About Two-Step Login (Duo) at IU

On this page:

Overview

Two-Step Login (Duo) provides an additional layer of security when you log in at IU. Also known as two-factor authentication, this helps protect sensitive data and guard against increasingly sophisticated email and online scams (for example, phishing attacks) that can leave you vulnerable to identity theft. IU has partnered with Duo to provide this service.

Important:
Logins for all IU students, faculty, staff, retirees, affiliates, and those with Academic (ACNP) status require Two-Step Login (Duo), including group or departmental accounts (but not IU Guest accounts).

Two-Step Login (Duo) does not protect your passphrase from being hacked, phished, or otherwise compromised. Think of it as a safety net that protects your accounts on IU services if your passphrase is compromised.

Even though Two-Step Login (Duo) can help protect your account, you should still choose a strong passphrase and take steps to protect it. If there is reason to believe your passphrase has been compromised, UITS will scramble it as a precaution.

First steps

Before you can log in, you'll need to enroll a device. UITS recommends using the Duo Mobile app on a smartphone or tablet, but if you don't have such a device, devices with Touch ID, and USB security keys are also supported. Single-button hardware tokens are also available.

Note:
If you have a special exception to use Duo telephony features, see the SMS or phone instructions in About Duo telephony features.

For step-by-step instructions for enrolling all supported types of devices, see Get started with Two-Step Login (Duo) at IU.

Enroll multiple devices to ensure alternative methods of two-step login, in case you are separated from your main device. For more, see If your Two-Step Login (Duo) device is not with you, or is lost or stolen.

Use Two-Step Login (Duo) to log in

With Two-Step Login (Duo), you log in by:

  1. Entering your username and passphrase.
  2. Confirming your login with an enrolled device.
Important:
As of August 1, 2023, staff employees use Duo Verified Push; see below for details.
Note:
You can reduce the number of times you need to complete a login with Duo if you're logging in on a device that isn't shared with others. You may see any of the following:
  • A Remember me checkbox on the initial Duo login screen
  • Yes, trust browser
  • Yes, this is my device

Choosing any of these will temporarily suspend Duo prompts from the browser you're using.

Duo Universal Prompt

In July 2022, Duo provided a simplified experience called Duo Universal Prompt to help you log into your applications faster than before. This includes a refreshed login screen:

Duo Universal Prompt login

Log in with Duo Verified Push

Important:

Staff employees use Duo Verified Push as of August 1, 2023.

Technical requirements for Duo Verified Push

To log in with Duo Verified Push, you need the Duo Mobile app on your device. To download the app, you need to be running:

If you don't have a device that meets those requirements, you can select Other options at the bottom of the prompt and log in with a security key, hardware token, Duo Mobile passcode, or Touch ID. If you currently have a special exception to use text messages or phone calls to log into Duo, you can continue using those methods instead.

Accessibility concerns

Some members of the initial group using this feature have found accessibility issues with Duo Verified Push. If you have concerns about accessibility, contact the Support Center or your IT Pro to request assistance or an exception, if necessary.

Opt in to Duo Verified Push

If you're not yet in the Duo Verified Push group, you may opt in using the Duo Verified Push Opt-In form. However, if you opt in, you will not be able to opt out unless you have a valid reason to request an exemption. Contact the Support Center or your IT Pro if you have questions or need assistance.

For applications that use the universal prompt, users who are part of the Duo Verified Push group will receive a prompt to log in using Duo Verified Push, which can reduce the chance that a push sent by an unauthorized person will accidentally be approved.

With Duo Verified Push, to log in:

  1. Enter your username and passphrase.
  2. Enter a code shown on the screen of the device you are logging in from into the Duo Mobile app on your authentication device (phone, tablet, or compatible smartwatch).
    Note:
    If you are logging in with an Apple Watch, you may enter numbers by drawing them on the face of the watch, or you can press the prompt button and speak the numbers aloud.

The following screenshot shows a sample of what you might see in the system you're logging into; the actual Duo Verified Push prompts will have a different three-digit code each time you log in. The second image below shows what you would see on a smartphone; you'll type the three-digit code into the three boxes.

Sample Duo Verified Push prompt showing a three-digit code to enter into the Duo Mobile app

Screenshot of the Duo Mobile app, showing three boxes for input of the login code

To see how this works, visit this interactive demonstration to try Duo Verified Push.

Video tutorials

Related documents

Help for Two-Step Login (Duo)

This is document beum in the Knowledge Base.
Last modified on 2023-08-02 16:56:14.