Optimize your use of Duo two-factor authentication
April 12, 2021
Phil Johnson
Share |
A man's wrist with an Apple Watch displaying the MIT Duo app.
Photo: Phil Johnson

Duo is a two-factor authentication service which offers a second layer of security, in addition to your password, which confirms your identity using a physical device as the second factor when you log on to web-based services. Everyone in the MIT community is required to use Duo to access Touchstone-enabled applications and websites, such as Atlas, Canvas, Zoom, and the Prisma Access Virtual Private Network (VPN).

Information Systems and Technology (IS&T) has some suggestions for using Duo to maximize your online security and convenience.

Register multiple devices

IS&T strongly recommends that you register at least two devices for use with Duo. If the primary device you use is lost, damaged, or stolen, you will still be able to log in with the second one. You can register devices for Duo on the MIT Duo Security Account Management page. This Knowledge Base (KB) article has instructions for registering devices with Duo.

What devices to register

While many people use the Duo app on their mobile phones to authenticate themselves, you can also use it on an internet-enabled tablet. But you don’t need a smart device with a data plan to use Duo. You can register landlines and non-smart mobile phones and authenticate via a phone call or a text message.

Another option is to use a YubiKey, a small hardware token that plugs into your computer’s USB port. IS&T offers YubiKeys (for USB-A or USB-C ports) to community members at no cost. You can use the Duo Token Request Form to request one.

Authenticate with your Apple Watch

If you have an Apple watch and your iPhone is registered for use with Duo, you can use it to authenticate yourself to MIT services.

No internet? No problem

If you use the Duo app, it can generate a one-time passcode on your smartphone or tablet that you can use to authenticate, even if your device is not connected to the internet.

Login faster

The first time each day that you login to an MIT service or webpage that is Touchstone-enabled, you will be prompted to authenticate using your Duo device. For convenience, you have the option to check the box that allows Touchstone to remember you for 30 days. For more information on this option, visit the related FAQ in the KB.

Change your Kerb password

Another benefit of Duo is that it allows you to change or reset your Kerberos password by sending a notification to a registered, push-capable device (e.g., your smartphone).

Find out more

To learn more about two-factor authentication, see IS&T’s Duo Security page or visit Duo Authentication in the KB.

If you have questions or need help, contact the IS&T Service Desk.