Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Duo does not collect personal information from your smartphone. By using your personal smartphone to access Duo protected services, you are consenting for Duo to store your personal cell phone number and if you select the "call me" option, charges may apply.

Do I have to use Duo every time I log in to FredApps?

  • Duo allows you to remember a device for 12 hours. You can approve any computer that you commonly use and will not be required to provide two-factor authentication confirmation during the 12 hour period as long as you use the same computer (or other device) and browser. For example, if you have a desktop and a laptop, you can approve both computers as trusted devices and not have to confirm your identity with a phone until after the 12 hours has expired.

Can I set up Duo on more than one phone?

  • You are required to set up Duo on more than one device which can be another phone in case you forget a phone at home or are not at your office phone. When you are doing your initial setup, you may add a landline and/or mobile. After that, when you are logging in, you can choose which line Duo will send the authentication request to (via Duo Mobile app or phone call depending on what you chose).

What is Duo Push?

  • Duo Push is a feature within the Duo Mobile app that delivers two-factor push notifications to your phone for fast and secure access. Duo Push is resilient against man-in-the-middle attacks that allow attackers to steal your password and your second factor. After logging in with your username and password, choose Duo Push on the authentication prompt. Then, tap ‘Approve’ on the push notification sent to your phone seconds later to securely access your application.

I have a new phone and the Duo app stopped working. What should I do?

  • If you get a new phone make sure you install and re-activate the Duo app. You can re-activate the Duo Mobile app on your new phone by going to the Settings menu in the Duo login screen (you have to logon to any service protected by Duo to get the login screen), selecting the My Settings and Devices option, go thru the Duo authentication by placing a call to the phone. Click on the phone number to go to the settings of your phone and select Reactivate Duo Mobile. Follow the instructions to install and add your account to Duo Mobile.  

    • NOTE: When adding a new device, it is easier to use an Incognito / Private Browser window to get to the Setting menu on a Duo login panel, than it is to completely log out of a browser.

  • If you have difficulties with this process, you can submit a ticket to the Information Security Office by emailing security@fredonia.edu.

Can I use the Duo Security internationally?

  • The Duo smartphone app is designed to work internationally. However, you are required to notify the Information Security Office (security@fredonia.edu) prior to using it internationally if you are traveling to areas that are part of the European Union due to privacy laws restrictions. The ISO will temporarily disable your Duo Security account protection while you are in the European Union. Your access to email and other protected services will not be disabled during this time only Duo. 

How do I select the "Remember me for 12 hours..." checkbox if the Duo Authentication Prompt is automatically sending a push?

  • The Duo Authentication Prompt will gray out the rest of the prompt during an automatic push. Follow these steps to select the "Remember me for..." checkbox:

Click Cancel on the automatic push message at the bottom of the prompt.
Select the Remember me for 12 hours... checkbox.
Initiate another push and authenticate. You will now be remembered on that browser on that computer for 12 hours.

What happens if I set up my browser to clear cache/cookies after exiting?

  • The “Remember your device for 12 hours” option uses a persistent cookie. If you clear cookies after you log off of the browser, the device will not be remembered and you will have to confirm your identity again when logging in.
    If your browser is not remembering that you checked the “Remember Me” box, then check the cookie settings of your browser.
    Chrome's  “incognito” setting, Firefox's“ private window,” and Internet Explorer's/Edge's “InPrivate"” settings will affect this behavior and the “Remember Me” feature will not work.

Can Duo's Remembered Devices feature work if third-party cookies are blocked?

  • The Remembered Device feature will work if an exception is made in the browser's security settings for third-party cookies coming from Duo Security.
    Duo's cookies are only used to remember a Remembered Device. The cookies and associated data are never used for advertising or marketing purposes.

To add an exception for Duo-served cookies, use the following format, depending on which browser you're using:

Internet Explorer:  *.duosecurity.com

Firefox:https://duosecurity.com

Chrome and Opera: [*.]duosecurity.com

Note that Safari does not allow setting exceptions for third-party cookies

What if I forget my phone at home?

  • You will need to use your backup second factor to authenticate (e.g. hardware token, landline etc..)

What if I lose my phone?

  • Contact the ISO at security@fredonia.edu immediately and we will lock your Duo account to prevent malicious activity.

After confirming a legitimate login attempt, I'm stuck on a strange two-step screen. Why?

  • Logging in with Duo requires that JavaScript is enabled. If it is not, your attempt to log in will fail. If you encounter this issue, disable any JavaScript blocking plugins or browser settings (or include an exception for scripts from duosecurity.com) and attempt to log in again.

What if I don't have a cellphone?

  • If you don’t have a cell phone, Duo allows you to use your landline phone. You would receive an automated phone call that requires you to hit any button to confirm your identity.

What if I don't have a data plan on my phone? What if I don't have a connection?

  • The Duo smartphone app provides options that work without a data plan, a texting plan or even a connection, if necessary. The app can generate the required code without need of either a telephone signal or data plan, and it can do so anywhere in the world. If you have a signal and data plan, the app makes two-factor authentication as easy as a pushing a single button, but if you don’t, you can use the app to generate a six digit code and enter that instead.

What data is being collected by Duo?

  • First Name
  • Last Name
  • Fredonia Email Address
  • University Phone Number (only if the employee enrolls their University owned cell phone or landline)
  • Personal Phone Number (only if the employee enrolls their personal cell phone or landline)
  • IP Address of the device used to access a University protected service
  • Date and time that you access Fredonia electronic services

What if I want to use a Hardware Token with Duo?

 A security token (also referred to as a hardware token) is a small hardware device carried by a user to authorize access to a protected service.  Duo Fredonia supports standalone (USB) and one-time passcode (OTP) hardware tokens for two-factor authentication.

Fredonia currently offers the following options for hardware tokens for 2 factor authentication.:

Option 1 - If you do not have a University issued cell phone and you do not have a dedicated landline assigned to your office or your job often requires you to be away from your office phone (e.g. faculty), then the University will provide you a OTP USB hardware token. You will be required to sign for the token when it is issued to you and return it to the Information Security Office when you are no longer employed with Fredonia. If you lose the token you will be required to replace it at the cost of $20$40.00 each. These tokens use a non-replaceable battery, typically last two years and have a six month warranty. NOTE: Please be aware that these tokens may get out of sync and not work properly if you repeatedly press the button without entering the code to authenticate (e.g. storing on your keychain).

Image Removed

 Please contact the Information Security Office (716) 673-4725 or security@fredonia.edu to request a USB hardware token.

Image Added

Yubikey 4

Option 2 - If you prefer, you can get a USB device that you can automatically generate and submit a one-time password into a text field validated by Duo. There are two models supported and both require a USB port. small form-factor USB device used primarily for laptops. Departments are responsible for purchasing these hardware tokens and then provide them to the Information Security Office for initial (one-time) programming before they can be used with Duo.  Please contact the Information Security Office (716) 673-4725 or security@fredonia.edu for more information.Yubikey 4Yubikey NanoImage Removed        Image Removed(Please request a quote for Yubikeys from Byron Hemingway at Byron@yubico.com or 650-862-9136.) 

    Image Added

 Yubikey Nano

How do I use a Hardware Token with Duo?

Please visit the following URLs short instructional videos:

OTP Hardware Token 

Yubikey 4 

Yubikey Nano

What if I have student employees that access University Duo protected services?

Student employees that access protected Fredonia electronic services (e.g. department email account, SUNY Employee Portal etc.) are required to use Duo Security. The Information Security Office will issue the student employee's supervising department head a new generic eServices account solely to be used for the student employee's work responsibilities. Supervising department head's are responsible for the appropriate use of the issued eServices account in accordance with all Fredonia policies and applicable laws. They are responsible to provide the eServices account credential to their student employee, reset the password each time they reissued it to a new student employee and collect the hardware token from the student employee when their employment ends. The eServices account will use a University provided OTP hardware token (Option 1 above) as the primary second factor and the departmental office landline as the back up second factor device. Departments need to contact the Information Security Office (security@fredonia.edu) to request a new Student employee eServices account and Duo Security hardware token. 


...