Authenticating using Duo 2-Factor Authentication


Notice:  Duo Security has announced that the existing 2FA interface is reaching end-of-life 1Q24 and as a result all applications that use the existing interface will be updated.  This won't happen all at once, so until 2Q24 users may still see the existing interface. 

Traditional Duo Login



Duo UP



Introduction

2-factor enrollment is required to log into many Virginia Tech Web-based systems. To use these Web sites and services that use the Login service, you are required to authenticate with a second factor.

Top of the page

Contents

Related Links

Instructions

Authenticating Using an SMS Text Message Passcode

An SMS passcode is a unique 6-digit number that can be sent to your mobile device or cell phone via SMS text message. You can use this SMS passcode as your second factor when authenticating. This can be useful as a backup second factor. In other words, when prompted to authenticate with your second factor, you can enter one of the SMS passcodes you received earlier. When you receive the SMS passcodes, save them in a safe place for later use.

You can request a new SMS text message containing a new set of codes be sent to you at any time. At that time, previous codes sent via SMS text message will expire.

To get 10 passcodes via SMS text message to your enrolled cell phone (flip phone, "dumb" phone) or smartphone:

  1. If you are or will be overseas the following steps may not work. For more information, see Authenticating without Internet, Network, or Cellular Service (International / Overseas).
  2. Start logging on to the service that you want, and when prompted, enter your VT Username (PID) and passphrase.
  3. When prompted to select your second factor, from the drop-down, select a device that can receive SMS text messages.
    (Your Virginia Tech desk phone will not work.)
  4. Click Enter a Passcode.
  5. Near the bottom of the screen, in the blue bar, click Send codes or Text me new codes.
  6. On your phone, when a text message that starts with "SMS passcodes:" arrives, open that text message.
  7. The text message will contain 10 different passcodes that are each 6-digits long.
  8. In the Web browser, in the Enter your passcode text box, type one of the 6-digit passcodes from the text message you received.
    (These codes do not expire until you use them to authenticate. Once you use one of the codes, you cannot use that same code again. You do not have to use the passcodes in the order given, but it may be easier to remember which ones you have used if you do use them in order, because the first digit of each of the 10 passcodes is sequential. For example: 1XXXXX, 2XXXXX, 3XXXXX. When you use the tenth and last passcode, you will automatically receive an SMS text message with an additional ten passcodes.)
  9. Click Log In.
  10. You will now be logged on to and transferred to the service to which you were going.
  11. 4Help recommends you write down all of the passcodes on paper and store the paper in a secure place, so that you can use those codes as a backup second factor if other second factor devices fail or are unavailable.

For more information on using SMS passcodes, see Duo's Using Duo With Any Cell Phone or Landline page.

Top of the page

Authenticating Using a Voice Phone Call (Call Me)

  1. If you are or will be overseas the following steps may not work. For more information, see Authenticating without Internet, Network, or Cellular Service (International / Overseas).
  2. Start logging on to the service that you want, and when prompted, enter your VT Username (PID) and passphrase.
  3. When prompted to select your second factor, from the drop-down, select the device that you want to be called and that you can answer.
  4. Click Call Me.
  5. Duo will call your phone. Your phone will ring. When you answer the phone you will hear a prerecorded message from Duo. When the recorded message prompts you to “Press any key on your phone to log in”, press any number on the keypad of your phone (including * or #, but not including the End Call button) to complete authentication.
    (If 1 minute passes before you press a key, the authentication will fail, and you will see the “Error during call: No keys pressed.” message.)
  6. You will now be logged on to and transferred to the service to which you were going.

Top of the page

Authenticating Using a Duo D-100

  1. Start logging on to the service that you want, and when prompted, enter your VT Username (PID) and passphrase.
  2. Click Enter a Passcode.
  3. On the D-100 device, push the physical button.
  4. A 6-digit passcode will be displayed on the D-100 for a short time.
  5. In your browser window that is still open, type the 6-digit code.
  6. In your browser, click Login.
  7. You will now be logged on to and transferred to the service to which you were going.
  8. If you see an error about invalid passcode, follow the instructions at D-100 Incorrect Passcode Error or Token Out of Sync.

Top of the page

Authenticating with a Passcode from the Duo App or Virginia Tech Web Site

Duo Push requires Internet or cellular connectivity; however, generating a passcode in the Duo Mobile app does not require network or cellular connection.

  1. To complete these instructions, you are required to have previously installed and enrolled the Duo app or previously printed passcodes after logging into VT Account Manager.
  2. If you have not done that and have no available authentication device, follow the instructions at Lost, Forgot, Broke, or Unavailable 2-Factor Device instead of continuing.
  3. Start logging on to the service that you want, and when prompted, enter your VT Username (PID) and passphrase.
  4. When prompted for a second factor, in your browser, click Enter a Passcode.
    • To generate a code in the Duo app:
      1.  On your smartphone, start the Duo Mobile app.
      2. To the right of Virginia Tech, tap the key. This generates a 6-digit passcode that can only be used once.
      3. In the browser, in the text box, type the 6 digits.
      4. Click Login.
      5. You will now be logged on to and transferred to the service to which you were going.
    • To use printed codes from VT Account Manager:
      1. In the browser, in the text box, type one of the 6-digit codes that you have not used from the piece of paper.
      2. If you do not have previously printed codes, and have no available authentication device, follow the instructions at Lost, Forgot, Broke, or Unavailable 2-Factor Device.
      3. Click Login.
      4. You will now be logged on to and transferred to the service to which you were going.

Top of the page

Authenticating with a YubiKey

  1. Insert the YubiKey into a USB slot on your computer. A colored light will come on to indicate that the YubiKey is inserted correctly.
  2. Start logging on to the service that you want, and when prompted, enter your VT Username (PID) and passphrase.
  3. When prompted for a second factor, click Enter a Passcode.
  4. Click to place the cursor in the text box.
  5. Tap your YubiKey.
  6. You will now be logged on to and transferred to the service to which you were going.

Top of the page

Authenticating via LDAP

Since some Virginia Tech Web sites, such as parking.vt.edu for buying and purchasing a parking pass online, are unable to display the interactive Duo prompt, they require a different method of completing authentication with your second factor

On Virginia Tech Web sites that say something about logging on with 2-factor and LDAP, after submitting your VT Username and VT Username passphrase, you may automatically receive a Duo push notification or an automated Duo voice call. If so, complete authentication by responding to the notification or voice call.

When Web sites use this method of authenticating, if no device is specified after the password, Duo will always prefer the first push-enabled device over any other available device.

In the Password text box, type your VT Username passphrase followed by a comma (‘,’), and a keyword representing what you want to use, which is one of: push, phone, or passcode (the actual code). For example if your passphrase is “myPassword” and you want to authenticate with a Duo automated voice call, in the Password text box, type: myPassword,phone and then answer the telephone. Or as another example, to use a passcode, for example “12345”, in the Password text box, type: myPassword,12345.

Detailed Instructions for Authenticating via LDAP

  1. Start logging on to the service that you want, and when prompted, enter your VT Username (PID).
  2. Fill in the password box.
    • To authenticate with a push notification:
      1. In the password text box, type: ABC,push but replace ABC with your passphrase.
        (Note the comma and no spaces.)
      2. Click the appropriate button to submit your credentials.
      3. On your phone, when the push notification appears, accept the Duo push notification.
    • To authenticate with a SMS text message:
      1. In the password text box, type: ABC,sms1 but replace ABC with your passphrase.
        (Note the comma and no spaces.)
      2. Click the appropriate button to submit your credentials.
      3. You will see an error indicating invalid credentials.
        (This is normal, because the password text box must be cleared so that you can type a passcode.)
      4. You will receive an SMS text message that starts with "SMS passcodes:" to your primary mobile phone. Open that text message. The text message will contain 10 different passcodes that are each 6-digits long.
      5. In the password text box, type: ABC,XXXXXX but replace ABC with your passphrase (note the comma and no spaces.), and replace XXXXXX with one of the 6-digit passcodes from the SMS text message.
    • To authenticate with a voice phone call:
      1. In the password text box, type: ABC,phone but replace ABC with your passphrase.
        (Note the comma and no spaces.)
      2. Click the appropriate button to submit your credentials.
      3. The primary telephone number associated with your Duo account will ring. Answer the telephone.
      4. Press one of the number keys on the phone to confirm the authentication.
    • To authenticate with a YubiKey:
      1. The YubiKey must be previously registered with Duo as AES. U2F tokens will not work. For instructions, see Enrolling a YubiKey as AES/OTP to Use in Any Browser.
      2. In the password text box, type your passphrase.
      3. Click the appropriate button to submit your credentials.
      4. Tap your YubiKey.
    • To authenticate with a 6-digit passcode from the Duo mobile app:
      1. On your mobile device, start the Duo mobile app.
      2. In the Duo mobile app, tap the key.
      3. In your browser, in the password text box, type: ABC,XXXXXX but replace ABC with your passphrase, and replace XXXXXX with the 6-digit passcode.
        (Note the comma and no spaces.)
      4. Click the appropriate button to submit your credentials.
    • To use a 6-digit passcode from a D-100 token or a software token:
      1. Use the D-100 token or the software application to generate a 6-digit code.
      2. In the password text box, type: ABC,XXXXXX but replace ABC with your passphrase, and replace XXXXXX with the 6-digit passcode.
        (Note the comma and no spaces.)
      3. Click the appropriate button to submit your credentials.
  3. You will now be logged on to and transferred to the service to which you were going.

Top of the page

Search words: two-factor, two step, multi-factor, 2FA, sign in

Top of the page