Optimize your use of Duo two-factor authentication
February 25, 2020
Jess Archer and Robyn Fizz
Share |
Duo at work
Image: Duo

Duo is a two-factor authentication service. It offers a second layer of security, in addition to your password, that confirms your identity when you log on to web-based services. Duo uses a physical device as the second factor: options include mobile phones, tablets, landlines, and hardware tokens called YubiKeys.

Everyone in the MIT community is required to use Duo to access Touchstone-enabled applications and websites, such as Atlas and WebSIS.

Register two devices

You can register devices for Duo on the MIT Duo Security Account Management page: it is best to register two devices. If the primary device you use is lost or stolen, you will still be able to log in with the second one. For help registering two devices, visit this Knowledge Base page.

What devices to register

While many people use a Duo app on their mobile phones, you don’t need a smartphone with a data plan to use Duo. Other options include using an internet-enabled tablet, receiving a phone call or a text message, or using a YubiKey, a small device that goes into your computer’s USB port. IS&T provides YubiKeys to community members at no cost. You can pick one up in the Atlas Service Center (E17-106) or use the Duo Token Request Form to have one delivered to you.

Duo can even generate a one-time passcode on your smartphone that you can use to authenticate yourself, even if your phone is not connected to the internet.

A faster login

The first time each day that you login to an MIT service or webpage that is Touchstone-enabled, you will be prompted to authenticate using your Duo device. For convenience, you have the option to check the box that allows Touchstone to remember you for 30 days. For more information on this option, visit the related FAQ in the Knowledge Base.

More uses

Another benefit of Duo is that it allows you to change your Kerberos password by sending a notification to an enrolled, push-capable device (e.g., your smartphone).

You can also connect to the Cisco AnyConnect VPN using Duo. For instructions, visit the relevant pages in the Knowledge Base for Windows and Macintosh users.

Find out more

To learn more about two-factor authentication, see IS&T’s Duo Security page. If you have questions or need help, contact the IS&T Service Desk at servicedesk@mit.edu or 617.253.1101. You can also submit a request online

1 Comment

|Login to Comment on this story

uri@mit.edu | Mar 10, 2020 | 10:37 PM

Two-factor is great. It would be even better if you added support for FIDO2 (or U2F). It is very convenient with Yubikeys, and has been in since later Yubikey NEO and Yubikey 4.