Information Technology Services (ITS)

Duo - Multifactor Authentication


Q. What is Multifactor Authentication? 
A. It is the use of two independent means of evidence (factors) to assert the identity of a user requesting access to some application or service to the organization that provides the application or service. The objective of multifactor authentication is to decrease the probability that the requestor is not who he/she claims to be (i.e., providing false evidence of his/her identity.) Multifactor authentication is achieved by a combination of any two aspects below:

  • Something you know - your password
  • Something you have - your smartphone


Q. What are the business reasons to consider Multifactor Authentication? 
A. Privacy, and the threat of identity theft, is increasingly a concern as more of personal information finds its way to online applications. In addition, passwords alone can frequently be easily guessed or compromised through phishing or hacking, consequently, no longer providing adequate protection for mission-critical information system and applications containing confidential or sensitive data. Some specific concerns:

  • Password proliferation has increased the time and effort spent on user support because of forgotten passwords and the need to reset them.
  • The increased use of single sign on increases the value of passwords and the number of ways by which those passwords can be potentially attacked.
  • Passwords are all-too-often cached in applications (e.g., email clients or web browsers), stored off site (e.g. POP/IMAP consolidation of email from multiple accounts), and reused for multiple services, some highly sensitive.

Compliance is also driving adoption of multifactor authentication in other areas - two examples:

  • The Federal Information Security Management Act (FISMA) applies to grantees (e.g., institutions of higher education) when they collect, store, process, transmit or use information on behalf of the United States Department of Health and Human Services (HHS) or any of its component organizations. In other words, Federal security requirements apply and the institution of higher education is responsible for ensuring appropriate security controls (see NIST SP 800-63 Electronic Authentication Guideline).
  • The Health Insurance Portability and Accountability Act (HIPAA), where the most important concern is the confidentiality of patient records and protected health information, does not explicitly require multifactor authentication but clearly makes an appeal to the use of industry best standards.


Q. What is the Duo Multifactor Authentication solution? 
A. Multifactor Authentication is a cloud-based second-factor authentication with no software to install and no server to set up. Duo has patented technology and drop-in integrations to enable IT customers to easily integrate Duo into an existing application login workflow. See Duo Security for more information. The Duo model primarily relies on smartphones to be the device in the user's possession. Most users will like the ease and convenience of using phones to verify their identity.


Q. Who will use the service? 
A. Any Texas A&M University - Kingsville employee, or designated affiliate who needs to have access to a system or service that contains confidential or sensitive data.


Q. When will I need to use the Multifactor Authentication Duo service? 
A. Once a user is enrolled in Duo, the user will need to answer a second-factor credential challenge to authenticate into any information system that has been configured for the Duo authentication service.


Q. Why should a customer/user use the Duo Multifactor Authentication service?
A. With increasing security attacks across higher education institutions, passwords alone are not a sufficient way to protect resources. Multifactor authentication decreases the risk of compromise because a hacker would need to acquire the thing you "have", as well as the thing you "know".


Q. What if I lose my phone? 
A. Contact Helpdesk x4357 immediately if your phone is lost or stolen. Helpdesk will disable your phone for authentication and assist you to getting access through another method via Duo.


Q. When should I use the "Remember me for 60 days" feature?
A. We recommend never using the "Remember me for 60 days" feature on a shared computer. You may use it on computers you are the sole user of as long as you take responsibility for that computer.


Q. Do I need a smartphone to use Duo Multifactor Authentication? 
A. A smartphone is the best choice since it provides the greatest level of security and allows you to use the Duo Mobile App. The app generates passcodes for login and can receive push notifications for easy, one-tap authentication.

Having said that, a smartphone is not required to use the service.


Q. I don't have a smartphone. Will I be able to use Duo Multifactor Authentication on my regular cell phone? 
A. Yes, any cell phone will work, but it will not include the advantages of the app (passcodes, prompts, etc.) and may result in regular cell phone charges in order to call back and authenticate (depending on the user's phone service).


Q. What if I wanted to use a landline at my office instead of my personal phone?
A. You may use a landline instead of a mobile device, yes; however,

  • You need to take into consideration the stationary nature of a landline. Even if you work almost exclusively at your desk in your office where the landline is located, you might on rare occasions need to have access to your TAMUK Duo protected information resource from home or from a remote location (such as an annual conference).


Q. Can I use multiple phones, or am I restricted to one phone? 
You can set up Duo Multifactor Authentication on multiple mobile devices (phones, tablets, etc.).


Q. Can I change to a different phone with a different number after I have the service? 
A. Yes, you can change to a different phone with a different number. You will need to reactivate Duo on the new device, and if it's a different type of device (for example, if you're going from Android to iPhone), then you will need to make sure that you select the new phone type before reactivating.


Q. What does the Duo App access on my phone? 
A. The app requests access to the camera. This is to scan the QR code during the activation process. It does not access your other apps or other data on your phone; it uses some base functionality of the phone and a certificate that identifies your phone to ensure accurate identification.


Q. What do I enter for a mobile phone that's not a smartphone when I'm enrolling for the service? 
A. Whenever you're using a cell phone that's not a smartphone, select "Other" as type.


Q. I'm trying to log into my Multifactor Authentication service on my phone, but it tells me I can't. What should I do? 
A. If this is the first time that you've used the service on this particular phone, then make sure that the enrollment process has been completed and then try again.

If you've used the service on this phone before and cannot login, then make sure that phone is not locked. If it is unlocked, then you may need to restart the mobile device and try again.

Make sure that you're using the correct mobile device. If you're using a new device (even if you have the same phone number), then reactivate Duo Mobile for the new device. (If you're changing types of phone, such as going from an Android to an iPhone, then select the new type of phone before reactivating.)

If the service is still not working, then contact Helpdesk x4357.


Q. Why have I have stopped receiving push notifications on Duo Mobile? 
A. If you have stopped receiving push notifications, then check for network between your phone and internet. It may help to take your phone into and out of airplane mode.  You may have also disabled notification from the Duo Mobile app for your device.  Check your notification settings and re-enable them.  If the problem persists, then request a re-activation of the service from Helpdesk.


If you have any further questions, call us at 361-593-4357.