Brief description of the service and overview of purpose of Q&A
Do I need a smartphone to use Two-Factor Authentication (2FA)?
A smartphone is the recommended device since the Duo Mobile app provides the greatest level of security and flexibility. The app generates passcodes for login (even without cellular connectivity) and can receive push notifications for easy, one-tap authentication. Duo Security offers multiple other ways to authenticate with Duo. Besides a smartphone, you can use an older cell phone, landline (such as your office or home phone), tablet, or security key.
What devices are supported by Duo Mobile?
The Duo Mobile App is available on iOS, Android, and Apple WatchOS.
I have an Apple Watch. Will it work with Two-Factor Authentication (2FA)?
Yes, it will work for 2FA. You will need to have an iPhone enrolled in the service, and then follow the set up instructions from Duo Security.
How long do I have to enter my Duo security code or reply to a Push notification?
The Duo 2FA prompt will remain on-screen for one minute before returning you to the login prompt.
I seem to be locked out of the Two-Factor Authentication (2FA) service. What should I do?
A user is automatically locked out when there are 10 consecutive failed log in attempts. This could happen if you don't respond to multiple push notifications, or if you selected the wrong device (calling an office landline when at home), or automatic log-in attempts by a 2FA-protected system when a user isn’t expecting them.
Once you have been locked out, you will need to call the LTS Help Desk (610-758-4357) for assistance in unlocking the account.
What do I do if I get a Duo notification and I haven't attempted to log into any Lehigh system?
This could be an indication that your account has been compromised. The first thing to do is change your password by visiting the Password Change page. After changing your password, please notify us by calling or emailing the Help Desk.
What do I do if I don’t have my mobile phone with me?
- Duo can call your office line if you have set it up as an alternate number. We recommend adding at least your office line, and possibly other lines as appropriate. For example, you may want to have a spouse's mobile number as an option in case of emergency.
- When you first enroll in Duo, send yourself codes via text (SMS) messaging. These codes should be kept with you in a safe location and can only be used once. If you generate new codes, all old codes will become invalid.
- You can use a USB Security Key, available from YubiKey and other vendors. Again, this must be set up in advance.
I signed up for 2FA and would like to un-enroll till the end of 2019. How can I do this?
Two factor authentication will be required going forward. If you have extenuating circumstances that require a temporary bypass of 2FA, please contact firstname.lastname@example.org
I will be getting a new phone soon. How can I make a smooth transition to a new phone?
If you are transitioning an existing number to the new phone, you can simply have Duo call you to verify the new device. If you are moving to a new number, it would be a good idea to text (SMS) yourself a new set of one-time-use codes so you can easily enroll the new device.
Can I reuse a passcode?
No. Passcodes are only good for a single use.
How long are passcodes good for?
Passcodes never expire. They last until they are used, or until you generate a new set.
I clicked on the 30 day checkbox -- why do I keep getting prompted for 2FA?
The “remember me” option is tied to a particular browser on a device. So if you are using a different browser, or a different device to login, you will need to check the box again.
My phone was stolen, damaged, or dropped in the ocean. Now what?
Call or email the Help Desk for assistance removing the device from your account.
What data is stored by Duo Security?
The only data stored by Duo Security is the client's Lehigh user ID (Duo does NOT know your password) and information about your second factor, such as a phone number (if using a phone for the service) or the serial number of your Duo Token (if not using a phone for the service).
How do I add or remove 2FA devices and manage my Duo settings?
Visit www.lehigh.edu/account and follow the “Two-factor authentication with Duo” link. You will first need to authenticate with Duo, after which you will see the settings screen as pictured below.
Click the "+ Add another device" link, then choose the type of device you will be adding.
If you're adding your office phone, select Landline.
You will receive a confirmation call on that number. Answer the phone and press any key on the phone's number pad. This will confirm the device and finish the process. Repeat as necessary for additional phone numbers.
I use a landline for Two-Factor Authentication (2FA), and I’m going away for a week. Can I still use the service?
Yes, you can forward your enrolled phone to another number (or add the other number temporarily at the 2FA self-service portal).
Will Duo work while I’m traveling outside the U.S.?
Yes, Duo will work from pretty much anywhere you can access the Internet. We recommend that you have the Duo mobile app installed on your phone while traveling. If you’re planning to travel without your phone, please contact us in advance for assistance.
I will be using the Internet only at wifi hotspots and won’t have cell phone access while traveling, will Duo still work?
Yes, the Duo mobile app can generate access codes even without cellular service.
I’m an employee who will be retiring soon. Will I be required to use 2FA after I retire?
When you leave Lehigh your staff affiliation will change to retiree, and as such, you will no longer be required to be enrolled in 2FA.