Using Duo Two-Factor to Log In

This document provides instructions for using two-factor authentication (2FA) when logging in. You have multiple options available to you:

ATTENTION MICHIGAN MEDICINE!See Duo Two-Factor Security (Michigan Medicine) for instructions specifically for the Michigan Medicine community.

Before You Begin

  • Before you can use two-factor authentication when logging in, you must
  • The steps you will follow when logging in with two-factor authentication vary depending on whether you use a mobile device, phone number, passcode, or hardware token.
  • If you chose to have Duo automatically send you a push or call you, you will not have to complete the first step in the following examples.
  • This document covers the standard Duo Web interface and the prompts for Secure Shell (SSH) clients and Remote Desktop Protocol (RDP). The login interface for some systems may be different. In this case, ask the administrator of the system for specific instructions.
  • If you are logging in to a two-factor-protected system on the web via the Weblogin page, you will first enter your uniqname and UMICH (Level-1) password and click Log In. Then you will see the Duo two-factor authentication screen. Other two-factor protected systems may present the two-factor authentication screen differently.

Push Notification—Duo Mobile App

  1. Click Send Me a Push.

    Choose an authentication method page

  2. Duo immediately sends a notification to your mobile device. Depending on how you have set notifications up on your device, you may need to open the notification.
  3. On your device, tap Approve to approve the login.

    mobile push notification

    Important! If you receive a push notification that you did not initiate, tap Deny, then tap the option to report fraud.

Phone Call—Call Me

  1. Click Call Me.

    Choose an authentication method page

  2. Duo will immediately phone the number you enrolled. Answer the call on your phone, and press 1 to approve the login.

    Important! If you receive a Duo authentication phone call that you did not initiate, press 9 to report fraud.

Enter a Passcode

  1. Click Enter a Passcode.

    Choose an authentication method page

  2. You can get a passcode to enter in multiple ways. Instructions for each option are below.
    • Generate a passcode with the Duo Mobile app
    • Get passcodes via text message
    • Duo hardware token passcode
    • Emergency bypass code

Generate a Passcode with the Duo Mobile App

You don't need WiFi or cellular connectivity to generate a passcode with the Duo Mobile app. This works even if your device is in Airplane mode.

  1. Open the Duo Mobile app on your device.
  2. In the app, tap the key icon.
  3. A six-digit passcode displays in the app.
  4. To log in on your computer, click the Enter a Passcode button, then enter the passcode in the passcode field, and click Log In.

    Choose an authentication method page - enter a passcode

 

Get Passcodes Via Text Message

  1. Click Text me new codes at the bottom of the window.

    Choose an authentication method page - text me new codes button

  2. Duo will immediately send a text message with 10 passcodes to the device you enrolled.
  3. To log in on your computer, enter the first six-digit passcode in the authentication window on your computer, and click Log In. Use the remaining passcodes in order as needed until they expire.

    Note: Each passcode can be used only once. Passcodes expire after 12 hours.

Example of Text Message With Passcodes

text message with passcodes

 

Duo Hardware Token Passcode

It does not matter which device is selected on the Duo authentication screen. You can enter a passcode from your hardware token at any time.

  1. Click the Enter a Passcode or Enter a Bypass Code button.
  2. Tap the green button on your Duo hardware token to display a six-digit passcode.
  3. To log in on your computer, enter the passcode in the passcode field, and click Log In.

    hardware token

 

Emergency Bypass Code

In an emergency when you don't have any of your Duo options available to you, you can phone the ITS Service Center for an emergency bypass code.

  1. Phone the Service Center at 734-764-HELP (764-4357).
  2. Ask for a Duo two-factor emergency bypass code and say how long you need it for. The Service Center can give you a bypass code that is good for up to four days. Extended-use bypass codes require security approval, which the Service Center can request for you if needed.
  3. You will be asked to verify your identity by providing information such as your date of birth.
  4. To log in on your computer, click the Enter a Passcode button, enter the passcode in the passcode field, and click Log In.

Secure Shell (SSH) Clients

When logging in with an SSH client (for example, PuTTY), the prompt field for Duo two-factor authentication is completed as follows. Depending on the SSH client, these instructions may not be displayed above the prompt field.

If you have a primary and backup device enrolled in Duo, enter a passcode or enter one of the following numbers:

  1. Duo Push to primary device
  2. Phone call to primary device
  3. Phone call to backup device
  4. SMS passcode to primary device

If you have only one device enrolled in Duo, enter a passcode or enter one of the following numbers:

  1. Duo Push to primary device
  2. Phone call to primary device
  3. SMS passcode to primary device

Remote Desktop Protocol (RDP)

  1. If Duo automatically sends you a Duo Mobile Push notification or a phone call, approve the Duo Push or phone call.
  2. To switch to a different authentication method (e.g., backup phone), click Cancel.

    RDP automatic push dialog box

  3. Enter a Duo passcode or the name of an authentication option you want to use:
    • push for a Duo Push to primary device
    • phone for call to primary device
    • sms to text passcodes to primary device
    • push2 for a Duo Push to backup device
    • phone2 for call to backup device
    • sms2 to text passcodes to backup device
  4. Click OK.

    RDP prompt for authentication method

  5. Approve the authentication prompt.
Last Updated: 
Thursday, February 16, 2017