Duo FAQ

Summary

Frequently Asked Questions about Duo two-factor authentication.

Body

Overview

  1. When is Duo required?
  2. I have the Duo app installed on my phone, but I'm not getting the alerts.
  3. What do I need to do if I get a new phone or a new SIM card in my existing phone?
  4. What if I lose my phone or other device that is my 2nd factor, and I need to connect to the VPN?
  5. Can I use a Yubikey as my 2nd factor?
  6. What do I do if I don't have a phone or tablet capable of using the Duo App?
  7. Why do I occasionally need to verify ownership of a device in the Duo Prompt?
  8. What if I don't have a Wi-Fi connection or cellular reception to use the Duo App?
  9. Does installing the Duo Mobile app give up control of my phone?
  10. Why does the Duo Mobile app need to access my camera?
  11. How much data does a Duo Push use?
  12. Is any software required on my laptop to use Duo?
  13. Why am I seeing the message “Access denied. Duo Security does not provide services in your current location” in the Duo Prompt?
  14. If I receive a Duo push notification requesting approval that I did not request, what should I do?
  15. Why did the cloud service I have integrated with my University email account stop working when I enabled Duo MFA for email?

When is Duo required?

Duo is required for accessing BannerWeb or the University VPN. A project is currently in process to require Duo to access University email, as well. The conditions for the VPN, BannerWeb, and Email are listed below.

VPN: Duo is required when accessing the VPN for all faculty, staff, and students. 

BannerWeb: Duo for BannerWeb is required for active faculty, staff, and students who wish to access BannerWeb from off-campus. NOTE: This is not required for students who have a status of 'enrolled'. You can view your status by logging in to https://webpass.richmond.edu and clicking on the button for Account Settings. If your user type shows 'enrolled', you will not be required to use Duo for BannerWeb. The user type for students switches from 'enrolled' to 'student' on the first day of classes and at that time, Duo for BannerWeb will be required from off-campus. 

Email: All faculty, staff, and students must use Duo for University email access.

I have the Duo app installed on my phone, but I'm not getting the alerts.

You may have the Duo app set to not allow notifications on your phone. Check the app settings to make sure that push notifications are allowed for Duo. 

If you are still having trouble, try these easy troubleshooting steps for iOSAndroid, or Windows Phone.

What do I need to do if I get a new phone or a new SIM card in my existing phone?

New Phone: If you get a new phone, you need to reactivate Duo following these steps: How to Reactivate a Smartphone or Tablet with Duo

New Sim Card: If you get a new sim card, but the phone you are using stays the same, your Duo app will still be connected. 

What if I lose my phone or other device that is my 2nd factor, and I need to use Duo?

You will need to Submit a Ticket for the Help Desk to have a temporary By Pass code generated for you. Once you have the code, you will sign in to the VPN or Bannerweb by selecting Enter a Passcode when prompted to use Duo. Once this code is generated, it can be used for 8 hours.

Can I use a Yubikey as my 2nd factor?

Yubikeys are not currently supported for the VPN.

What do I do if I don't have a phone or tablet capable of using the Duo App?

A Duo Hardware tokens is another method that can be used for two-factor authentication. Hardware tokens can be purchased from the bookstore and then enrolled by following these steps: How to Enroll in Duo with a Hardware Token

Why do I occasionally need to verify ownership of a device in the Duo Prompt?

During enrollment, the verify ownership step will appear when a new user is enrolling a device that was previously enrolled by another user.

What if I don't have a Wi-Fi connection or cellular reception to use the Duo App?

No problem! Tap the University of Richmond option in the Duo Mobile app to generate an authentication passcode. You do not need an Internet connection or a cellular signal to generate these passcodes. When prompted to authenticate with Duo, you will use this code instead of using a push notification.

Does installing the Duo Mobile app give up control of my phone?

No. Duo Mobile has no access to change settings on your phone. Duo Mobile cannot read your emails, it cannot see your browser history, and it requires your permission to send you notifications. Lastly, Duo Mobile cannot remotely wipe your phone. The visibility Duo Mobile requires is to verify the security of your device, such as OS version, device encryption status, screen lock, etc. We use this to help recommend security improvements to your device and you always are in control of whether or not you take action on these recommendations.

Why does the Duo Mobile app need to access my camera?

Duo Mobile only accesses your camera when scanning a QR code during activation.

How much data does a Duo Push use?

Almost none. 500 pushes to your device will use 1 MB of data in total. This is roughly equivalent to loading one webpage on your smartphone.

Is any software required on my laptop to use Duo?

No.  The Duo app is installed on a mobile device such as a phone or tablet, not a laptop.

Why am I seeing the message "Access denied.  Duo Security does not provide services in your current location" in the Duo prompt?

In order to comply with U.S. regulations, Duo blocks authentications from users whose IP address originates in a country or region subject to economic and trade sanctions enforced by the U.S. Office of Foreign Assets Control.

Users attempting to authenticate to a Duo-protected application from an access device with an IP address originating in an OFAC-regulated country or region will be blocked from completing their login and receive an error message.

Web-based applications will display the following error message: “Access denied. Duo Security does not provide services in your current location.” Other applications may display a generic failed login message.

OFAC restrictions relevant to Duo currently apply to the following countries or regions: Cuba, North Korea, Iran, Sudan, Syria, Crimea region, Sevastopol region, Donetsk region, and Luhansk region.

If I receive a Duo push notification requesting approval that I did not request, what should I do?

Duo MFA is a second factor to provide validation that you are the owner of the account for which you are requesting access.  A bad actor who obtains your credentials and tries to access an account protected by Duo MFA will still be required to use Duo to validate their identity. You would receive a Duo notification that you did not request if this were to happen. Bad actors try this tactic in hopes you are not aware enough and just push approve.  Remember, do not approve any request that you did not initiate!   If this happens, deny the request and contact the Help Desk at 804-487-6400 or Information Security at infosec@richmond.edu to report the event.  

Why did the cloud service I have integrated with my University email account stop working when I enabled Duo MFA for email?

If you have your University email account linked to an external cloud service, such as a calendar booking service, you may need to reauthorize your account after you enable Duo MFA for email.  Please consult your vendor's support site for information on how to reauthorize your account with the service. 

Details

Details

Article ID: 88508
Created
Fri 10/4/19 2:18 PM
Modified
Wed 11/20/24 4:06 PM

Related Articles

Related Articles (1)

Hardware Tokens are an option that can be used for Duo's Two-Factor Authentication if you don't have a smartphone or tablet that the Duo App can be installed on.

Related Services / Offerings

Related Services / Offerings (1)

Duo
All Faculty, Staff, and Students are required to use Duo when logging in to Bannerweb or when connecting to the VPN.