Understanding Alternative Authentication Devices for Duo

Overview

Multifactor authentication, provided by Duo Security, adds another layer of security to your online accounts when using Pitt Passport by requiring two “factors” to verify your identity when you log in to a service: something you know (such as your password) and something only you have (such as your mobile phone, on which you will receive a login confirmation notice). 

When possible, we encourage you to use Duo Push on your compatible smartphone, tablet, or Apple Watch because it is the fastest, most efficient, and most secure authentication method. 

Tip: You can also generate a passcode at any time from within the Duo Mobile app, even without a WiFi or cellular data connection. Just click on the University of Pittsburgh account drop-down menu and a code will be generated for you.

If the Duo Mobile application is not a practical authentication option for your situation, or if you are looking to register a second authentication device, consider the following alternatives:

  • Cell Phone or Landline
  • Hardware Token
  • Security Key
  • Touch ID

 

Alternative Authentication Options

Cell Phone or Landline
Hardware Token

Duo-branded OneSpan Digipass Go6 hardware token

Hardware tokens are the most basic way of authenticating and are not recommended for most users. 

Only Pitt-issued hardware tokens can be used with Duo to access Pitt resources.

The Drop-In Support Desk offers Duo-branded OneSpan Digipass Go6 hardware tokens to individual users whose circumstances have been deemed appropriate.

Examples of appropriate circumstances include:

  • international travel
  • shared access to sponsored/resource accounts
  • unreliable phone access or service
  • secure work environments
  • ADA compliance.

If you feel a hardware token makes sense for your situation, contact the Technology Help Desk or stop by a Drop-In Support Desk location with your Panther Card (Pitt-issued ID).

Departments or groups interested in medium-to-large scale deployments (12 or more) of Duo hardware tokens should contact the Technology Help Desk.

While it is STRONGLY recommended to register more than one device or method, hardware tokens will not be issued as a "just-in-case" backup authentication method outside of appropriate circumstances. If you are interested in a hardware token but do not feel that your circumstances would be deemed appropriate, you may want to consider a security key.

Note: Tokens can get "out of sync" if the button is pressed too many times in a row and the generated passcodes aren't used for login. You can attempt to resync by following these instructions (the Pitt Hardware Tokens are "HOTP" devices). If you need assistance with this or another issue with a Duo hardware token, bring it to a Drop-In Support Desk location.

Security Key

Several security keys

Duo supports security keys, offering secure login approvals resistant to phishing attacks combined with the one-tap convenience you're already used to with Duo Push.

What are Security Keys?

A security key plugs into your USB port and when tapped or when the button is pressed it sends a signed response back to Duo to validate your login. Duo uses the WebAuthn authentication standards to interact with your security keys. You may also see WebAuthn referred to as "FIDO2".

Security Key Requirements

In order to use a security key with Duo, make sure you have the following:

  • A supported browser (Chrome 70Firefox 60Safari 13 or later), or Microsoft Edge 79 or later. Support for authentication is limited to web applications that show Duo's inline browser prompt.
  • An available USB port.
  • A supported USB security key. WebAuthn/FIDO2 security keys from Yubico or Feitian are good options. Duo does not support U2F-only security keys (like the Yubikey NEO-n). Pitt does not provide security keys to users.
Touch ID
Print Article

Related Articles (3)

Getting Help at a Pitt IT Drop-In Support Location
Drop-In Support provides hands-on help for the personal devices of students, faculty, and staff.
My Duo Token Isn't Working
What do do if your Duo hardware token stops working
Setting Up Multifactor Authentication with Duo
Get started with multifactor authentication, provided by Duo Security.

Related Services / Offerings (2)

Drop-In Support
IT SERVICE DELIVERY AND SUPPORT Pitt IT provides Drop-In Support to provide hands-on help for the personal devices of students, faculty, and staff.
Duo Multifactor Authentication
IDENTITY AND ACCESS MANAGEMENT Duo provides multifactor authentication to add another layer of security to your online accounts.