2-Factor Authentication with Duo Security
LSCPA has implemented two-factor authentication using Duo Security, which adds a second layer of security when logging into applications that require it. By verifying your identity using a second factor (e.g., phone or other mobile device), you prevent anyone but you logging into your LSCPA account even if they gain access to your password.
- If Duo is being rolled out to your department, you will receive an email from IT Services regarding Duo deployment.
- If you need to access an application that uses Duo and you have not yet registered, submit an IT work order with a request for Duo that includes the following:
- Your mobile phone number
- Type of smart phone - Android, iPhone, Windows phone
- If your cellular phone is not a smart phone (e.g., flip phone), be sure to include this information in the work order. You will not be able to use the Duo Mobile client and will have to receive a phone call from Duo. See "What if I can't use Duo Push" below.
If you have any problems, questions, or concerns, please contact the Help Desk at (409) 984-6150.
Authentication is the process of verifying your identity. A factor is a category, element, or component. There are three basic factors of authentication - Something You Know, Something You Have, and Something You Are.
When you use your username/password to log into your computer or an application, you are verifying your identity (authenticating) using a knowledge factor. Your username/password combination is Something You Know.
To improve security, you can add in a second factor. In the case of Duo Security, it is a possession factor – Something You Have. You authenticate directly through the Duo app on your mobile device or a passcode is sent to your mobile device via text. Either way, you must have that device to log in successfully.
Duo does not use biometrics (Something You Are), but your mobile device might!
Duo Security: Something You KNOW + Something You HAVE
Enrollment instructions for Duo are sent out by email (to your LSCPA account) or text message (to the mobile phone number you provided ITS). Both the email and the text message include:
- A link to download the Duo Mobile app if you have not already done so.
- A link to activate the Duo Mobile app. Install the Duo Mobile app before attempting to activate it.
Tap on the activate link to activate the app. After Duo is activated successfully on your mobile device, you will see a 6-digit number. This simply means that the app is activated. (See Figures 1 and 2.) You will not need this number.
Fig. 1: Activated Duo Mobile App - Android.
Fig. 2: Activated Duo Mobile App - iPhone.
If you need assistance, please contact the Help Desk at (409) 984-6150.
- You are required the Duo App installed on your mobile device in order to use Duo "Push" feature.
- Access the protected application (e.g., Outlook) as you would normally.
- If the application requires Duo, you will be prompted for the second step of your login.
- If you see an option for "Device" above "Choose an authentication message," select the device on which you have installed the Duo App and want to receive the Push notification. (See Figure 4.)
- Select Send Me a Push.
- If your phone is not notifying you of the Push notification:
- Open the Duo app on your phone.
- Go back to the Duo Security Screen (see Figures 3 and 4) and select Send Me a Push.
- Go back to the Duo app on your phone and wait for the Push.
- Select Approve. (See Figure 7.)
- If you have an iOS device and are still having problems, see Troubleshooting Duo Push Notification Issues on iOS devices for more assistance. You can also contact the Help Desk at (409) 984-6150.
Fig. 3: Duo Security Screen shown on a desktop computer.
Fig. 4: Duo Security Screen with multiple device options shown on a desktop computer.
Fig. 5: Mobile notifications you may see from Duo app.
Fig. 6: Approve or Deny options in the notification window.
Fig. 7: Approve or Deny options in the Duo App.
If Duo Push is not available or if you do not have the Duo app on your phone, you can get a passcode via text message or a phone call.
Passcode via Text Message
- If you see an option for "Device" above "Choose an authentication message," select the device on which you want to receive the text.
- Select Enter a Passcode.
- Select Text me new codes.
- Check your text messages for the passcode.
- Enter it in the space provided and select Log In.
Fig. 8: Duo Security Screen showing Text Message option.
Phone Call
Your office phone (as shown in Banner) is registered with Duo. If you need to register another number (e.g., cell/mobile), contact IT Services.
- If you see an option for "Device" above "Choose an authentication method," select the device on which you want to receive the call. (See Figure 9.)
- Select Call Me
- Your phone will ring. When you answer, you will hear an automated message with instructions.
- The message will identify the call as coming from Duo.
Fig. 9: Duo Security Screen showing Call Me option.
- After you first register, Duo will be triggered the next time you log into a Duo-protected application.
- Duo logins on desktop applications and mobile apps:
- If you login on different devices (e.g., multiple desktop computers, mobile devices, etc.), each device will require it's own Duo login.
- Re-authentication with Duo is determined by each application, but you will generally have 90 days before you have to login with Duo again.
- Duo logins on applications accessed via web browser:
- You will be required to use Duo daily the first time you use a particular browser to login.
- If you login using different browsers on the same device, each browser may require its own Duo login .
- If you close your browser, you may be prompted for another Duo login the next time you use that browser to access a protected application.
- To reduce the number of times that you have to log in with Duo per day, after you first login with your LSCPA credentials, select Yes when asked to stay signed in.
- If you change your password, you will need to login with Duo again.
