X

Duo Account Security

Account security has never been more important as an increasing number of businesses and users are targeted by hackers. Password management has always been a weak point in systems that rely solely on a knowledge-based authentication factor (something you know). Passwords are reused across multiple systems, making all accounts vulnerable when a reused password is leaked.

When all is said and done, passwords are simply no longer reliable as the sole method of authentication to sensitive systems. A better security option is having two (or more) factors needed before gaining access to an account. These come from different categories:

  • Something you know (password)
  • Something you have (phone)
  • Something you are (biometric, such as a thumbprint)

What is Duo Account Security?

The UofM Single Sign-On System (SSO) now includes Multi-factor Authentication (MFA) capabilities. This means that users can protect their accounts by requiring a second means to authenticate in addition to their password. Passwords alone have become increasingly easy to hack and MFA substantially reduces the threat of unauthorized access to accounts.

The ITS Security team has implemented MFA using a product from Duo Security, which allows users to use their phones as a second factor for authentication.  Users can use the Duo Mobile app to enroll their smartphone or tablet to receive online push notifications, or generate a one-time passcode.  Users can also enroll an SMS (text) number to receive notifications via text message, or enroll a phone number to receive a phone call, depending on their preference.


Am I required to enroll in Duo Account Security?

As of February 4, 2019, all regular employees, including all faculty, staff and course instructors, are required to utilize Duo Account Security to protect their accounts.  Students may opt in to use the service but are not required to do so at this time.


How do I enroll or change my devices in Duo Account Security?

New hires are guided through the enrollment process during orientation. To see your settings, login to https://iam.memphis.edu/duo. If you are setting up your account, you will be guided through the process of registering your device(s). Once you have enabled Duo, you will be prompted to authenticate with your second factor the next time you log in to any SSO-protected web resource.

It is strongly recommended that you have more than one device registered in case there is an issue with your primary device.

If you change devices, even if you keep the same phone number, that device needs to be registered with DUO to work. Register the new device at the above link. 


Where can I get help with Duo Account Security?

Full documentation for the Duo Account Security service can be found in the Duo Account Security documentation.  For further assistance, please contact the ITS Service Desk at 901.678.8888.


How can I give feedback on the Duo Account Security service?

The ITS Security team would appreciate any feedback that you might have regarding your experience using Duo or registering devices within iAM. Suggestions for improving the service can be submitted via the ITS Suggestion Box.

Frequently Asked Questions

  • Why is this service necessary?

    Threats such as social engineering and phishing increase the risk of an individual inadvertently sharing their username and password.  MFA helps protect critical University resources by requiring an additional piece of information or factor during login that a hacker will not have access to.  Even if a password is compromised for an account, the account cannot be used to access critical or important University information.

  • What methods are supported by Duo MFA?

    When paired with an app installed on a smartphone or tablet, Duo can send a push message to the app. The user only has to acknowledge the push to login. The Duo app can also be used to generate one-time passcodes in the event that the device does not have an WiFi or cellular data connection.  Duo MFA also supports text messaging and voice calls.  ITS also has a limited number of Duo tokens available, which can be used to generate a code when an individual has no usable phone options or if traveling internationally. The token will need to be kept near or on the person to whom it is assigned, as it will be needed whenever you attempt to login a system protected by DUO. Please see the Duo Account Security documentation for further assistance with Duo MFA methods.

  • When do I have to use Duo?

    Duo is required whenever you log on to a website protected by our Single Sign-On (SSO) authentication service, such as the myMemphis Portal, eCourseware and others.  It is not required to log on to your computer or to access email.

  • Do I have to do this every time I log on?

    You will have to use Duo MFA the first time you log on to a website behind our SSO authentication service.  You will not be prompted to use Duo on other sites if you already have an active logon session to another site.  If you restart your browser or computer, you may be prompted to use Duo again.  You can also use the "Remember me" option at the bottom of the Duo screen to remember your Duo session on that device for a seven day period.

  • Why don't students have to use multi-factor authentication?

    At this time, employees are the only group required to use Duo MFA, due to the risk to University data being exposed in the event of a compromised password.  Students can opt-in to use Duo MFA but are not required to use it at this time.

  • What if I don't want the university to have my cell number?

    You can use an office or other "land-line" telephone number to enroll in the service with reduced functionality.  Duo tokens are also available for use instead of utilizing phones.  

  • What is a Duo Token?

    The Duo token is a small, thumb-sized device that generates 6-digit codes to be used during Duo sign-on.  The device requires no internet connection, no phone number, and is suitable for situations where the mobile app or phone cannot be used, such as in secure areas or when traveling.

    Duo tokens must be assigned to specific user accounts and cannot be shared.  A token can be requested via the following Service Desk form.  Tokens are available for $20 and can be charged to a departmental index #.  During the Duo enrollment period, ITS is waving the assignment fee and tokens will be available free of charge.  Tokens that are lost or damaged are subject to a $20 replacement fee.

    Duo Token

       
  • What if I don't have my cell phone with me or it is not charged?

    When enrolling in Duo, you are prompted to enroll a backup device or phone number, such as an office or home phone, that can be used in the event your primary device is not available.  When logging in with Duo, simply select the backup device instead of your primary device to authenticate.

  • I travel frequently and don't always have cell service.  How can I use the Duo service?

    The Duo app, installed on a smartphone or tablet, can be used to generate a one-time passcode even when the device does not have an internet connection.  Please see the "Using the Duo Mobile Application in location with poor cell coverage or no WIFI" section of the Duo Account Security documentation.  If you are traveling internationally, you can also request a Duo token to use in cases where taking your smartphone or tablet are not safe or feasible.

  • What if I don't have a smartphone or don't want to use it?  Can I use something else?

    You can use an office or other "land-line" telephone number to enroll in the service with reduced functionality. Duo tokens are also available for use instead of utilizing phones.

  • Why can't I receive an email as a second factor?

    The Duo MFA service does not currently support email as a second factor.  In the event of a compromised password, a hacker could still login as they would also have access to an individual's University email account.

  • I use the Duo services at another University.  Do I need to install a different app?

    No, you can use the same app.  Simply open your existing app and press the (+) icon to scan the barcode and add your UofM account.