (Keylogger).

Troubleshooting

Why is the enrollment page telling me I logged in?

If you have already logged in with DUO on your browser session (for example, to access your email, HCM, or MyApps), the enrollment app will see that you are logged in and redirect you to a success message. This behavior, verifying that your DUO authentication method is working properly, is normal for this app, and is vital for many users to understand that they have successfully used DUO.

Why can't I get the "Add a New Device" page?

If you logged in to an application that uses DUO (such as webmail, HCM, MyApps, etc), and you selected the Remember Me for 120 Hours option, the enrollment app will only be able to log you in.
In order to "Add a New Device" (or change a device), open an Incognito browser session in either Google Chrome or Firefox and proceed to the enrollment page. Do not select "Remember Me for 120 Hours" when signing in.
- To open an Incognito session in Chrome, open Chrome and use the keyboard shortcut Ctrl + Shift + N.
- To open an incognito/private session in Firefox, open Firefox and use the keyboard shortcut Ctrl + Shift + P.

Why have I stopped receiving Push notifications on DUO mobile?

You may have trouble receiving push requests if there are network issues between your phone and DUO. Many phones have trouble determining whether to use the WiFi or cellular data channel when checking for push requests. Here are some ways to troubleshoot:

Try turning on airplane mode, and then turning it off.
Try turning off WiFi on your phone and then request the code again using cellular data.
Check the time and date on your phone and make sure they are correct. If the date and time on your phone are manually set, try changing your device's date and time configuration to sync automatically with the network.

iOS users can run a troubleshooting tool within DUO Mobile version 3.32.0 or later. To run the tool:

Open the DUO Mobile app on your iOS device and tap the "Edit" button in the top left of the accounts list screen, then tap the name of the account that is not receiving push requests.
Next, tap the "Get Started" button in the "Missing Notifications?" section of the "Accounts Details" screen.
DUO Mobile performs the test. If any step fails, you will receive further troubleshooting suggestions. After completing the suggested actions, tap "Run test again" to retry.

Why is my DUO token not working anymore?

Your DUO token can become out of sync if it pressed too many times in a row without the generated codes being used for login. If your DUO token is out of sync, please contact the [U]Tech Service Desk to have them resync your token.

Email: help@case.edu
Telephone: 216.368.HELP (4357)
Visit C.A.R.E. Center in Kelvin Smith Library

DUO Tokens and YubiKeys

Is there a difference between a DUO Token and a YubiKey?

DUO Tokens and YubiKeys are terms used interchangeably around campus, but this is incorrect as they are fundamentally difference devices.

DUO Tokens are hardware devices from DUO Cisco that generate one-time use passcodes. There is no need to plug in a DUO Token to a computer to use it, and there is no need to hold it close to your computer or phone to generate a passcode.

YubiKeys are also called security keys, FIDO keys, or universal two-factor keys. Rather than generating codes for authentication, YubiKeys must be plugged into the device that requires authentication. You must also press down on the gold part of the YubiKey to complete the authentication. They can also be held close to the device to be scanned, as in the case of a cell phone.

How do I get a DUO Token?

All CWRU employees and students can request their first DUO Token for free by contacting the [U]Tech Service Desk. The Service Desk will assign you a DUO Token and enroll it under your account. Once a token has been assigned to you, you can pick it up from the [U]Tech CARE Center in the Kelvin Smith Library.

What should I do with my DUO Token when I leave the university?

If you are no longer using your case.edu email, simply return the DUO Token to the [U]Tech C.A.R.E. Center in the lower level of the Kelvin smith Library
If you plan to have continued access to your case.edu (as a student or alumni), you can continue using your DUO Token if wish to do so.
If you are enrolling a new device and do not wish to have your token, you can return the DUO Token to the [U]Tech C.A.R.E. Center in the lower level of the Kelvin Smith Library.,