Asset 9

IT Department at work

Duo Resources

Providing mission-critical IT services to The Claremont Colleges.

Duo Security Enrollment Guide

Download pdf


What is multifactor Authentication?

Multifactor authentication (MFA) is a process that requires additional steps to prove the identity of the person logging into a system. There are three types of factors:

  • Something you know (such as a password)
  • Something you have (such as a smart card)
  • Something you are (such as a fingerprint).

At TCCS we will use the first two factors for authentication. First you will log into systems as usual with your NetID. Then you will authenticate your identity using a device such as a mobile phone. A number of device options are available (described below).

What is Duo and how does it benefit me?

Duo is the third-party application that we will use to provide two-factor authentication on systems like Workday and Box. For our initial deployment, only some applications that require you to login using your NetID and password will require Duo authentication as well.

This seems like extra work for me. Why do I need to use DUO

Phishing and brute force attacks are increasing exponentially, and so are the risks that your credentials may be stolen and your passwords compromised. Duo provides a second layer of protection beyond your password, to ensure that every login from every device is legitimate. This helps us protect you, your work and TCCS.

Can I opt out?

You will need to enroll in Duo if you use a TCCS application or service that requires it, such as Workday. It takes less than five minutes to enroll.

How does it work?

An individual who is enrolled in Duo will use both their password and a device such as a mobile phone or landline phone when logging into Duo-enabled systems with their NetID.

How often do I need to re-authenticate?

If you log fresh to an application every day, then you will receive a prompt every day. However, you can set Duo to remember you for up to 30 days on a given application and device. You would still get your password prompt, but not the Duo prompt. If you do not sign out of the application and/or sync sessions between browsers, you may not see the Duo prompt for quite some time.

Tick checkbox on Duo Login screen so that it remembers you for 30 days

Who is required to use Duo?

Once Duo is completely rolled out, all TCCS staff will be required to use it for systems and applications where it has been enabled.

Where can I go for more information, training or support?

Job aids are available at Duo Security Enrollment Guide. If you need additional help, please send a request to the TCC IT help desk.

How and when do I get signed up for Duo?

We expect to begin rolling out Duo in March 2018. TCCS staff will be notified about the enrollment process via email.

What mobile devices are supported?

Supported devices include:

  • Traditional cell phones that support phone calls or text messaging
  • Smartphones running Apple iOS (iPhone), Android, Blackberry or Windows Phone, which can support the Duo mobile app, phone calls or text messaging
  • Tablets running Apple iOS (iPad, iPod) or Android that can support the Duo mobile app

I don't have a supported mobile device. What options do I have for using Duo?

You do not need to have a mobile device to use Duo. Landlines (like an office or home phone) can be used to authenticate via a phone call. In limited circumstances, a hardware token (a small electronic device that may be attached to a keychain and generates a code) can be requested by submitting a TCC IT help desk ticket.

How many devices can I register?

You may enroll as many devices as you want. In fact, we recommend enrolling multiple devices.

I am unable to install the Duo application on my mobile device because my device
is not supported or not running a recent operating system. What can I do?

Even if your mobile device does not support the Duo application, you can still use your device to receive phone calls or text (SMS) messages for Duo authentication.

Can I enroll a shared device?

Yes. Landlines and mobile devices can be shared by multiple individuals. This may be common in shared office environments or family members who share a home phone number.

I’m leaving TCCS. Do I need to do anything with Duo?

Yes. Landlines and mobile devices can be shared by multiple individuals. This may be common in shared office environments or family members who share a home phone number.

Should I allow my Duo mobile app to update automatically?

Yes. Keeping the Duo app up- to- date ensures that any bugs or security vulnerabilities are resolved as quickly as possible.

I don't want to log in every day.
How do I get Duo to "remember me" for an extended period of time?

While authenticating with Duo through a web browser, you may see a "Remember me for 30 days" option. If the computer is not a shared or public machine, you can enable this option. This will remain in effect as long as you are authenticating on the same computer and browser and do not clear browser cookies.

If you configured Duo to automatically call your phone or send you a push notification, the "Remember me for 30 days" option may be grayed out or hidden when the Duo prompt first appears. You must click "Cancel" on the blue bar, and repeat the authentication process to access the “Remember me” checkbox.

When I try to get Duo from the Apple App Store, I’m asked for payment information.
Is the Duo mobile app free?

Yes, the Duo mobile app is free and can be downloaded from Apple Store Google Play or the Microsoft Store.