Duo MFA
What is Duo Multifactor Authentication (MFA)
Mulitfactor authentication improves security using something you know and something you have to login. Cal Maritime protects sensitive data using Duo multifactor authentication. Employees who access sensitive data to perform work use Duo authentication to provide a second credential before access is granted.
How does Duo MFA work?
Duo MFA enrollment takes place the first time you login to a service that requires
it. When you enroll you decide if you want to use the Duo app or receive a phone call
to authenticate. The Duo app will send an alert to your phone that you can approve
or decline. Phone calls take a few moments to receive, and require answering the phone
and pressing a key to approve or decline. It is recommended (but not required) to
setup a backup Duo authentication method in case you forget your device or are away
from your phone.
How to enroll in Duo
Step 1: When prompted by a Duo protected application, follow the prompts.
Step 2: Click Start setup. You will need to have access to mobile device or phone to complete setup.
Step 3: Select the type of device you would link to enroll and click Continue. Using a smartphone is recommended for the best experience but you also have the option of adding a tablet, landline, or token.
Step 4: Select your country and enter mobile phone number that will be used when logging in to a Duo-protect service and click Continue.
Step 5: Choose the device’s operating system and click Continue.
Step 6: Install Duo Mobile on your smartphone or tablet. Once installed, click I have Duo Mobile installed.
Step 7: Open the Duo Mobile app on your device and scan the barcode with built-in barcode scanner.
Step 8: Click Continue which will become active once you’ve successfully scanned the barcode.
Step 9: Select whether you want to ‘automatically call this device’, ‘automatically send this device a Duo Push’ (recommended) or to prompt you each time by selecting ‘Ask me to choose an authentication method’. It is recommended you enroll 2 devices but is not required. Click on +Add another device to add alternative authentication method and repeat enrollment steps.
Step 10: Click Continue to Login
Step 11: Congratulations! Your device is now registered to approve Duo authentication requests. Click on the method you would like to authenticate.
- Tap on Approve on your mobile device or
- Answer call and dial ‘ 1 ‘on your phone
Frequently Asked Questions
Do I need a smartphone or data plan to use two-factor authentication?
No. Having a smartphone makes for an easier and more secure experience with Duo Push. However, if your organization permits it, it is also possible to enroll a non-smartphone mobile device or landline to receive SMS passcodes or phone calls.
What is Duo Mobile?
Duo Mobile is a mobile application (app) that you install on your smartphone or tablet to generate passcodes for login or receive push notifications for easy, one-tap authentication on your mobile device. It works with Duo Security’s two-factor authentication (2FA) service to make your logins more secure.
What is the recommended two-factor authentication method?
If you have a smartphone or or tablet, we recommend Duo Push, as it is quick, easy-to-use, and secure. See an introduction to Duo Security and a demonstration of Duo Push in this short video: https://www.youtube.com/watch?v=_T_sJXnSM98
How much data does a Duo Push request use?
Duo Push authentication requests require a minimal amount of data -- less than 2KB per authentication. For example, you would only consume 1 megabyte (MB) of data if you were to authenticate 500 times in a given month.
Why have I stopped receiving push notifications from Duo Mobile?
There are several reasons this could be happening. Please try the following to troubleshoot:
- Make sure your enrolled device has a cellular network or WiFi connection.
- Have the Duo Mobile app open when you authenticate.
- Try these additional push troubleshooting steps:
- iPhone: https://help.duo.com/s/article/2051
- Android: https://help.duo.com/s/article/2050
- If the above solutions don’t work, try using another authentication method, such as passcodes provided in the Duo Mobile app.
How can I authenticate if I’m somewhere with no cell signal or WiFi access?
See this Duo Knowledge Base article for information on authenticating without cell or internet service: https://help.duo.com/s/article/4449
How can I manage the devices I use for Duo?
If you have access to the “My Settings & Devices” link (the self-service portal) at the Duo Prompt and are currently able to authenticate with a device, you may:
- Add additional devices
- Designate your “default” device that receives authentication requests in addition to your preferred authentication method (available in the Traditional Prompt)
- Deactivate Duo Mobile if you got a new phone but kept your number
- Change the name of your device (ex. “Personal Cell” or “Work Phone”)
- Remove a device
Learn more about managing your devices here: https://guide.duo.com/manage-devices
What should I do if I lost my phone?
Please contact your IT help desk immediately.
Can Duo see my password?
No. Your password is only verified by your organization and never sent to Duo. Duo provides only the second factor, using your enrolled device to verify it’s actually you who is logging in.
Does using Duo give up control of my smartphone?
No. The Duo Mobile app has no access to change settings or remotely wipe your phone. The visibility Duo Mobile requires is to verify the security of your device, such as OS version, device encryption status, screen lock, etc. We use this to help recommend security improvements to your device. You always are in control of whether or not you take action on these recommendations.
Glossary
2FA (two-factor authentication): an additional layer of authentication beyond a username and password. 2FA involves something you know (password) plus something you have with you (like Duo Mobile on your smartphone) to prevent someone from logging in with only your password. With Duo 2FA, you still enter your username and password. The second factor provided by Duo is simply an added layer of security on top of your existing credentials. We recommend using Duo Push via the Duo Mobile app to perform 2FA.
Duo Prompt: this interactive prompt lets you choose how to verify your identity each time you log in (e.g. “Duo Push” or “Call Me”) to a web-based application. The Duo Prompt allows you to enroll and authenticate.
Passcode: these are numeric codes that can be generated either via the Duo Mobile app, SMS (text message), or a hardware token, depending on what your IT administrator permits. Passcodes may be used at any time and are particularly handy for authenticating when your 2FA device doesn't have internet or cellular service.
Push Notification (Duo Push): a push authentication request that is sent to the Duo Mobile app on an enrolled device. Push notifications include information like the geographical location of the access device, IP address of the access device, and the application being accessed so you can verify whether the push is real or fraudulent.
Self-service portal: if the self-service portal has been enabled for use in the Duo Prompt, you can click “Manage devices” (Universal Prompt) or “My Settings & Devices” (Traditional Prompt) to add additional devices or update authentication method settings right from the Duo Prompt.
For more information
- End-User Guide - Learn about enrollment, authentication prompts, adding devices, and more.
- InfoSec Glossary - Learn common infosec terminology and clarify acronyms and other jargon.
- Blog Articles - Learn more about how Duo works and what we're doing to secure your essential workflows.