DUO: Frequently Asked Questions
In recent years, the University of New Haven has experienced a substantial increase in compromised NetIDs. The primary problem is email phishing, which has become increasingly common. Scammers are sophisticated at gaining access to passwords, which allow them access to our systems and data. DUO Everywhere (Multifactor authentication) adds a second layer of protection to your accounts both on-campus and off-campus for Microsoft Office 365 applications and CAS logins.
DUO Everywhere uses MFA to verify identity using a second factor (your smartphone) thereby preventing anyone but the user from logging in and adding security to your account.
Why does the University of New Haven need this?
DUO Everywhere is a key component of the University of New Haven’s multi-year cyber security strengthening efforts. DUO Everywhere will reduce the impact of phishing and other attempts to gain inappropriate access.
How does DUO Everywhere work?
Once you opt-in using the self-enrollment tool you will be ready to go: You will login as usual with your username and password, and then “send a push” to your registered device to verify identity.
How do I register a new device?
- For step by step instructions see: DUO Everywhere: Enrolling and managing devices.
I don’t have a mobile phone, what should I use?
- You can request a hardware token. DUO lets a user link multiple devices to an account. University of New Haven ITS recommends everyone have at least two options set up for multi-factor authentication. If you are not local to the area and cannot pick up a hardware token, you can request an exemption here.
How do I manage my devices?
- Follow these steps to manage devices:
How do I reactivate my device?
- If your phone number hasn’t changed, see: Multifactor Authentication: Register a new phone with the same number for MFA
What should I do before enrolling?
Be sure to close all Office 365 applications prior to enrolling. The opt-in tool will walk you through the enrollment process and DUO setup and will provide detailed information on what to expect.
How will my experience change?
I already have DUO MFA using DUO mobile off-campus. What’s the same and what’s different about DUO Everywhere?
- Many things about your DUO experience will remain the same when you opt into DUO Everywhere. You will be able to use the same authentication method that you use now (smartphone or hardware token.) If you currently use the DUO mobile app on your smartphone, you will use the same app.
- DUO Everywhere provides increased protection for your University of New Haven online credentials, because it works both on-campus and off-campus, and for both CAS and MS Office 365 logins. This is designed to protect email accounts from use after they have been compromised.
- The difference in experience is that you will be prompted to DUO authenticate when you are on-campus or off-campus for any MS Outlook, MS Office 365 or CAS login on any device. You will need to have a DUO registered device with you at all times when you are working. Registering a primary and backup device is recommended.
Does DUO Everywhere replace DUO mobile?
- If you already have the DUO mobile app on your smartphone, there is no need to upgrade or install a new app to opt in and use DUO Everywhere.
Why do I get more than one DUO prompt?
- DUO ‘remembers’ your authentication confirmation for the particular application (CAS or MS Office 365) and client/browser running on the particular device when you complete a DUO authentication. If you use a different application on the same device, or the same application on a different device, DUO needs to prompt you again to confirm it is you. You will have the option to ‘remember me for 30 days’ for each unique authentication session.
Remember me for 30 days.
Examples of unique authentication sessions and what to expect from the 14-day checkbox:
- You log into Outlook on Firefox on your PC, and check the 14-day checkbox when authenticating. You will need to re-authenticate in 14 days for any MS Office 365 applications using Firefox.
- You log into myCharger through CAS in Internet Explorer on your computer and check the 14-day checkbox when authenticating. You will need to re-authenticate in 14 days for any CAS login using Internet Explorer on your computer.
- You log into Outlook on your smart phone, and check the 14-day checkbox when authenticating. You will need to re-authenticate in 14 days to access Outlook on your smart phone.
I don’t see the option to remember me for 14 days in my DUO prompt.
- To enable remember me for 14 days, see: DUO Everywhere: Reduce your MFA-DUO Authentication Requests
Why do I keep getting prompted to enter my credentials in the desktop version of Outlook or other Microsoft Office products on my Mac?
- This is an issue with the Mac keychain, please see: DUO Everywhere (MFA-DUO): How to clear the login keychain for Outlook on MacOS to resolve the issue.
I keep getting prompted for DUO in my web browser, even after checking the option to remember me for 14 days. What is wrong?
- In private browsers you will be prompted repeatedly.