MFA-Duo - Best Practices for Using Duo

This document will highlight the best practices for using MFA Duo.

1. Register more than 1 device or generate backup codes for future use

If you've ever been in a situation where you don't have your MFA device with you, you know this can be a major inconvenience. Give yourself some options ahead of time so you don't get into a bind:

Generating Backup Codes for Future Use

  1. Navigate to the Duo Device Management Portal at www.mfa.wisc.edu. Authenticate with your UW-Madison NetID and Password. You will also be asked to approve the login through your existing multi-factor authentication devices.
  2. Click the Backup Passcodes box
  3. BUP-001-Box.png

  4. Click on the Get Passcodes box to generate new passcodes
  5. BUP-002-BUPasscodes.png

  6. Click on View and Print Passcodes
  7. BUP-003-ViewandPrint.png

  8. Click Print to print your passcodes or write them down if you do not have access to a printer
  9. BUP-004-Print.png


Handling Your Backup Codes

  • Backup codes should be stored in a secure but accessible location (such as a locked drawer or cabinet) while not in use.
  • Generating new backup codes will invalidate your previous backup codes.
  • Backup codes will expire after four months; The expiration date is displayed on the print-out below the passcodes.
  • Each code can only be used once so we recommend crossing them off as you use them.

Adding another device:

  1. Navigate to the Duo Device Management Portal at www.mfa.wisc.edu. Authenticate with your UW-Madison NetID and Password. You will also be asked to approve the login through your existing multi-factor authentication devices.

  2. Click Add Another Device.

    my_devices.PNG

  3. Follow the instructions specific to the device type you would like to add.

    1. Select Mobile Phone then press Continue.

      Duo1-Whatdevicemobile.png

    2. Enter the phone number of the device. Next, verify this is the correct number of the device by checking the box. Now press Continue.

      Pick Mobile Phone

    3. Select the type of phone that the number is associated with and press Continue.

      duo_what_type_of_phone.PNG

    4. Download the Duo Mobile Application for your device:

    5. Configure the Duo app on your mobile device:

      1. Open the Duo App on your phone.

        Note: After opening the Duo app, you may be asked to accept notification and camera privileges. Click Allow if prompted.

      2. Tap the plus sign button.

      3. Scan the QR code on the screen.

        Duo8-ScanbarcodeiOS.png

    1. Select Tablet then press Continue.

      Duo1.1-WhatdeviseTablet.png

    2. Select iOS or Android (depending on your device) then press Continue.

      Pick Tablet

    3. Download the Duo Mobile Application for iOS or Android:

    4. Open the Duo App on your tablet.

    5. Tap the plus sign button.

    6. Scan the QR code on the screen.

      Scan QR

      Note: You will need to obtain a token before you can register it. Contact your unit's Implementation Partner to find out how to obtain a token. It is very important that you not press the token button repeatedly prior to registering your token. This may cause the token to become out of sync and you will not be able to register it.
      1. Go to https://go.wisc.edu/token.
      2. Log in with your NetID and password.
      • Note: If you've already registered a device and are using MFA Duo, you'll be prompted to login with your NetID twice, then be prompted for MFA Duo.
    • You'll see a page similar to this:
    • Register token
    • Enter the Token Serial Number in the appropriate field. Be sure to enter the dashes.
    • Press the Green button on the front of the token and enter the 6-digit passcode.
    • Click Register Token/Fob.
    • The token will now be registered with your account. Please note that you will not have to start using the token until you are required to start using MFA Duo.
  4. The device has been added. You should now see it on the Duo Device Management Portal.

Adding another device:

  1. Navigate to the Duo Device Management Portal at www.mfa.wisc.edu. Authenticate with your UW-Madison NetID and Password. You will also be asked to approve the login through your existing multi-factor authentication devices.

  2. Click Add Another Device.

    my_devices.PNG

  3. Follow the instructions specific to the device type you would like to add.

    1. Select Mobile Phone then press Continue.

      Duo1-Whatdevicemobile.png

    2. Enter the phone number of the device. Next, verify this is the correct number of the device by checking the box. Now press Continue.

      Pick Mobile Phone

    3. Select the type of phone that the number is associated with and press Continue.

      duo_what_type_of_phone.PNG

    4. Download the Duo Mobile Application for your device:

    5. Configure the Duo app on your mobile device:

      1. Open the Duo App on your phone.

        Note: After opening the Duo app, you may be asked to accept notification and camera privileges. Click Allow if prompted.

      2. Tap the plus sign button.

      3. Scan the QR code on the screen.

        Duo8-ScanbarcodeiOS.png

    1. Select Tablet then press Continue.

      Duo1.1-WhatdeviseTablet.png

    2. Select iOS or Android (depending on your device) then press Continue.

      Pick Tablet

    3. Download the Duo Mobile Application for iOS or Android:

    4. Open the Duo App on your tablet.

    5. Tap the plus sign button.

    6. Scan the QR code on the screen.

      Scan QR

      Note: You will need to obtain a token before you can register it. Contact your unit's Implementation Partner to find out how to obtain a token. It is very important that you not press the token button repeatedly prior to registering your token. This may cause the token to become out of sync and you will not be able to register it.
      1. Go to https://go.wisc.edu/token.
      2. Log in with your NetID and password.
      • Note: If you've already registered a device and are using MFA Duo, you'll be prompted to login with your NetID twice, then be prompted for MFA Duo.
    • You'll see a page similar to this:
    • Register token
    • Enter the Token Serial Number in the appropriate field. Be sure to enter the dashes.
    • Press the Green button on the front of the token and enter the 6-digit passcode.
    • Click Register Token/Fob.
    • The token will now be registered with your account. Please note that you will not have to start using the token until you are required to start using MFA Duo.
  4. The device has been added. You should now see it on the Duo Device Management Portal.

Adding another device:

  1. Navigate to the Duo Device Management Portal at www.mfa.wisc.edu. Authenticate with your UW-Madison NetID and Password. You will also be asked to approve the login through your existing multi-factor authentication devices.

  2. Click Add Another Device.

    my_devices.PNG

  3. Follow the instructions specific to the device type you would like to add.

    1. Select Mobile Phone then press Continue.

      Duo1-Whatdevicemobile.png

    2. Enter the phone number of the device. Next, verify this is the correct number of the device by checking the box. Now press Continue.

      Pick Mobile Phone

    3. Select the type of phone that the number is associated with and press Continue.

      duo_what_type_of_phone.PNG

    4. Download the Duo Mobile Application for your device:

    5. Configure the Duo app on your mobile device:

      1. Open the Duo App on your phone.

        Note: After opening the Duo app, you may be asked to accept notification and camera privileges. Click Allow if prompted.

      2. Tap the plus sign button.

      3. Scan the QR code on the screen.

        Duo8-ScanbarcodeiOS.png

    1. Select Tablet then press Continue.

      Duo1.1-WhatdeviseTablet.png

    2. Select iOS or Android (depending on your device) then press Continue.

      Pick Tablet

    3. Download the Duo Mobile Application for iOS or Android:

    4. Open the Duo App on your tablet.

    5. Tap the plus sign button.

    6. Scan the QR code on the screen.

      Scan QR

      Note: You will need to obtain a token before you can register it. Contact your unit's Implementation Partner to find out how to obtain a token. It is very important that you not press the token button repeatedly prior to registering your token. This may cause the token to become out of sync and you will not be able to register it.
      1. Go to https://go.wisc.edu/token.
      2. Log in with your NetID and password.
      • Note: If you've already registered a device and are using MFA Duo, you'll be prompted to login with your NetID twice, then be prompted for MFA Duo.
    • You'll see a page similar to this:
    • Register token
    • Enter the Token Serial Number in the appropriate field. Be sure to enter the dashes.
    • Press the Green button on the front of the token and enter the 6-digit passcode.
    • Click Register Token/Fob.
    • The token will now be registered with your account. Please note that you will not have to start using the token until you are required to start using MFA Duo.
  4. The device has been added. You should now see it on the Duo Device Management Portal.

Adding another device:

  1. Navigate to the Duo Device Management Portal at www.mfa.wisc.edu. Authenticate with your UW-Madison NetID and Password. You will also be asked to approve the login through your existing multi-factor authentication devices.

  2. Click Add Another Device.

    my_devices.PNG

  3. Follow the instructions specific to the device type you would like to add.

    1. Select Mobile Phone then press Continue.

      Duo1-Whatdevicemobile.png

    2. Enter the phone number of the device. Next, verify this is the correct number of the device by checking the box. Now press Continue.

      Pick Mobile Phone

    3. Select the type of phone that the number is associated with and press Continue.

      duo_what_type_of_phone.PNG

    4. Download the Duo Mobile Application for your device:

    5. Configure the Duo app on your mobile device:

      1. Open the Duo App on your phone.

        Note: After opening the Duo app, you may be asked to accept notification and camera privileges. Click Allow if prompted.

      2. Tap the plus sign button.

      3. Scan the QR code on the screen.

        Duo8-ScanbarcodeiOS.png

    1. Select Tablet then press Continue.

      Duo1.1-WhatdeviseTablet.png

    2. Select iOS or Android (depending on your device) then press Continue.

      Pick Tablet

    3. Download the Duo Mobile Application for iOS or Android:

    4. Open the Duo App on your tablet.

    5. Tap the plus sign button.

    6. Scan the QR code on the screen.

      Scan QR

      Note: You will need to obtain a token before you can register it. Contact your unit's Implementation Partner to find out how to obtain a token. It is very important that you not press the token button repeatedly prior to registering your token. This may cause the token to become out of sync and you will not be able to register it.
      1. Go to https://go.wisc.edu/token.
      2. Log in with your NetID and password.
      • Note: If you've already registered a device and are using MFA Duo, you'll be prompted to login with your NetID twice, then be prompted for MFA Duo.
    • You'll see a page similar to this:
    • Register token
    • Enter the Token Serial Number in the appropriate field. Be sure to enter the dashes.
    • Press the Green button on the front of the token and enter the 6-digit passcode.
    • Click Register Token/Fob.
    • The token will now be registered with your account. Please note that you will not have to start using the token until you are required to start using MFA Duo.
  4. The device has been added. You should now see it on the Duo Device Management Portal.

2. Use the "Remember Me for 12 Hours" option

Having to use MFA Duo for every NetID login session can become tedious. Use the "Remember Me for 12 Hours" option to minimize the number of times you'll need to authenticate with MFA Duo:

In order to login with Duo Multi-factor Authentication, you must have first set up a device and linked it with your NetID. If you have not yet completed this, follow the instructions here: MFA-Duo - How to Enroll for MFA Duo for your NetID Login Account

  1. Navigate to a page that requires Duo Multi-factor Authentication after NetID login (e.g. MyUW).

  2. Authenticate with your NetID and Password.

  3. Before choosing an authentication method, check the box next to "Remember me for 12 hours".

    remember_me.PNG


Note: If the option is grayed out, your MFA-Duo authentication method is set up to automatically send a push;

You can still use "Remember me for 12 hours" without changing device settings by:

  1. Click cancel on your push request
  2. KB-001-Cancel.png

  3. Click "Remember me for 12 hours".
  4. Proceed with your MFA Duo login as usual by clicking Send Me a Push or Enter a Passcode.

UW-Madison strongly recommends you do NOT select 'Automatically send this device a Duo Push' so that you can easily take advantage of "Remember me for 12 hours" Follow the steps below to change your MFA-Duo settings:

Changing your settings to no longer default to Push

  1. Navigate to the Duo Device Management Portal.

  2. Authenticate with your NetID and password, and with MFA-Duo.

  3. Change the "When I log in" drop-down option to "Ask me to choose an authentication method."





    Keywords:iphone ios android samsung lg galaxy application edit remove 2 two factor auth authentication login request approve   Doc ID:80774
    Owner:Lisa B.Group:Multi-Factor Authentication (MFA)
    Created:2018-03-10 14:37 CSTUpdated:2018-11-14 15:06 CST
    Sites:DoIT Help Desk, Multi-Factor Authentication (MFA)
    Feedback:  0   0