Frequently Asked Questions About Two-Factor for Weblogin

General

What if I am charged for texts, don't have a device, or need assistance with device expenses?

The expenses related to the Duo options are mostly low-cost or no-cost. If you need assistance, contact the ITS Service Center so we can connect you with the best low-cost or no-cost option for you.

What can I do to prepare for Duo two-factor for Weblogin?

If you haven’t done so already, you can become an early adopter by enrolling in Duo and turning on two-factor for Weblogin. Visit the Safe Computing website to get started.

If I am studying abroad or taking the winter term off, am I exempt from the Duo requirement?

No. If you access online resources protected by U-M Weblogin when you are away from the university, you will need to enroll in and begin using one of the multiple options that Duo offers for two-factor authentication by January 29.

Aren’t there better tools than Duo?

No. U-M’s Information Assurance believes Duo is the better choice for what the university hopes to achieve in protecting the institution’s systems and data, as well as your own personal information stored at the university.

Duo is a high-performing, Ann Arbor-based company, recently acquired by Cisco Systems. Besides the fact that the company was founded by Michigan alums, which is a plus, many of our peer institutions are successfully using the two-factor tool.

Duo provides faculty, staff, and students with the most options for individual choice (that is, mobile app, passcode, landline, or hardware token), while effectively allowing U-M to maintain its core missions.

Isn’t it costly to have everyone including students use Duo?

No. In fact, the reverse is true. Successful attacks on peer universities not using two-factor have been costly in terms of time, reputation, and resources. The cost of using Duo is significantly less than the potential cost of a serious data breach. 

I need to use a hardware token, but understand there is a charge. Are there any provisions if cost is an issue?

Yes. U-M wants to protect the digital resources of the institution and each individual’s personal assets while not imposing undue expense on members of our community. Duo was selected because it provides several options—all are low cost or no cost.

Hardware tokens do have a cost, but they can be obtained for free. Contact the ITS Service Center or visit the Computer Showcase to explore your options. However, if you want one simply as a backup or alternative option, you will need to purchase it.

Using Duo

What if I forget my two-factor device?

Contact the ITS Service Center to request a temporary bypass code to log in.

Does using Duo require that everyone own a smartphone? What are my options if I don't use a mobile device?

Duo offers multiple options. You do not need to own a smartphone. Although the majority of people find having the Duo Mobile app on their smartphone or other mobile device to be the most convenient option, it may not work for everyone. Duo offers multiple options for different circumstances and needs, including using a basic cell phone, landline, hardware token, or YubiKey.

What happens if I don't enroll by January 29, 2020? Will I still be able to login?

You will not be able to log in until you enroll in a Duo two-factor option or get a temporary bypass code from the ITS Service Center. If you haven’t enrolled as of January 29, 2020, the login screen will prompt you to either enroll in Duo or cancel your login.

Are there exceptions available for those who do not want to use Duo at Weblogin?

No. To better protect university systems and data, it is important that all students, staff, and faculty use two-factor for Weblogin.

Why is the Duo Remember Me option for 7 days? Can I change that?

The Remember Me for 7 days option is the maximum length of time that U-M allows Duo two-factor to be remembered, provided you are using the same device, same web browser, and your browser does not block cookies. Remember Me is optional and the length of time cannot be changed. However, if you want Duo to remember you for less than 7 days, you can adjust your browser settings to clear your cookies when quitting your browser.

How large is the Duo Mobile app?

The Duo app uses about 32 MB of internal storage on an Android device and 28 MB on an iPhone. For reference, that is the same size as about four digital pictures taken with your device's camera.

Can I use a desktop or laptop application to authenticate with Duo?

No. Duo does not offer a computer app, which means you will need a separate device—such as a phone, tablet, or hardware token.

What Duo options can I choose from?

U-M students, staff, and faculty can choose the Duo option that works best for them, although some schools, colleges, or units may have their own preferences or guidelines.

Available options:

  • App for your mobile device that offers a "push" notification or passcodes (Most Popular)
  • Passcodes via text message
  • Phone call-back
  • Duo hardware token (available for purchase at the U-M Computer Showcase)
  • YubiKey (available for purchase at the U-M Computer Showcase)

For details, see Options for Two-Factor Authentication.

I understand there is a landline option, but won’t that incur charges?

Yes and no. U-M pays per-authentication charges when a phone call (or text message) is used. And while there is no cost to you when using a university landline, your phone plan’s rates would apply if you’re using a personal landline. We encourage you to check with your carrier to be certain.

Can I use multiple options or do I have to pick just one?

You can use various Duo options as needed. We recommend that you set up a primary option as well as a backup option. Additional options can be added whenever you wish.

Where can I get a Duo hardware token or YubiKey?

Duo hardware tokens and Yubikeys are available from the Computer Showcase. The university will cover the cost of an initial hardware token or YubiKey for individuals. Individuals can purchase additional or replacement hardware tokens or YubiKeys (need-based exceptions are considered on a case-by-case basis).

How do I re-sync a hardware token?

You can re-sync a hardware token by generating a new passcode three more times and entering each of the three passcodes on the Duo prompt. On the third entry, you should be logged in successfully.

Your hardware token may be out of sync when the login screen displays “Incorrect passcode. Please try again.”

Can I use a YubiKey?

Yes. YubiKeys are available from the Computer Showcase. Two walk-in locations are available.

 

I already use Duo for services outside the university. How will that work when using it at U-M?

When you enroll, you will be adding an account. You will see a U-M account in your Duo app.

What if I have an exam that requires me to log in, but I can’t bring my smartphone into class?

It is best to check with your instructor before the exam to determine how they would like to address this matter for your particular class.

One of the easiest options, assuming you have the Duo Mobile app, would be to use the Duo login screen shortly before the exam and send yourself a text message with 10 passcodes. Write them down and take your list of passcodes into class. Again, it is a good idea to check with your instructor first to make sure they are okay with this option.

Text message passcodes are good when used within 30 days. For details, see Get Passcodes Via Text Message.

What do I do if I get a new phone?

  • If you get a new phone with the same number, you need to install the Duo Mobile app on your new phone and reactivate the app. Follow the steps in Change Your Duo Options and Settings. Note: Before you sell or give away your old device, back it up and then erase all content and settings.
  • If you get a new phone with a new number, you can add it as an additional device. Follow the steps in Add a New Device in Duo (Phone Number or Mobile App).

Best Practices

Won’t having to use two-factor throughout the day be time consuming?

No. It usually takes only a few extra seconds to enter a passcode or to approve a notification on your phone. Additionally, Duo has a “Remember Me” function, so you aren’t prompted to use two-factor every time you log in.

Will there be problems using Duo while I am traveling?

No. Within the Duo Mobile app, you can generate a passcode that doesn’t require connectivity. More information is available on the Safe Computing website. We encourage you to plan ahead before your trip and choose something that will work for you.

What if my phone battery dies and I'm away from the landline I registered as a backup?

Contact the ITS Service Center or HITS Service Desk for assistance.

Your Privacy

I don’t have access to anything that would interest anyone. Do I still need to use Duo?

Yes. You likely have access to more than you think, including information that can be of great value to attackers. If your account is compromised, it is a foot in the door that can be used to spread attacks elsewhere at U-M.

For instance, your email account could be used to spread phishing attacks to your contact list. Shared files to which you have access could be infected, so that other users who access those files could have their accounts compromised. Or your account could be used to log into various university systems. We encourage you to not underestimate the valuable assets to which you hold the keys.

Doesn’t using Duo attract attackers, since having it suggests we possess something of value?

No. Higher education institutions are known to be a big target for cyber criminals, particularly universities where a significant amount of research is done. Universities house a great deal of sensitive data of value to cyber criminals and, by their nature, have an open-access, decentralized environment. 

One of the reasons U-M is expanding the use of Duo institution-wide is to significantly decrease the likelihood of a successful cyber attack or data breach.

If I use Duo, will “Big Brother” be watching me?

No. U-M's intent is to provide a safe and secure online environment, so that no one can spy on or steal from the institution or its employees.

Getting Help

What do I do if I get caught without a backup option?

Contact the ITS Service Center or HITS Service Desk. They can provide an emergency bypass code.

What if I just need assistance?

The ITS Service Center or HITS Service Desk are available to provide assistance and support, and answer questions you have about Duo.