Frequently Asked Questions about Duo 2-Factor Authentication


Notice:  
Duo Security has announced that the existing 2FA interface is reaching end-of-life 1Q24 and as a result all applications that use the existing interface will be updated.  This won't happen all at once, so until 2Q24 users may still see the existing interface. 

Traditional Duo login



Duo UP





Introduction

2-factor enrollment is required to log into many Virginia Tech Web-based systems. To use these Web sites and services that use the Login service, you are required to authenticate with a second factor.

Top of the page

Contents

Related Links

How Do I Login without My Phone or Any 2-Factor Device if It Is Lost, Forgotten, Broken or Unavailable?

If you temporarily misplaced, left, forget it at home, broke, or otherwise can't use or access your 2-factor device to authenticate:

  1. If you have an additional device enrolled, use that device to authenticate.
  2. Otherwise, you must *call* 4Help at 540-231-4357 to get a bypass code. Bypass codes are *not* given online or by email.

Top of the page

How Can I Login without Internet, Network, or Cellular Service Connectivity? (International / Overseas)

****When outside of the continental United States, 4Help highly recommends Authenticating with a Passcode from Duo App or Virginia Tech Web site or a previously enrolled D-100 or YubiKey token.****

Authenticating via voice call or SMS text message when outside of the continental United States *may not work* because Duo rate charges exceed Virginia Tech's limit of 20. It is very important to note the credit rate for the location where you will be authenticating. As seen on Duo's Rate Card page, Duo will not send a voice call or SMS text message if a single phone call or SMS text message uses more than 20 credits. For additional information and rates that apply to your location, see Duo's Rate Card page.

Some locations will be blocked due to government regulations that are subject to change without notice per https://help.duo.com/s/article/7544?language=en_US.

(If you do not have access to any method of authenticating with a second factor, follow the instructions at Lost, Forgot, Broke, or Unavailable 2-Factor Device.)

In case you need to authenticate without Internet or cellular service in the future, 4Help advises doing at least one of the following when you are on campus:

Top of the page

What Do I Do about Duo Mobile App Errors, Problems, Connection Issues, or Duo Push Not Received?

Occasionally you may experience connectivity issues such as not receiving Duo Push notifications or timeout errors. This problem is often resolved by refreshing the Duo Mobile app. To do that:

  1. If you recently disabled or turned off your device's airplane mode, wait five minutes after turning off airplane mode.
  2. On your device, start the Duo Mobile app.
  3. Between the Virginia Tech logo and the key, tap and pull down on the window, and then release.
  4. The app will be refreshed.

Top of the page

What Do I Do when the Duo Window Frame in the Browser Doesn't Load or Is Blank?

Go to the Duo Security Status Web page, and look for any interruption of service.  If that Web page does not list any issues, then one of these conditions may be causing the problem:

If you have difficulty correcting these issues, contact 4Help by clicking Get Help at the top of this page or at http://4help.vt.edu.

Top of the page

How Do I Get and Print Backup Codes from the Virginia Tech Web Site?

  1. If you cannot authenticate with any second factor, follow the instructions at Lost, Forgot, Broke, or Unavailable 2-Factor Device instead of these instructions.
  2. Log on to the Virginia Tech accounts site through OneCampus.
    1. Go to http://onecampus.vt.edu.
    2. If the page appears dark with text overlaid, click the page to dismiss the overlaid text.
    3. If any OneCampus announcements pop-up, after reading the text, click the appropriate button to dismiss the pop-up.
    4. Near the top-right corner of the page, click Sign In.
    5. From the drop-down that appears, click Sign In.
    6. Type your credentials.
      1. In the Username text box, type your VT Username (PID), which is the first part of your @vt.edu email address.
      2. In the Password text box, type your VT Username (PID) passphrase.
      3. Click Login.
      4. Follow the on-screen instructions to complete authentication with your second factor.
    7. To the right of the OneCampus logo, in the What would you like to do? search box, type: account.
    8. On the keyboard, press Enter or Return.
    9. Click Manage Accounts.
  3.  Near the bottom of the page, in the 2-Factor Account section, click Generate passcodes.
  4. To confirm that you understand the warning displayed, click Yes, generate.
  5. On the Web page, click Print.
  6. Your printer settings will appear. Select the printer you want to use, and then click OK.
  7. Store the printed paper in a secure location, and use a pencil or pen to mark when you use each code. Each code can only be used once.
  8. Any Duo passcodes you previously printed from this Virginia Tech Web site will no longer work.

Top of the page

How do I Enable or Disable Duo Push to Automatically Push a Notification to My Phone?

  1. When you turn on this auto-send feature, the "Remember Me for 7 days" feature cannot be turned on. In other words, you cannot use both auto-send and "Remember Me for 7 days" at the same time.
  2. In your browser, open a new Chrome incognito / Edge inPrivate / Firefox private window.
  3. Start logging on to OneCampus.
    1.  Go to the OneCampus page.
    2. If the page appears dark with text overlaid, click anywhere on the page to dismiss the overlaid text.
    3. If any OneCampus announcements appear, after reading the text, click the appropriate button to dismiss the announcement window.
    4. Near the top-right corner of the page, below the maroon banner, in the black bar, click Sign In.
    5. From the drop-down that appears, click Sign In.
    6. Type your credentials.
      1. In the Username text box, type your VT Username (PID), which is the first part of your @vt.edu email address.
      2. In the Password text box, type your VT Username (PID) passphrase.
      3. Click Login.
    7. If you have not yet registered for 2-factor, click Enroll.
    8. If you receive an automatic call or push notification, in the browser, click Cancel.
      (Do *not* complete authentication with your second factor, yet.)
  4. In the Duo frame, under the Virginia Tech logo, click My Settings & Devices.
  5. Complete the authentication with your second factor to access My Settings & Devices.
  6. Use the When I log in: drop-down.
    • To turn on auto-send:
      1.  At the bottom of the Duo frame, from the Default Device: drop-down, click the device that you want to automatically be used each time you sign into a service that requires 2-factor.
      2. From the When I log in: drop-down, click either Automatically send this device a Duo Push or Automatically call this device.
      3. Click Save.
    • To turn off auto-send:
      1.  At the bottom of the Duo frame, from the Default Device: drop-down, click the device that is being used automatically.
      2. From the When I log in: drop-down, click Ask me to choose an authentication method.
      3. Click Save.

How Can I Temporarily Skip 2-Factor Authentication by Using the "Remember me for 7 days" Check Box?

On the screen where you are prompted to choose an authentication device, if you place a check in Remember me for 7 days and then successfully authenticate with your second factor, you will not be prompted for your second factor again within seven days *when on this computer, and using this browser*. This will remain in effect for 7 days, even if you use "CAS Logout". You will still be prompted for your VT Username and passphrase when logging on, but not for your second factor

  1. In your browser, open a new Chrome incognito / Edge inPrivate / Firefox private window.
  2. Start logging on to OneCampus.
    1.  Go to the OneCampus page.
    2. If the page appears dark with text overlaid, click anywhere on the page to dismiss the overlaid text.
    3. If any OneCampus announcements appear, after reading the text, click the appropriate button to dismiss the announcement window.
    4. Near the top-right corner of the page, below the maroon banner, in the black bar, click Sign In.
    5. From the drop-down that appears, click Sign In.
    6. Type your credentials.
      1. In the Username text box, type your VT Username (PID), which is the first part of your @vt.edu email address.
      2. In the Password text box, type your VT Username (PID) passphrase.
      3. Click Login.
    7. If you have not yet registered for 2-factor, click Enroll.
    8. If you receive an automatic call or push notification, in the browser, click Cancel.
      (Do *not* complete authentication with your second factor, yet.)
  3. In the Duo frame, near the bottom, place a check in Remember me for 7 days.
  4. Complete the authentication with your second factor.

Top of the page

What Do I Do When I Can't Add a New Device, Can't Access Manage My Settings and Devices, 2-Factor Is Automatically Skipped, or "Remember me for 7 days" Is Greyed Out?

If you have any of the following enabled:

You will bypass and skip all of the 2-factor pages and prompts.

To get to "Add a new device" or "My Settings and Devices" or to enable or disable "Remember me for 7 days":

  1. In your browser, open a new Chrome incognito / Edge inPrivate / Firefox private window.
  2. Start logging on to OneCampus.
    1. Go to http://onecampus.vt.edu.
    2. If the page appears dark with text overlaid, click the page to dismiss the overlaid text.
    3. If any OneCampus announcements pop-up, after reading the text, click the appropriate button to dismiss the pop-up.
    4. Near the top-right corner of the page, click Sign In.
    5. From the drop-down that appears, click Sign In.
    6. Type your credentials.
      1. In the Username text box, type your VT Username (PID), which is the first part of your @vt.edu email address.
      2. In the Password text box, type your VT Username (PID) passphrase.
      3. Click Login.
  3.  If you receive an automatic call or push notification, in the browser, click Cancel. Do not complete authentication with your second factor, yet.
  4. In the Duo frame, under the Virginia Tech logo, click the link you want.
  5. Complete the authentication with your second factor to access the settings that you selected.

Top of the page

What Are the Supported Smartphone Operating Systems?

The currently supported smartphone operating system versions for Duo Mobile can be found on the following pages:

Support for older operating systems and devices, such as those below, will be discontinued:

Top of the page

How Do I Rename a YubiKey, D-100, or Software Token?

The Duo system does not allow you to change the name of or rename any token; each token will be assigned a unique set of characters.

Top of the page

How Do I Reactivate the Duo Mobile App?

  1. In your browser, open a new Chrome incognito / Edge inPrivate / Firefox private window.
  2. Start logging on to OneCampus.
    1.  Go to the OneCampus page.
    2. If the page appears dark with text overlaid, click anywhere on the page to dismiss the overlaid text.
    3. If any OneCampus announcements appear, after reading the text, click the appropriate button to dismiss the announcement window.
    4. Near the top-right corner of the page, below the maroon banner, in the black bar, click Sign In.
    5. From the drop-down that appears, click Sign In.
    6. Type your credentials.
      1. In the Username text box, type your VT Username (PID), which is the first part of your @vt.edu email address.
      2. In the Password text box, type your VT Username (PID) passphrase.
      3. Click Login.
    7. If you have not yet registered for 2-factor, click Enroll.
    8. If you receive an automatic call or push notification, in the browser, click Cancel.
      (Do *not* complete authentication with your second factor, yet.)
  3. In the Duo frame, under the Virginia Tech logo, click My Settings & Devices.
  4. Complete the authentication with your second factor to access My Settings & Devices.
  5. Follow the instructions in the Manage Existing Devices section *and* in the Reactivate Duo Mobile section on the Managing Your Devices page.

Top of the page

How Do I Remove or Delete an Authentication Device from My Duo Account?

  1. In your browser, open a new Chrome incognito / Edge inPrivate / Firefox private window.
  2. Start logging on to OneCampus.
    1.  Go to the OneCampus page.
    2. If the page appears dark with text overlaid, click anywhere on the page to dismiss the overlaid text.
    3. If any OneCampus announcements appear, after reading the text, click the appropriate button to dismiss the announcement window.
    4. Near the top-right corner of the page, below the maroon banner, in the black bar, click Sign In.
    5. From the drop-down that appears, click Sign In.
    6. Type your credentials.
      1. In the Username text box, type your VT Username (PID), which is the first part of your @vt.edu email address.
      2. In the Password text box, type your VT Username (PID) passphrase.
      3. Click Login.
    7. If you have not yet registered for 2-factor, click Enroll.
    8. If you receive an automatic call or push notification, in the browser, click Cancel.
      (Do not complete authentication with your second factor, yet.)
  3. In the Duo frame, under the Virginia Tech logo, click My Settings & Devices.
  4. Complete the authentication with your second factor to access My Settings & Devices.
  5. Follow the instructions in the Remove Device section on the Managing Your Devices page.

Top of the page

How Do I Set or Change the Default Duo Authentication Device?

  1. In your browser, open a new Chrome incognito / Edge inPrivate / Firefox private window.
  2. Start logging on to OneCampus.
    1.  Go to the OneCampus page.
    2. If the page appears dark with text overlaid, click anywhere on the page to dismiss the overlaid text.
    3. If any OneCampus announcements appear, after reading the text, click the appropriate button to dismiss the announcement window.
    4. Near the top-right corner of the page, below the maroon banner, in the black bar, click Sign In.
    5. From the drop-down that appears, click Sign In.
    6. Type your credentials.
      1. In the Username text box, type your VT Username (PID), which is the first part of your @vt.edu email address.
      2. In the Password text box, type your VT Username (PID) passphrase.
      3. Click Login.
    7. If you have not yet registered for 2-factor, click Enroll.
    8. If you receive an automatic call or push notification, in the browser, click Cancel.
      (Do not complete authentication with your second factor, yet.)
  3. In the Duo frame, under the Virginia Tech logo, click My Settings & Devices.
  4. Complete the authentication with your second factor to access My Settings & Devices.
  5. Follow the instructions in the Default Authentication Options section on the Managing Your Devices page.

Top of the page

Why Does "Remember Me for 7 Days" Not Work, and Not Keep Me Logged in?

The "Remember me" functionality requires persistent cookies in your browser.  If your browser is not remembering that you checked the "Remember me for 7 days" box, then check the cookie settings of your browser. To find information on the cookie settings of your browser, click the following link to search Google: browser cookie settings.

Chrome's "incognito" setting, Firefox's "private window", and Internet Explorer's/Edge's "InPrivate" settings will cause the "Remember me for 7 days" feature to not work.

How Can I Use "Remember Me for 7 Days" while Blocking Cookies?

If you set your browser to block all cookies, the 'Remember me for 7 days' feature will not work. To fix this, allow "duosecurity.com" as an trusted exception. To do this:

Top of the page

Can I Use 2-Factor without a Mobile Device?

2-factor can be used with landlines and hardware tokens. Employees who have university landlines should enroll their landlines by following the instructions at Enrolling a Landline.

Although mobile phones, tablets and landlines are the preferred options, hardware fobs and tokens that use the OATH (HOTP or TOTP) and YubiKey AES protocols are supported.

Top of the page

What if I Don't Want the Duo App on My Phone?

You can use your phone as your second factor without using the Duo App. To do this:

Top of the page

What if I Got a New Phone with the Same Phone Number?

Top of the page

How Do I Set a Token as My Default Authentication Device?

Duo does not provide the option to set a YubiKey, D-100, or other token as the default authentication method, because those devices are not capable of receiving an automatic prompt.

Only devices that can receive a notification (such as a smartphone with the Duo app or any type of telephone that can receive a voice call) can be your default authentication method.

However, you can authenticate with a YubiKey, D-100, or other token any time you are prompted for a second factor: click Enter a Passcode and then complete authentication with your token. If a push notification or automatic phone call has been sent, you can ignore that and authenticate with your token instead. The token does not need to be selected in the Device drop-down list in order for token authentication to work.

Top of the page

How Do I Enroll a Device without a Computer or When I Can't Scan the QR Code?

To activate Duo Mobile when you cannot get the barcode to scan, or when you only have access to a single screen or device:

  1. Start enrolling a smartphone by following the instructions at Enrolling a Smartphone, Tablet, or Mobile Device by Installing the Duo Mobile App.
  2. When you get to the QR code screen, depending on the type of device:
    • Smart phone:
      1. On the Activate Duo Mobile screen, tap Having Problems? We'll send you an activation link instead. (You may have to scroll down to see this link.)
      2. In the text box, type an email address that you can access with your mobile device.
      3. Tap Send email. You may need to scroll down to see all the instructions.
      4. You will receive an email from no-reply@duosecurity.com. Open that email on the device you want to activate.
      5. In the email, tap the activation link.
      6. If you see a message that says "Visit this link on your phone to add your account to Duo Mobile:", either your selection of platform was incorrect, or you have opened the email on the wrong device. To fix this, follow the instructions at this section from the beginning.
      7. If you see a Complete the action message:
        1. Tap Duo.
        2. Tap Always.
      8. You will see Account Added Successfully. Virginia Tech will appear in your Duo Mobile app. Tap Continue.
      9. Within the Duo window, you will see Device successfully enrolled. Under Enrolled Devices (PID), your device will be listed. You may need to scroll down to see the entire list.
      10. Tap Done. You will see the normal Duo login prompt.
    • Tablet:
      1. Select the radio button corresponding to the OS of your device.
      2. Tap Continue.
      3. On the Activate Duo Mobile screen, tap Having Problems? We'll send you an activation link instead.
      4. In the text box, type an email address that you can access with your device.
      5. Tap Send email. You may need to scroll down to see all the buttons.
      6. You will receive an email from no-reply@duosecurity.com. Open that email on the device you want to activate.
      7. In the email, tap the activation link.
      8. If you see a message that says "Visit this link on your phone to add your account to Duo Mobile:", either your selection of platform was incorrect, or you have opened the email on the wrong device. To fix this, follow the instructions in this section from the beginning.
      9. If you see a Complete the action message:
        1. Tap Duo.
        2. Tap Always.
      10. You will see Account Added Successfully. Virginia Tech will appear in your Duo Mobile app. Tap Continue.
      11. Within the Duo window, you will see Device successfully enrolled. Under Enrolled Devices, your device will be listed. You may need to scroll down to see the entire list.
      12. Tap Done. You will see the normal Duo login prompt.

Top of the page

How Can I Log in if the Account Was Accidentally Deleted or Removed from the Duo App?

Top of the page

What Do I Do after I Accidentally Deleted or Removed My Second Factor Device?

Top of the page

Why Does 2-Factor Authentication Fail or Not Work with the Nuance Dragon 13 Web Browser Extension?

There are two separate solutions for both Firefox and Chrome: disable the extension, or use an incognito / private window. Each method is listed separately below.

Method 1 Google Chrome: Disable the Nuance Dragon 13 Web Extension

  1. Remove the Dragon Web Extension. by following the instructions at Install and manage extensions, under the Manage your extensions heading.
  2. Browse to the service again, and try logging in.

Method 2 Google Chrome: Use an Incognito Window

  1. Start a Chrome incognito window.
  2. Within the incognito window, browse to the service again, and try logging in.

Method 1 Firefox: Disable the Nuance Dragon 13 Web Extension

  1. In Firefox, disable the Dragon Web Extension. by following the instructions at Disable or remove Add-ons.
  2. Browse to the service again, and try logging in.

Method 2 Firefox: Use a New Private Window

  1. Start a Firefox private window.
  2. Within the Private window, browse to the service again, and try logging in.

Top of the page

Why Do I Get the D-100 Incorrect Passcode or Token Out of Sync Error Message?

Tokens can become out of sync if 20 different codes are displayed without using one of the codes to authenticate to Duo.

To fix this:

Top of the page

Why Am I Locked out of HokieServ or Web-CAT? Why Did I Get an Automatic Push when Trying to Log in to HokieServ or Web-CAT?

When you log on to either HokieServ or Web-CAT, after submitting your VT Username (PID) and passphrase, Duo will either auto-push or auto-call your default device. If you have not set a default device, Duo will either auto-push or auto-call the first device you enrolled with Duo.

To complete authentication, respond to the auto-push or auto-call by following the instructions at Authenticating using Duo 2-Factor Authentication.

When attempting to log on to either HokieServ or Web-CAT, your Duo account may become locked if:

If you are locked out of your Duo account and thus unable to complete second factor authentication, you must *call* 4Help at 540-231-4357 to have an operator assist you in enrolling another device after verbally verifying your identity.

Top of the page

Search words: two-factor, two step, multi-factor, 2FA, sign in

Top of the page