Duo Frequently Asked Questions (FAQ)

Tags Duo FAQ

Overview

Below you'll find a selection of the most-frequently asked question for the Duo service.

 

FAQ

What is multifactor authentication?

Multifactor authentication is an additional layer of security designed to prevent unauthorized access to your information and University data, including confidential retirement account details, pay statements, or direct deposit information. It helps protect your privacy regardless of what type of device you use to access Pitt Passport services (for example, a desktop computer, laptop, tablet, or smartphone) and regardless of whether you access Pitt Passport services while connected to the University’s wired network, the University’s wireless network, or an external network. The University’s multifactor authentication solution provides several options for your second authentication factor, including options that enable you to use multifactor authentication when you are in an area without wireless access or cell phone service.

Will I need to use multifactor authentication to log in to the workstation in my office?

  • No. Multifactor authentication is required only for services that leverage Pitt Passport, the University’s single sign-on service. You will not need to use multifactor authentication to log in to your workstation.

What do I do if I receive a push notification or phone call when I have not tried to log in to a service?

  • You should deny the request and report it to the Technology Help Desk at 412-624-HELP (4357). Someone may have compromised your password and may be trying to use it to log in to services.

Should I register more than one smartphone, cell phone, tablet, or landline?

  • Yes. It is STRONGLY recommended to register more than one device or method: You will need to authenticate from your backup device/method in the case of a lost or stolen primary device, or if you have upgraded or purchased a new phone and have not registered it for multifactor authentication yet). If you forget or lose your primary device, you can still log in using your second (or third) device. There is no limit to the number of devices you can register. For instance, you might register your mobile phone as your primary device and your landline (office phone) as your secondary device.

I sometimes stop receiving push notifications on Duo Mobile. Why?

  • You may have trouble receiving push requests if there are network issues between your phone and Duo’s service. Many phones have trouble determining whether to use the Wi-Fi or cellular data channel when checking for push requests. If you experience issues receiving a Push request, try one of these steps to resolve it:
    • Turn your phone to airplane mode and back to normal operating mode again. This will often resolve the issue if there is a reliable internet connection available.
    • Turn off the Wi-Fi connection on your device and try using the cellular data connection.
    • Check the time and date on your phone and make sure they are correct. If the date and time on your phone are manually set, try changing your device's configuration to sync date and time automatically with the network.
  • If these suggestions do not resolve the issue, please contact the Technology Help Desk at 412-624-HELP (4357) for assistance. If you need to authenticate in the meantime, you can open the Duo Mobile app and tap the key icon to generate a passcode. Log in to a Pitt Passport service, select Enter a Passcode when you are prompted to use multifactor authentication, and enter the passcode you generated.

What if I am in a location that does not have cell phone service or Wi-Fi access? Can I still use multifactor authentication?

  • Yes. If you have a smartphone, you can generate a passcode by opening the Duo app and tapping the key icon, even if you are in a location without cell phone service or wireless access. Cell phone service is required if you have a non-smartphone and want to use the SMS (text) or Call Me option to log in.

Once I log in to a Pitt Passport service with multifactor authentication, do I need to continue to use multifactor authentication every time I access another service that leverages Pitt Passport?

  • No. As long as you leave a web browser open after you log in to a Pitt Passport service, you should only be prompted to use multifactor authentication once every 12 hours. However, if you close your browser session (or if you access a Pitt Passport service from a different browser or different device), you will be prompted to use multifactor authentication again.

What University services leverage Pitt Passport and therefore require multifactor authentication?

  • A growing number of University services are taking advantage of the security provided by the University’s single sign-on service, Pitt Passport. The list of enterprise services that use Pitt Passport includes, but is not limited to: My Pitt, Office 365 (including Exchange), Learning Management System (Canvas), Lecture Capture (Panopto), the Student Information System (PeopleSoft), Pitt Worx, PRISM, Cloud Storage (Box and OneDrive), EZ Proxy, Pitt CX Mobile, the Account Management site (accounts.pitt.edu), PittPAY, Career Development, Enterprise Lab Notebooks (LabArchives), Pitt eSignature (DocuSign), AskCathy Service Discovery, Collegiate Link, Talent Center, TIAA-CREF, On-Demand Training (LinkedIn Learning), Parchment, Document Management (Perceptive Content / ImageNow), Suitable, Microsoft Azure Dev Tools for Teaching (formerly Imagine), PittServes Volunteer Portal, MyHealth OnLine, Tableau, Faculty Information System (Elements), the Pitt App Store, and Gartner.

What do I do if I don’t have my device with me and need to log in?

  • You should always register more than one device. If you do not have either device with you and you need to log in, call the Technology Help Desk at 412-624-HELP (4357) for assistance.

I got a new phone. What do I need to do to enable it for multifactor authentication?

  • If you get a new phone and you keep the same phone number, you will need to re-activate Duo Mobile on that phone (see "Replace a Registered Device with a New Device" above). If you get a new phone with a different number, you will need to add it as a new device (see "Register an Additional Device" above for instructions). You should remove the previous device if you are no longer using it (see "Remove a Device You Have Registered" for instructions).

I lost my phone. What should I do?

  • If you have registered a second device, you should log in with that device and remove the device you have lost from your list of registered devices (see the "Remove a Device You Have Registered" for instructions). *Remember: It is STRONGLY recommended to register more than one device or method: You will need to authenticate from your backup device/method in the case of a lost or stolen primary device, or if you have upgraded or purchased a new phone and have not registered it for multifactor authentication yet.
  • In the event you have lost access to ALL of your Duo Multi-factor devices, please contact the Pitt IT Technology Help Desk. Our Help Desk analysts will assist you in removing the lost device and allow you to register a new one.

I do not have a smartphone or cell phone and I do not want to use my landline as my multifactor authentication device. What options are available to me?

  • Options for registration other than mobile phone or landline are: tablet (iPad, Nexus 7, etc.), security key (YubiKey, Feitian, etc.), or touch ID. Follow the instructions in the Register an Additional Device section above. Remember to remove any unused methods for registration.

I work in a location with a shared landline (for example, a lab). What options are available to me?

  • If you cannot register a smartphone or cell phone and you only have access to a shared landline, the best option is to register a tablet (iPad, Nexus 7, etc.), security key (YubiKey, Feitian, etc.), or touch ID. Follow the instructions in the Register an Additional Device section above. Remember to remove any unused methods for registration.

I am setting up multifactor authentication, but when I scan the barcode, I receive a message that reads "Activation Link Expired". What should I do?

  • You will need to reactivate Duo Mobile on your device. To do so, log in to accounts.pitt.edu. You will need to use multifactor authentication on your second (backup) device to log in. If you do not have a second device registered for multifactor authentication, please call the Technology Help Desk at 412-624-HELP (4357) for assistance. When the multifactor authentication window displays, click My Settings & Devices in the left-hand column, choose your secondary device, and choose an authentication method. Once you have successfully logged in, click Device Options next to the device you want to reactivate, and click Reactivate Duo Mobile. Complete the steps in the activation wizard to reactivate your device. 

Where can I find additional instructions and help documentation?

Details

Article ID: 725
Created
Tue 2/27/24 9:45 AM
Modified
Tue 2/27/24 9:55 AM

Related Articles (4)

Authentication Options for Duo
The authentication options available when logging into Duo
Choosing What Type of Device to Register
A guide to understanding and choosing a multifactor option to register with Duo
Setting Up Multifactor Authentication with Duo
Get started with multifactor authentication, provided by Duo Security.
What Happens if I Become Locked Out of Duo?
What to do if you get locked out of Duo