We have compiled a few frequently asked questions. This list will be updated a new questions and situations arise. As always, please contact the Service Desk if you need additional assistance or your specific question is not listed.
Who is required to use two-factor authentication?
All SHSU members, including Retirees and Alumni, are required to use two-factor authentication.
Two-factor authentication sounds complicated; how does it work?
Its not complicated at all. After IT configures an application to be protected by two-factor authentication, when you login to that application with your username and password (something you know) you will be prompted for a second authentication using a security device such as your smartphone or tablet. This in a nutshell is what two-factor authentication means...using two different factors for a complete authentication process. The first factor is something only you should know, in this case your password. The second factor is something you have, in this case your smartphone, tablet, or phone line. This ensures that you are the person that is actually logging in, as someone who may have guessed or cracked your password should not have your smartphone or tablet.
I don't have a smartphone or tablet, how can I use two-factor authentication?
Even though IT recommends you use a smartphone or tablet as the Duo Mobile app is free to use for SHSU, you can register a security key to authenticate. A security key plugs right into your computers USB and provides an additional layer of defense beyond traditional passwords.
Can I still use two-factor authentication if my device does not have a data plan or cellular access?
Yes you can. Launch the Duo Mobile app on your smartphone or tablet and generate a passcode. You can then enter this passcode into the application to continue logging in.
In addition, most cell phones have the ability to connect to WiFi. The Internet connection provided by a WiFi hotspot will allow you to use the Duo App.
You also have the security key option.
I don't use banner, does this affect me?
If you are an employee you most likely do use Banner for reporting your time at a minimum. Applications that are part of Banner (Self-Service Banner and Banner Administrative Applications) include: Banner Employee Profile (Timesheets, leave reports, time balances, etc), Workflow, Grade Entry, Account Balance, Budget Development, EPAFs, and Attendance Tracking.
System not impacted by two-factor authentication at this time are: Cognos, Ad Astra, Bearkat Buy, Chrome River, NuPark (Parking System), DegreeWorks (except when pulling something directly from Banner), StarRez, CBORD, AcademicWorks, CourseLeaf (Catalogs), Maxient (Title IX training), and CampusConnect.
How do I start using two-factor authentication?
First you have to enroll your security devices (the things you have, such as your smartphone, tablet, or phone line) with your SHSU account. IT has setup a Two-Factor Self-Service Portal that you can log into using your SHSU username and password. If you are eligible for two-factor authentication, you will be prompted to configure a security device. IT recommends using a smartphone (or tablet if you carry it with you all the time) if you have one as it is the easiest and most convenient to use (as there is an app for iOS and Android devices). Once you've completed the initial enrollment of your security device, you can always visit the Self-Service Portal to add additional devices.
What are the different methods of two-factor authentication?
Duo Security employs multiple methods for implementing the second factor authentication.
Duo Push: The most convenient method (also free to the University) is called Duo Push. When you enroll a smartphone or tablet as your security device in Duo, you are asked to install the Duo Mobile app on your device. This app pairs your phone with your SHSU account. Whenever you login to a two factor-secured application and you select the Push method, Duo Security sends a notification to your smartphone or tablet and all you have to do is click a button to indicate you approve logging in or you deny it. You have no codes to enter or anything...just a button click.
Passcode: Another method is called Passcode. If you have a one-time use passcode (either from a block of codes sent to you by Duo via SMS, generated from the Duo Mobile app on your smartphone or tablet, or given to you by the Service Desk), you can select this method and enter the passcode into the field provided.
Security Key: One other option is a security key. A security key plugs right into your computers USB and provides an additional layer of defense beyond traditional passwords.
My security device is not receiving push notifications. What do I do?
If you experience an issue where you are not receiving push notifications, please follow the below troubleshooting steps.
- If push notifications are active, network issues between your device and the Duo service may be the culprit. Some devices may have trouble determining whether to use WiFi or cellular data. Try turning off WiFi and/or switching your device into "Airplane Mode" and back to normal operation.
- Verify that the time and date on your device are correct. If the date and time are manually set, consider changing your device's configuration to sync automatically with the network.
- Try re-adding your Duo security device by following the instructions on our Tech Tutorial page How to Re-Add Your Device.
- Disable content restrictions on the device. The instructions are described below for different versions of iOS or macOS.
- Duo Security has created in-depth troubleshooting guides for Duo Push delivery for iOS and Android. Note that an IT administrator with the ability to modify port access may be required depending on the specific issue being encountered.
If the issue still persists, please contact the Service Desk.
How do I replace or add a new security device?
Use the Self Service Portal. If you have additional security devices already added to your account, then you can use one of them to two-factor authenticate when you are prompted.
My security device has been lost or stolen. What are my next steps?
Contact the Service Desk immediately to report that your device was lost or stolen. They will remove the device from Duo and assist you with setting up another security device in Duo.
How often do I need to use two-factor authentication?
IT has configured the Duo system to allow you to remember your computer that you logged into the Duo secured application for up to 30 days. If you logged in from a private workstation that you trust, you can check the box to remember your device. If you are using a public workstation that people other than you use, please don't check this option. You will need to use Duo two-factor authentication each time you log out and log back in to the Duo secured application.
You will not be prompted for Duo when using a campus computer unless it is a privileged account.
I have logged in with Duo already for one application, but when I go to another application, it is requiring me to use Duo again, why is that?
Duo is web browser specific. This means that if you used one web browser, say Chrome, to log into the first application and then you used a different web browser, say Internet Explorer, to log into the second application, you will be asked to use Duo for the second application even after using it for the first application since the applications were accessed using different web browsers. The Duo 2FA will also be requested again if you clear your browser’s cache, please keep this in mind.
Does DUO work internationally?
DUO is not supported in the following other countries/regions:
- North Korea
- Crimea region
- Sevastopol region
- Donetsk region
- Luhansk region
DUO Application and Accessibility
Duo tests for accessibility in a number of ways. For most visually impaired users, Duo tests their software manually by using magnification and screen readers, specifically Nonvisual Access’ NVDA screen reader and Apple’s VoiceOver. They also ensure users can successfully authenticate only using a keyboard by testing font colors and backgrounds against contrast checkers and improving contrast for keyboard focus.
Duo benchmarks against the international technical standard for accessibility, W3C’s Web Content Accessibility Guidelines (WCAG) 2.0, and GSA Section 508 standards.
For more information on DUO accessibility please visits the DUO's Accessibility page.
Can a hardware token be shared?
No. A hardware token can not be shared between users.
Which versions of iOS or Android does Duo Mobile support?
The current version of Duo Mobile supports iOS 14.0 and greater. Duo recommends upgrading to the most recent version of iOS available for your device. The Duo Mobile app is compatible with the M1 iPad Pro.
The current version of Duo Mobile supports Android 10.0 and greater, as well as Android Go 10.0 and greater. Duo recommends upgrading to the most recent version of Android available for your device.