2-Factor Authentication (2FA) at UD

University of Dayton account holders are required to use 2FA to access protected systems including Porches, UD Gmail, and Banner. This article covers the following topics:
 

How do I connect if I don't have my device?

Enrolling in and Using 2FA

Adding a Device

Renaming or Removing a Device

Reactivating an Existing Device

Enrolling a New Phone in Your 2FA Account

2FA FAQ
 

2-Factor authentication or "2FA" is a security measure that verifies your identity when you log into protected systems. As "2-factor" indicates, you verify your identity with two forms of information:

1 - Something You Know 2 - Something You Have
Your UD password Your phone or token

2FA technology provides added security to UD data systems in case your password is compromised. University of Dayton account holders are required to use 2FA to access protected systems including Porches, UD Gmail, and Banner.

NOTE: If this article does not resolve your 2FA problems or questions, contact the IT Service Center at (937) 229-3888 or submit an IT General Help Request.


How do I connect if I don't have my device?

If you don't have your phone and do not have a secondary device, use one of these options:

Option 1

Visit the IT Service Center for an in-person identity verification to obtain a bypass code.
 

Option 2

Send the IT Service Center, ITservicecenter@udayton.edu, a Zoom link from your personal email. Join them via your computer or other device for identity verification and a bypass code. If your device does not have a camera, you must visit the IT Service Center in person.
 

Enrolling in and Using 2FA

When you arrive at UD, you’ll be prompted to enroll in 2FA. Faculty / staff employees and graduate students will be prompted to enroll the first time they login to their UD computing account. Undergraduate students will be prompted to enroll shortly after starting classes.
 

Log In With the Duo Universal Prompt

After completing Duo enrollment, you'll see the Duo prompt the next time you perform a browser-based login to a web service or application protected with Duo.

The first time you log in to an application with Duo using the Universal Prompt, Duo will choose one of your configured login options automatically, selecting the most-secure method from the ones you have available.

The following Duo selections are listed from "most secure" to "least secure":

  • Duo Push: Push notifications are the easiest and most popular 2FA authentication method. After the Duo Mobile app is installed and active on your smartphone or table, choose the Duo push option to authenticate by tapping on an “approve” button on your phone. Duo Push requires an Internet connection. [Available on smartphones, tablets]
     
  • Duo Mobile Passcode: You can authenticate with a passcode from your smartphone or tablet, even without an internet connection or cellular service. Tap the "Show" link in the Duo Mobile app to display a 6-digit passcode. On the 2FA login page, type the 6 digits into the "Passcode" field and select "Log In." Passcodes expire after 30 seconds; generate a new passcode if needed. [Available on smartphones, tablets]
     
  • Duo Hardware Token: You can authenticate with a passcode from hardware token. Tap the green key button on the hardware token to display a 6-digit passcode. On the 2FA login page, type the 6 digits into the “Passcode” field and select “Log In.”
     
  • SMS Text: You can choose the "Text message passcode" option at the 2FA screen to send a text message to your phone with a one-time use passcode. Enter the 6-digit code into the passcode field on the 2FA screen. The passcode expires after 10 minutes; request a new passcode if needed. [Available on cell phones]
     
  • Phone Call: Have Duo Security call your phone and follow the simple phone prompts to authenticate. NOTE: This option is not preferred, as each phone call authentication incurs a small fee UD must pay our 2FA vendor. [Available on smartphones, cell phones, landline phones]
     

<Return to Top>
 

Adding a Device

To add a new method of verifying your identity in Duo, use the following steps:

  1. Open a web browser and log into an application with the Universal Prompt. For example, go to porches.udayton.edu and log in with your UD username and password to open the 2FA authentication prompt. STOP!  Do NOT authenticate!
     
  2. Click Other options.


     
  3. Click Manage devices.


     
  4. To access the device management you'll first need to verify your identity, just as you do when logging in to a service or application protected by Duo. Select Duo Push.
     
  5. Your registered devices appear in the device management portal screen. Click Add a device.


     
  6. Follow the steps for adding the new device. If you encounter any problems, contact the IT Service Center at (937) 229-3888 or submit an IT General Help Request.
     

<Return to Top>
 

Renaming or Removing a Device

To rename or remove a device, use the following steps:

  1. Open a web browser and log into an application with the Universal Prompt. For example, go to porches.udayton.edu and log in with your UD username and password to open the 2FA authentication prompt. STOP!  Do NOT authenticate!
     
  2. Click Other options.


     
  3. Click Manage devices.


     
  4. To access the device management you'll first need to verify your identity, just as you do when logging in to a service or application protected by Duo. Select Duo Push.
     
  5. Your registered devices appear in the device management portal screen.


     
  6. To rename or remove a device, click Edit.


     
  7. Click Rename to rename a device or click Remove to remove a device. If you remove a device, a confirmation screen appears:

If you encounter any problems, contact the IT Service Center at (937) 229-3888 or submit an IT General Help Request.
 

<Return to Top>
 

Reactivating an Existing Device

To reactivate Duo on an existing device, use the following steps:

  1. Open a web browser and log into an application with the Universal Prompt. For example, go to porches.udayton.edu and log in with your UD username and password to open the 2FA authentication prompt. STOP!  Do NOT authenticate!
     
  2. Click Need help?


     
  3. Click Activate Duo Mobile.


     
  4. Click I got a new phone.


     
  5. If you still use the same phone number as you did when you first set up the phone to use Duo Push, then click Text me a link.


     
  6. When the text message with the link arrives on your phone, tap it to reactivate Duo Mobile on your phone.
     

<Return to Top>
 

Enrolling a New Phone in Your 2FA Account

If you get a new phone or new phone number, you may need to reactivate DUO on your device.

2-Factor Authentication (2FA) FAQ

What if I lose my phone or token?

Immediately report lost phones or tokens to the IT Service Center 937-229-3888, itservicecenter@udayton.edu. If you have more than one device registered in the 2FA system, you can delete the lost device from your 2FA account. If the lost device was the only one registered in the 2FA system, the IT Service Center will assist you to unregister the device and register another device. NOTE: You will be charged a fee to replace a lost Duo token.

What if my device has no cell or internet connectivity?

For smartphones/tablets, use the Duo app and select the Duo key icon in the upper right-hand corner of the app to get a passcode. Standard cell-phone users enter one of the passcodes already texted to the phone. Tokens don't require any connectivity.

Sometimes my phone doesn't receive the Duo push notification. What's wrong?

Your phone might be asleep. For best results, wake up your phone before clicking the "Send Me a Push" option.  If that doesn't work, try deactivating your wireless connection before clicking the "Send Me a Push" option. If you still experience issues, contact the IT Service Center.

What if I get a login request from Duo that I didn't expect?

If you get a login request which you did not initiate yourself, do not approve the login request. Press "Deny" in the Duo app. You’ll have the option to report it as fraudulent, or you can tap "It was a mistake" to deny the request without reporting it. For phone calls, press 5 on your phone's keypad to deny the request.

What is a token?

A token is a small "keychain" device that provides temporary 6-digit passcodes assigned to your username. Your passcodes are not usable by anyone else. Tokens can be purchased through the UD Bookstore.

Duo token

Why am I receiving an error message that says “Incorrect passcode. Please try again.” after entering the passcode displayed on my token?

Your token may be out of sync. You can generally resync your token by attempting to log in three consecutive times, entering a new code each time. If this method of resyncing does not work, contact the IT Service Center for assistance.

What information/functions does the Duo app access on my phone?

These are the required permissions for using the Duo app:

  • Camera - take pictures. NOTE: Camera is only needed for enrollment; you can disable camera access after enrollment.
  • Receive data from internet
  • Prevent device from sleeping
  • Control vibration
  • Full network access
  • View network connections
  • Run at startup
     

<Return to Top>

Was this helpful?
35% helpful - 68 reviews
Print Article

Details

Article ID: 46767
Created
Tue 1/23/18 2:55 PM
Modified
Fri 6/7/24 10:35 AM