Frequently Asked Questions about Two-Step Verification (Duo)

Overview (What is Two-Step and how will it affect me?)

  1. What is Two-Step Verification? 
  2. How does Two-Step Verification work?
  3. Why should I use Two-Step Verification?
  4. Do I have to use Two-Step Verification to access my account?
  5. What devices are supported to register for Two-Step Verification?
  6. Which University services or systems currently require Two-Step Verification for login?

Setup & Activation (How do I get Started?)

  1. How do I get started?
  2. How many devices can I enroll in Two-Step Verification?
  3. What if I do not have a mobile device?

Usage (How do I use Two-Step?)

  1. How do I manage or edit my Two-Step Verification devices?
  2. Remember Me - Set up DUO to Require One Login Per Day?
  3. How do I authenticate with my smart phone app if I don't have cell signal, data, or Wi-Fi connection?
  4. My account is locked out. What should I do?
  5. How Much Data Does a Duo Push Request Use?
  6. Why Have I Stopped Receiving Push Notifications From Duo Mobile?
  7. What If My Phone Does Not Have Internet or Cell Service?
  8. Does Using Duo Give Up Control of My Smartphone?

Help & Additional Guidance (How can I learn more and get help?)

  1. I don’t have my Two-Step Verification device with me. What can I do?
  2. What do I do if I get a Two-Step Verification push notification on my device when I didn't log in?
  3. Can I use the app on my smart phone without affecting my data plan?
  4. I replaced the phone that I had registered in Two-Step Verification. What should I do now?
  5. What should I do since I lost my device that I use to authenticate with Duo?
  6. Why have I stopped receiving push notifications on the Duo Mobile app?
  7. My iOS mobile device is running an older iOS and I am unable to install the Duo Mobile application from the App Store. What do I do?
  8. How do Hardware Tokens Work?

What is Two-Step Verification? 

Two-Step verification, also known as "multi-factor authentication" or "MFA", provides an extra layer of security in addition to passwords. This additional step ensures that your information, transactions or online work is safer from unauthorized access by requiring a second method of authentication, such as a phone, code or other registered device, to verify your identity. Even if someone obtains your password, they cannot access your account without having your registered Two-Step device.

How does Two-Step Verification work?

Two-Step Verification, also known as Duo or "multi-factor authentication" uses mobile technology to send an authentication request to your registered device. When you log into the SSO and click on a service that requires MFA, a notification will be sent immediately to your smartphone or other registered device. You simply tap Approve on the screen, which verifies that you are the person logging in and your access will be available.

Why should I use Two-Step Verification?

Two-Step Verification provides extra protection for the sensitive information our systems contain in case you are a victim of phishing or hacking. If someone steals your credentials and tries to access your account, your user name and password will not be sufficient to log in. The thief will also need to have access to your device to complete the log in process. If someone else tries to log in to your account, you will be notified on your device and you can deny them access instantaneously. Services such as Common Financial System (CFS) require the use of Two-Step verification.

Do I have to use Two-Step Verification to access my account?

Two-Step is currently required for people with access to the Common Financial System (CFS).

What devices are supported to register for Two-Step Verification?

  • iOS devices (iPhone, iPad, iPod)

  • Android devices (phone, tablet)

  • Blackberry

  • Windows Phone 7

  • Windows Mobile

  • Other cell phones (non-smart phones) and landline telephones

  • Hardware Tokens can be provided upon request.  Please check with your Administrative Services Manager (ASM) or department coordinator.

How do I get started?

If you're a CFS user, please refer to this article to setup Two-Step verifcation

How many devices can I enroll in Two-Step Verification?

Two-Step Verification lets you register multiple devices to your account, so you can always access your account even if one device is temporarily unavailable. We recommend a maximum of three devices.

How do I manage or edit my Two-Step Verification devices?

Please refer to this article that describes how to add or remove devices.

I don’t have my Two-Step Verification device with me. What can I do?

Contact the Technology Help Desk (THD) at (562) 985-4959 for assistance. Or visit us in the Horn Center Lobby or Library 5th Floor.

Which services or systems currently require Two-Step Verification for login?

Users with access to the Common Financial System (CFS). New systems will be added to this listing as services are added.

What do I do if I get a Two-Step Verification push notification on my device when I didn't log in?

If you get a push notification from the Duo app that you did not request, that means someone else is trying to log in using your account and your Beach ID account may have been compromised. Tap the Deny button in your Duo app. 

How do I authenticate with my smart phone app if I don't have cell signal, data, or WiFi connection?

If you cannot use a “Push” or “Call,” use a “Passcode.” You can generate a passcode by touching the green key in the Duo Mobile app. You can also generate a passcode with a token. If you don’t have the app or a token, use one of the back-up codes you had texted to you when you enrolled in Duo.

If none of these options work, please contact the THD for assistance.

Can I use the app on my smart phone without affecting my data plan?

To use the app with no impact on your data plan, you must first connect to a wireless network. Then open the Duo Mobile app and tap the key icon to the right of “CSULB”. A passcode (set of numbers) will appear. Using the passcode requires no data usage on your plan. Then log in to the system using the passcode.

I replaced the phone that I had registered in Two-Step Verification. What should I do now? 

  1. If your phone number is the same:

  • If you use the push option through the Duo Mobile app installed on your phone, you will need to reactivate Duo Mobile on your new phone. To do this you will need to add it as a new device.

  1. If your phone number changed:

  • If you have an alternate/backup device enrolled in Two-Step Verification: 

    • Log in https://sso.csulb.edu, and click on a service that requires Two-Step verification. 

    • From the Device drop-down menu, select your alternate/backup device, then click “Manage Devices” to authenticate using Duo

    • Use the Actions drop-down menu to delete your old phone, then click “Enroll another device” to enroll your new phone. 

*If you do not have an alternate/back-up device enrolled, call the THD at (562) 985-4959.*

What should I do since I lost my device that I use to authenticate with Duo?

Contact the THD at (562) 985-4959 immediately if you lose your phone or suspect it has been stolen. They will disable your phone from being able to authenticate with Two-Step Verification and help you log in using another device.

My account is locked out. What should I do?

The most common reason why your account is locked is because you have entered an incorrect password for your Beach ID account or the Two-Step has failed at least 10 times. Please contact the THD at (562) 985-4959 or helpdesk@csulb.edu.

Why have I stopped receiving push notifications on the Duo Mobile app?

You may have trouble receiving push requests if there are Wi-Fi issues between your mobile device and Duo Security. Many mobile phones have trouble determining whether to use the WiFi or cellular data when checking for push requests. Simply turning the phone to airplane mode and back to normal operating mode again often resolves these issues or if there is a reliable Internet connection available. Similarly, the issue may be resolved by turning off the Wi-Fi connection on your device and using the cellular data connection. If these two methods do not resolve the issue, contact THD at (562) 985-4959 or helpdesk@csulb.edu.

My mobile device is running an older OS and I am unable to install the Duo Mobile application from the App Store. What do I do?

You may need to upgrade to a newer iOS or Android version to install the Duo mobile app.

What if I do not have a mobile device?

Although use of the Duo Push app on a mobile device is recommended, Two-Step supports hardware tokens.  To request a hardware token please contact your ASM or department coordinator.

How do Hardware Tokens Work?

Tokens work with any browser and do not require a usb port. Tokens display a passcode at the touch of a button, but you must then type in the passcode.

Remember Me - Set up DUO to Require One Login Per Day?

To avoid being prompted by Two-Step verification multiple times a day, select the checkbox next to Remember me for 1 Day during login.  Two-Step login won't prompt you again for most campus services for the next 24 hours.

Limitations on Remember Me for 1 Day

  • Remember Me won't carry over between different computers.
  • It won't carry over when you switch web browsers, like changing from IE to Firefox.
  • It isn't available for all services.
  • Due to some technical limitations, it may not carry over between different services.

How Much Data Does a Duo Push Request Use?

Duo Push authentication requests require a minimal amount of data -- less than 2KB per authentication. For example, you would only consume 1 megabyte (MB) of data if you were to authenticate 500 times in a given month.

Why Have I Stopped Receiving Push Notifications From Duo Mobile?

There are several reasons this could be happening. Please try the following to troubleshoot:

  1. Make sure your enrolled device has a cellular network or WiFi connection.
  2. Have the Duo Mobile app open when you authenticate.
  3. Try these additional push troubleshooting steps:
  4. If the above solutions don’t work, try using another authentication method, such as passcodes provided in the Duo Mobile app.

What If My Phone Does Not Have Internet or Cell Service?

See this Duo Knowledge Base article for information on authenticating without Internet or cell service: https://help.duo.com/s/article/4449?language=en_US

Does Using Duo Give Up Control of My Smartphone?

No. The Duo Mobile app has no access to change settings or remotely wipe your phone. The visibility Duo Mobile requires is to verify the security of your device, such as OS version, device encryption status, screen lock, etc. We use this to help recommend security improvements to your device. You always are in control of whether or not you take action on these recommendations.

Details

Article ID: 71909
Created
Tue 2/12/19 3:27 PM
Modified
Tue 7/30/19 3:40 PM