Duo Two-Factor Authentication
NJIT is adopting a Two-factor authentication (2FA) process which adds an extra layer of security to your online accounts.
Two-factor authentication provides a second layer of security to your account with an additional verification using a trusted device. This device can be your smartphone running the Duo app, a text message, a key fob, or even a desk phone. Two-Factor Authentication helps to prevent the unauthorized use of UCIDs and passwords by ensuring that only the account owners themselves can access their account. It’s like a “Double Lock” system to your door. Commonly described as two-factor, or “something you know and something you have.” In this analogy, “something you know” refers to your UCID and password and “something you have” is a timed, unique code generated just for you.
How do I get Started
How do I learn more about Duo
How Does Duo Work
- Duo has a self-enrollment process that will allow you to easily register your device. You will receive an enrollment email asking you to set up the Duo app. If you are struggling with enrollment, feel free to make an appointment at the NJIT IST Service Desk.
- When you log in to a protected NJIT service such as Banner, Webmail or Canvas, Duo will prompt you to confirm your identity using a secondary device, such as your mobile phone, tablet, landline, or small hardware token.
- You'll get to choose which devices to use with Duo. The most popular option is the Duo Mobile app on your smartphone. Go to the enrollment tab and learn the process to sign up now.
- Using the Remember me option will allow people to only do the verification step once per day for most NJIT services (per browser session). Session timeouts will be based on user roles Faculty, Staff and Students.
- If you get a Duo push notification or phone call when you're not logging in, that means that someone is trying to use your account! To stop them, tap Deny in the Duo Mobile app or just hang up on the phone call.
Manage My Devices
You may add or remove devices from your profile by selecting Manage Devices, on the Duo system screen.
- It is suggested to use your mobile devices, but there are many other devices you can use. Find more information here.
Why 2FA?
Two-factor authentication provides a second layer of security to any type of login, requiring extra information or a physical device to log in, in addition to your password.
By requiring two different channels of authentication, we can protect user logins from remote attacks that may exploit stolen usernames and passwords.
The factors may include:
|
Something you know: ● A unique username and password. |
|
Something you have: ● A smartphone with an app to approve authentication requests. |
|
Something you are: ● Biometrics - like your fingerprint or a retina scan. |
Two-factor authentication is a critical part of our strategy to strengthen NJIT's defenses against cyber attacks.
-
Universities around the world, including the NJIT, are high-priority targets for hackers. These attacks have only increased during the COVID-19 outbreak.
-
Stolen NJIT credentials can be leveraged to gain unauthorized access to personal information, research data, and intellectual property.
-
Two-factor authentication blocks almost 100% of attacks based on credential theft.
-
Two-factor authentication allows you to protect your account from wherever you are, whether on campus, at home, or on the road.
Please watch the How-to videos below for visual instructions.
To enroll in Duo two-factor authentication use the instructions below:
Step 1: Look for an enrollment email sent from the Duo Security team at NJIT to get started.
- Click on the link provided in the email.
- Once redirected click the Start Setup button that will be found at the beginning of the page.
- Select the type of device you are registering then click Continue.
- Enter the Phone Number of the device you wish to set up. This can only be a US based phones for calls and texts.
- Choose the Type of device being registered. The options will be iPhone, Android, Windows Phone, or Other.
Step 2: Install and Activate the Duo Mobile App.
- Launch your App Store and search for Duo Mobile in your respective app store to install. If you already have the app, move forward by pressing the I have Duo Mobile Installed.
- After downloading the app open the application and tap the "+" button, and scan the barcode on the screen. If you are not able to scan the barcode, click the Email me an activation link instead to move on with the process.
- Click Continue when done.
Step 3: Customize your Duo Mobile App.
- There will be an additional menu beneath the When I Log in that will prompt if you would like to be asked to choose an authentication method, automatically send your device a Duo Push, or automatically call this device.
- For added security, we suggest using the Ask me to choose an authentication method.
You have successfully enrolled with Duo mobile two-factor authentication (2FA).
Step 4: Registering Additional Devices
Are you trying to log in to an NJIT Service? Are you being prompted a Duo 2-factor security access page? Below are multiple different methods which you can use to access any NJIT service. Please make sure you are first enrolled with NJIT's duo security account. Find more information on how to enroll here.
Below are some application authentication methods for your registered devices.
Duo Mobile App
The Duo Mobile App (Recommended): Download the Duo Mobile App from your smartphone or tablet’s app store. Once registered, this method will allow Duo to push a message to your phone or tablet where you can verify your identity by tapping the screen. The Duo Mobile App also has a one-time code feature that functions even when the device can’t reach a cellular or Wi-Fi network
Phone Call
Any Phone Number: You can register your cell phone, desk phone, home phone, etc. and the system will call you to validate your identity.
Hardware Token
A Hardware Token: A hard token is an electronic device that generates one-time passwords for logging into a computer system. A hard token provides an extra layer of security called multi-factor authentication. Hardware tokens generate a six-digit code that you can use to authenticate.
Below are the different authentication methods
- Generate a passcode with the Duo Mobile app
- Get passcodes via text message & SMS passcode to primary device
- Duo Push to primary device
- Phone call to primary device & backup device
- Tablet- IPad
- Desk Phone
- Hardware Token
Looking to Generate a passcode with the Duo Mobile app?
Step 1. Once you log into any service affiliated with NJIT you will be prompted on this page. Select the Enter a Passcode from among the selection.
Step 2. Download the duo mobile app on your smartphone device, form your app store and launch the application. Make sure you are registered with NJIT, if not please follow the steps here where you can find more detailed instructions.
Step 3. Once you have your NJIT account set up with NJIT Duo, you will be able to generate a passcode. You may refresh the passcode if you wish since you are only allowed to use each code once.
Step 4. You may input the code in the space provided.
Get passcodes via text message
Step 1. Once you log into any service affiliated with NJIT you will be prompted on this page. Select the Enter a Passcode from among the selection.
Step 2. You will get a text on your mobile device allowing you to know that it is an SMS passcode.
Step 4. You may input the code in the space provided. If you had not received an SMS message select the Text me new codes that are located in the blue box.
Duo Push to a primary device
Step 1. In order to receive a duo push, you must first download the duo mobile app from your local app store on your mobile device. Register your application with NJIT, you may find more information on how to register here. Once you log into any NJIT Service it will ask you to choose an authentication method, select Send me a Push.
Step 2. A push notification will be sent to the app downloaded on your device. You may choose to approve or deny this request. To log in to the NJIT Service you will have to approve the push notification.
A phone call to the primary device
Step 1. Once you log into any NJIT Service it will ask you to choose an authentication method, select Call Me.
Step 2. You will receive a phone call to your primary device. This is an automated call, follow the steps that are instructed in the call to log on (the call will be received from different area codes).
Phone call to the backup device
Step 1. In order to have a phone call be directed to your backup device, which is a device already added to your authentication method (if you have not added a device follow the steps on how to Add a new device), change your device at the drop-down menu to the device you would prefer the call be sent to.
Step 2. Once done so, select call me and follow the same steps as before.
Tablet- IPad
Step 1. To add an IPad go to the add a new device menu. If you would prefer more information on how to add a device, direct yourself to the Add a new device section of this page. Once here select tablet from the menu.
Step 2. Choose the type of tablet you are adding, IOS or Android.
Step 3. Install the Duo Mobile app on your IPad, once done, select the I have Duo Mobile Installed.
Step 4. Open the Duo Mobile app, and scan the QR code to be registered with NJIT's Duo Security. If you cannot scan the barcode you may select the email me an activation link instead. You may then use your IPad as a device to log in using different authentication methods.
Desk Phone
Step 1. Select your desk phone device from the drop-down menu under the device.
Step 2. Select call me for an automated message to be sent to your device. Follow the instructions from there.
Hardware Token
Step 1. This is an NJIT hardware token that can be obtained from the IST Service Desk at 973-596-2900. This is an additional mobile device that can be used to generate passcodes when accessing an NJIT Service.
Step 2. When logging in, make sure you're selection is on Token, here you can Enter a passcode that will be generated from the hardware token.
Step 3. Press the green button to generate a 6-digit one-time use passcode.
Step 4. Insert the passcode in the space provided. Afterward, you may Log In, and have access to your NJIT Service.
The Duo FAQ page contains the answers to many common Duo questions. If you have any additional questions or problems contact the IST Service Desk
Duo FAQs
1. How do I enroll my account in Duo?
Follow the instructions on Duo Two-Factor Authentication home page, or watch the videos below.
2. How can I verify that I'm registered?
-
Visit any web service protected by Duo such as Pipeline, Webmail by Google and Canvas.
-
Enter your username and password, then click Log In.
-
Click Other Options then click Manage Devices.
-
The appearance of this screen tells you if you've registered or not. If you can see a Start setup button, then you still need to register.
3. Who must enroll in Duo?
-
All faculty, staff and students must eventually enroll in Duo. (This is a phased rollout where you will see emails alerting you when it is time to enroll).
-
Upon completion of the phased rollout, you will be prompted to enroll soon after claiming your NJIT UCID.
-
Once you've started using Duo, you'll be required to use it for as long as you have access to protected NJIT services, which may continue after you've left the University, depending on your affiliation.
4. What is Two-Factor Authentication?
-
Have you ever received a verification code on your phone while logging in to online banking, email, or social media? That's two-factor authentication.
-
It goes by many names, including two-factor authentication (2FA), two-step verification, and multi factor authentication.
-
Whatever the name, it combines something you know (your password) with something you have (like your phone) to make it much harder for cyber criminals to break into your account.
5. Where will I use Duo at NJIT?
Services protected by two-factor authentication include:
-
NJIT web services that use Shibboleth (NJIT’s Web Authentication Service) single sign-on for login, including NJIT Webmail by Google, Canvas, Banner, Pipeline, my.njit.edu, WebEx and others.
-
NJIT VPN.
-
Remote Desktop Access.
-
For more information, contact the IST Service Desk
Additional services will be protected by two-factor authentication in the future as they are added.
6. How often will I need to use Duo?
- For most services, you can check the Remember Me for 18 hours / 4 days box on the Duo screen.
- Then you should only need to do two-factor authentication once per day (for each browser session or app, on each device).
- You may need to enter your username and password again based on application timeouts.
7. Do I have to use a personal device?
Use of a personal device is not required. If you have a smartphone or tablet, we recommend registering it with Duo, because these devices can run the Duo Mobile app.
The Duo Mobile app from Duo Security provides:
- The best user experience.
- The most ways to login from one device.
- A built-in backup option: you can generate mobile passcodes even when your phone has no service.
NJIT Faculty and Staff members can receive a hardware token at no cost. Please fill out the Duo Hardware Token Request Form and contact the IST Service Desk for this request.
8. What if my phone can't use the Duo Mobile app?
- To run the Duo Mobile app, you'll need to have at least Android 7.0 or iOS 11.0.
- If you're not able to upgrade your smartphone sufficiently, you can still receive passcodes via text message (SMS) or receive phone calls from Duo (you answer and press any key to log in).
- To register your phone in either the ways listed above, start the registration process on the Duo Compatible Devices page.
9. Do I need a smartphone or tablet?
- No. You can use Duo with several other device options. It is highly recommended to use a smartphone for the best experience.
- Non-smart cell phones, such as flip phones: You can receive passcodes via text message (SMS) or receive phone calls from Duo (you answer and key to log in). To register your phone this way, just start the registration process, choose “Mobile Phone,” and then for phone type, choose Other.
- Landlines: Follow the DUO registration guide for landline phones.
- Hardware tokens: If you have no other options, you can pick up a small hardware device called a hardware token (key fob). Please contact the IST Service Desk to inquire about a hardware token.
10. Do I need Wi-Fi or cell service?
No, if Wi-Fi or cell service is unavailable there are three methods that work without Wi-Fi or cell signal.
-
Hardware Token
-
Bypass Codes
-
A Duo app password generator
To learn more about any of the three methods listed above go to the Authentication Methods page.
If you are without service but don't have either the Duo Mobile app, hardware token or bypass codes available, you can request an emergency temporary bypass code from the IST Service Desk.
11. Can I register more than one device?
You can register multiple devices. It is highly recommended to have at least two devices registered. That way you will have a backup if your first device isn't available or fails.
Tip: The Duo Mobile app can generate passcodes you can use to log in later, like a backup method. This is recommended for everyone, but particularly for those who have not registered a second device.
12. I already have the Duo Mobile app for a non NJIT service. Can I use the same for NJIT?
- Yes. The Duo Mobile app can be used for multiple services at the same time. Just register that same smartphone or tablet for NJIT's two-factor authentication (see Compatible Devices page).
- The app will work for two-factor authentication for NJIT and will also continue working for any other services you're using Duo for.
13. Why does the Duo Mobile app want me to back up to Google Drive or iCloud?
- Allowing the Duo Mobile app to backup to Google Drive or iCloud will turn on Duo Restore for your account.
- This feature makes it easier to recover your Duo settings if you later replace your phone.
- This option is mentioned in our best-practice recommendations. More information is available on Duo's website.
14. What happens if my device gets lost, broken, or stolen?
-
Lost or stolen devices should be reported to the IST Service Desk immediately to prevent unauthorized access to protected resources.
-
Use a backup option, if you have one.
-
Use another registered device. If your usual device is unavailable for some reason and you've registered other devices, you can use those. After you enter your UCID and password to log in, when you get the Duo prompt, just use the dropdown menu at the top to select an alternative device.
-
Request a temporary bypass code, if needed. If you don't have any other devices registered, you can request a temporary bypass code by contact IST Service Desk. You can then use that code to access services and to register more devices.
15. What if I need help at night or on the weekend?
The IST Service Desk has extended service hours. Be prepared and have alternative devices registered and bypass codes available.
16. What authentication methods can I use?
17. What if I got a new phone with the same phone number?
If you replace your smartphone with a new one but keep the same phone number, you may need to install the Duo Mobile app on your new phone and reactivate the app.
Remember to back up your old device and then erase all content and settings before you sell or give away your old device.
18. How to restore the Duo Mobile app on an iOS device?
First you need to have an iCloud account configured on the device with iCloud Keychain enabled. You can restore only for devices on the same platforms (iOS to iOS).
When setting up the new device, choose to restore from iCloud, iTunes backup, or a transfer from the old device.
From the new device, when first opening the Duo Mobile app it should recognize the backup from iCloud. Tap Get Started to complete the setup.
Detailed instructions and a video overview are available on the Duo Restore.
19. How to restore the Duo Mobile app on an Android device?
To restore on a new Android device, you need access to the old device to complete activation.
The Duo Mobile app needs to be enabled for backup to Google Drive on the old device before starting the restore process on the new device.
You can restore only for devices on the same platforms (Android to Android).
After launching the app on the new device, tap Get my account back. You will be prompted to launch Duo Mobile on your old device to display a QR code.
Scan the QR code on the new device to restore the Duo Mobile app.
Detailed instructions and a video overview are available on the Duo Restore.
Hardware Token FAQ
1. What is a Duo hardware token?
A Duo hardware token is also called a key fob, which is a small device that you can attach to your keychain. If you have a Duo key fob, when you go to log in, you will be expected to enter a code that appears on your key fob to complete the login process.
2. How does hardware token work?
Once it has been registered to you by going to IST ServiceDesk, showing your ID, and running through the hardware token request process with the ServiceNow Request. The next time you log in, you will be presented with a Duo prompt that has an “Enter a passcode” button. Click the button on the screen, then press the power button on your token, then enter the code displayed on the token to the box on your screen.
3. How to get a hardware token?
If you are an active NJIT employee, faculty or staff, you may request a free Duo hardware token from the IST Service desk. Note - Employees must request/pick up their hardware token following the Hardware Token Request process.
To request a Hardware token, please submit your request in ServiceNow. Please login ServiceNow Portal with your ucid and search Duo Hardware Token Request Form or contact the IT Services Desk via:
Phone: 973-596-2900
Email: ServiceDesk@njit.edu
Location: Van Houten Library First Floor
Hours, Fall and Spring Semester: Monday-Friday, 8:00 am - 7:00 pm
Hours, Summer: Monday-Friday, 8:00 am - 6:00 pm
4. How many hardware tokens do I need?
You only need one hardware token. The hardware tokens are portable and can be easily carried with you wherever you are working.
5. Can hardware tokens be shared with other users?
Certainly not. It is not allowed to share your hardware token, as sharing a hardware token will lead to diminished security and effectiveness of the multi-factor authentication process associated with your account.
6. I lost my hardware token, what do I do?
Please contact the IST Service Desk immediately. IST will remove the lost token from Duo in order to protect your NJIT UCID account. Visit the IST Service Desk, provide a form of ID so that we can validate your identity, and we will provide you with a new hardware token.
7. What if I got “Incorrect passcode. Please try again.” error?
If you are seeing this message, your hardware token may be out of sync. Re-sync by generating and entering a new passcode three more times. On the third entry, you should be logged in successfully
8. How long can hardware token last?
Hardware tokens run on a battery and have an expected life span of two years. After they no longer function, total replacement of the hardware token is necessary. Please contact IST Service Desk to have these tokens replaced.
9. What happens to my hardware token when I am no longer employed by the NJIT?
If you are no longer employed by NJIT, access to all systems and authorization will be revoked as part of the normal off-boarding procedure. Before separating from the University, you should return your hardware token to the IST Service Desk and request the token to be removed from your Duo account.
10. How to remove a Hardware Token?
The steps to remove a hardware token from your account are listed in the How to remove a Device from Duo question below.
11. How do I remove a device from Duo?
There are various reasons you may wish to remove a device from your Duo account.
- The device may no longer be in use
- You may have a new device
- The device has become lost or stolen
You may remove a device within the Manage a Device section of your Duo account. From there you can add or remove devices at your discretion.
To reduce security risk, make sure you remove lost or stolen devices from your account immediately. If your lost or stolen device is University-owned, report it to IST Service Desk as soon as possible.