Available options for authentication in DUO Everywhere (MFA-DUO)


Yale University Information Technology Services (ITS) recommends everyone have at least two options set up for multifactor authentication (MFA); there is no limit to the number of eligible devices you may add to your MFA account. MFA lets you link multiple devices to your account, so you can use your mobile phone, a landline, and a hardware token as your second factor. You have the option to define which device is the default, set a device to automatically receive authentication attempts, and rename devices.

See DUO Everywhere (MFA-DUO): Enrolling and managing devices for instructions on enrolling devices.

Eligible devices for DUO MFA include

Authentication methods

Push

DUO Push is the easiest and quickest way of authenticating. You'll get a login request sent to your phone — just press Approve to authenticate. This method requires the DUO mobile app to be activated on an enrolled device. See DUO Everywhere (MFA-DUO): Enrolling and managing devices for directions to enroll a device or activate DUO Mobile on an already enrolled device.

Passcode

From within the DUO Mobile app, tap the Yale University account to generate a passcode. A six-digit rolling passcode will be displayed with a 30-second duration. This works anywhere, even in places where you don't have an internet connection or can't get cell service. 

Back-Up Codes

To obtain backup codes, Call the Help Desk at 203-432-9000.

Phone Call

Select the Call Me button on the DUO Prompt and DUO will call your phone. The status bar at the bottom of the DUO Prompt updates at each step of the process. Answer the call and listen to the instructions to authenticate. The DUO Prompt's status bar also tells you how to approve the request over the phone.

DUO Hardware Token

Similar to a passcode, a six-digit passcode will be generated when pressing the button on the hardware token. This works anywhere, even in places where you don't have an internet connection or can't get cell service. 

Authentication devices and their supported methods of authentication

Common Authentication Questions

How long does authentication last? 

You will be required to use MFA every time you log in, when on and off campus.  MFA authentication will last for the lesser of your browser session or 24 hours. You will have the option to remember your device for 90 days.

How can I log into a CAS-protected resource or VPN while on an airplane equipped with wifi?

This experience will be the same no matter what off-campus location you are trying to log in from. You will be required to authenticate with MFA. In the case where a Push is not working, you can generate a Passcode with the DUO Mobile app on your phone, or with a DUO Hardware token.

How can I get a DUO Hardware token?

While the other authentication methods are strongly recommended (Push, Phone Call, Passcode, etc.), in cases where a DUO hardware token is required, please visit a Walk-In Center or contact the ITS Help Desk. Note: Tokens must be picked up by the individual to which they are assigned. 

Does it cost me money to authenticate with my phone?  

Push authentication uses a very small amount of Internet data traffic (a few kilobytes per login) to function.  Voice calls are sent only when you request them and are billed by your carrier like any other text message or inbound voice call. The DUO mobile app also works like a DUO hardware token and can generate a passcode; this functionality will not require any data and works when your smartphone is in “airplane” mode. 

How does DUO choose which default authentication option to use?

The first time you authenticate, DUO will default to the most secure option available, for most users this will be DUO Push.  

If a user selects an alternate option, DUO will remember your selected authentication method and that will be the new default.

DUO will remember default authentication selections for each device and application.