Frequently Asked Questions about Multifactor Authentication (Duo)

  1. What is Multifactor Authentication? 
  2. How does Multifactor Authentication work?
  3. Why should I use Multifactor Authentication?
  4. Do I have to use Multifactor Authentication to access my account?
  5. What devices are supported to register for Multifactor Authentication?
  6. How do I get started?
  7. How many devices can I enroll in Multifactor Authentication?
  8. How do I manage or edit my Multifactor Authentication devices?
  9. How do I set up automatic Duo Push/Call notifications?
  10. I don’t have my Multifactor Authentication device with me. What can I do?
  11. Which University services or systems currently require Multifactor Authentication for login?
  12. What do I do if I get a Multifactor Authentication push notification on my device when I didn't log in?
  13. How do I authenticate with my smart phone app if I don't have cell signal, data, or Wi-Fi connection?
  14. Can I use the app on my smart phone without affecting my data plan?
  15. I replaced the phone that I had registered in Multifactor Authentication. What should I do now?
  16. What should I do since I lost my device that I use to authenticate with Duo?
  17. My account is locked out. What should I do?
  18. Why have I stopped receiving push notifications on the Duo Mobile app?
  19. My iOS mobile device is running an older iOS and I am unable to install the Duo Mobile application from the App Store. What do I do?
  20. What if I do not have a mobile device?
  21. How do Hardware Tokens work?
  22. Remember Me - set up DUO to require one login per day?

1. What is Multifactor Authentication? 

Multifactor Authentication provides an extra layer of security in addition to passwords. This additional step ensures that your information, transactions, or online work is safer from unauthorized access by requiring a second method of authentication, such as a phone, code or other registered device, to verify your identity. Even if someone obtains your password, they cannot access your account without having your registered Multifactor Authentication device.

2. How does Multifactor Authentication work?

Multifactor Authentication uses mobile technology to send an authentication request to your registered device. When you log into the CSU, Chico Portal with your CSU, Chico Portal ID, a notification will be sent immediately to your smartphone, SMS-capable cell phone, or other registered device. You simply tap "Approve" on the screen, which verifies that you are the person logging in, and your access will be available.

3. Why should I use Multifactor Authentication?

Multifactor Authentication provides extra protection for the sensitive information our systems contain in case you are a victim of phishing or hacking. If someone steals your credentials and tries to access your account, your user name and password will not be sufficient to log in. The thief will also need to have access to your device to complete the log in process. If someone else tries to log in to your account, you will be notified on your device and you can deny them access instantaneously.

4. Do I have to use Multifactor Authentication to access my account?

Multifactor Authentication is currently required for employees. Students will be enrolled in Multifactor Authentication in the coming weeks.

5. What devices are supported to register for Multifactor Authentication?

  • iOS devices (iPhone, iPad, iPod)
  • Android devices (phone, tablet)
  • Blackberry
  • Windows Phone 7
  • Windows Mobile
  • Other cell phones (non-smart phones) and landline telephones
  • Duo Hardware Tokens are available for purchase through departmental CAF - Request a hardware token

Request Access Here

6. How do I get started?

Once multifactor authentication with Duo is enabled for your account you will be prompted to enroll.

  1. It is recommended that you use your mobile device to go to the Apple App Store or Android App Store and download the Duo App.
  2. Use your registered device to verify your identity.
  3. Once your device is registered, your access will be secured through Multifactor Authentication.

** Make sure to add a secondary device so you don’t get locked out.

7. How many devices can I enroll in Multifactor Authentication?

Multifactor Authentication lets you register multiple devices to your account, so you can always access your account even if one device is temporarily unavailable. We recommend a maximum of three devices.

8. How do I manage or edit my Multifactor Authentication devices?

Go to the CSU, Chico portal page, and log in. DON’T SEND A DUO PUSH. Once you see the Multifactor Authentication push page on the top right-hand corner, click on My Settings->Devices->Add a new device.

9. How do I set up automatic Duo Push/Call notifications?

If you enable automatic Duo Push/Call for Two-step Login (Duo), the system will automatically send an authentication request, either via push notification to your Duo Mobile app or via a phone call to your device (depending on which you've selected). To enable this feature:

  1. In the Duo Control Settings panel, click "My Settings & Devices" and authenticate using your chosen device
  2. Scroll down to where it says "Default Device" and select the device you wish to use with automatic Duo Push/Call
  3. Click the drop-down menu under "When I log in" and select either "Automatically send this device a Duo Push" or "Automatically call this device"
  4. Click Save

10. I don’t have my Multifactor Authentication device with me. What can I do?

Contact Information Technology Support Services (ITSS) at or stop by MLIB 142 for assistance

11. Which University services or systems currently require Multifactor Authentication for login?

Users with access to the Common Finance System (CFS) or those that self-enroll will be configured to use Multifactor Authentication when logging in with any service using campus Shibboleth authentication. New systems will be added to this listing as services are added.

12. What do I do if I get a Multifactor Authentication push notification on my device when I didn't log in?

If you get a push notification from the Duo app that you did not request, that means someone else is trying to log in using your account and your CSU, Chico Portal account may have been compromised. Tap the Deny button in your Duo app. Then go to the CSU, Chico portal and use Account Center to change your password as soon as possible. This will ensure access to your account remains secure. Inform the ITSS Help Desk at or email itss@csuchico.edu immediately if this occurs.

13. How do I authenticate with my smart phone app if I don't have cell signal, data, or Wi-Fi connection?

If you cannot use a “Push” or “Call,” use a “Passcode.” You can generate a passcode by touching the green key in the Duo Mobile app. You can also generate a passcode with a token. If you don’t have the app or a token, use one of the back-up codes you had texted to you when you enrolled in Duo.

If you don’t have any passcodes and you can get a text, text yourself 10 new passcodes. On the Duo authentication webpage, select “Enter a Passcode,” then “Text me new codes” at the bottom of the page. (Note: If the “Enter a Passcode” option is unavailable, either push “Cancel” in the blue banner, or add a cell phone to your account.)

If none of these options work, please contact ITSS for assistance.

14. Can I use the app on my smart phone without affecting my data plan?

To use the app with no impact to your data plan, you must first connect to a wireless network. Then open the Duo Mobile app and tap the key icon to the right of “CSU, Chico”. A passcode (set of numbers) will appear. Using the passcode requires no data usage to your plan. Then log in to the system using the passcode.

15. I replaced the phone that I had registered in Multifactor Authentication. What should I do now? 

  1. If your phone number is the same:
  • If you use the phone call or text message option to authenticate with Multifactor Authentication, no action is required. You will authenticate with Multifactor Authentication exactly as you did on your old phone.
  • If you use the push option through the Duo Mobile app installed on your phone, you will need to reactivate Duo Mobile on your new phone. To do this you will need to add it as a new device. For instructions on adding a new device, see #8 above.
  1. If your phone number changed:
  • If you have an alternate/backup device enrolled in Multifactor Authentication: 
    • Log in to the Duo Enrollment website with your userID and password (needs validation)
    • From the Device drop-down menu, select your alternate/backup device, then click “Manage Devices” to authenticate using Duo
    • Use the Actions drop-down menu to delete your old phone, then click “Enroll another device” to enroll your new phone (see the Device Management Guide for detailed tutorials)

*If you do not have an alternate/back-up device enrolled, call ITSS at .*

16. What should I do if I lose my device that I use to authenticate with Duo?

Contact ITSS at immediately if you lose your phone or suspect it has been stolen. They will disable your phone from being able to authenticate with Multifactor Authentication and help you log in using another device.

17. My account is locked out. What should I do?

The most common reason your account is locked is because you have entered an incorrect password for your CSU, Chico Portal account or the Multifactor Authentication has failed at least 10 times. Please contact ITSS at or itss@csuchico.edu.

18. Why have I stopped receiving push notifications on the Duo Mobile app?

You may have trouble receiving push requests if there are Wi-Fi issues between your mobile device and Duo Security. Many mobile phones have trouble determining whether to use the Wi-Fi or cellular data when checking for push requests. Simply turning the phone to airplane mode and back to normal operating mode again often resolves these issues if there is a reliable Internet connection available. Similarly, the issue may be resolved by turning off the Wi-Fi connection on your device and using the cellular data connection. If these two methods do not resolve the issue, contact ITSS at or itss@csuchico.edu.

19. My mobile device is running an older OS and I am unable to install the Duo Mobile application from the App Store. What do I do?

You may need to upgrade to a newer iOS or Android version to install the Duo mobile app.

20. What if I do not have a mobile device?

Although use of the Duo Push app on a mobile device is recommended, Duo supports multiple device options including using your campus phone extension or hardware tokens.  To request a hardware token contact ITSS.

21. How do Hardware Tokens work?

Duo Hardware Tokens are available for purchase through inter-departmental CAF.  To request a Duo Hardware Token please submit a service request.

Duo tokens work with any browser and do not require a usb port. Duo tokens display a passcode at the touch of a button, but you must then type in the passcode.

  • A U2F USB Key that plugs into the computer and authenticates by touch may also be purchased. This type of token only works with the Chrome browser (currently).

22. Remember Me - Set up DUO to require one login per day?

To avoid being prompted by Multifactor Authentication multiple times a day on a trusted device, select the checkbox next to Remember me for 3 days during login.  Multifactor Authentication won't prompt you again for most campus services for the next three days. This is not recommended for shared devices.

If Remember me isn't available you can press Cancel when prompted for a Duo Push. You should then be able to select the Remember me checkbox, then Send Me a Push.

Limitations on Remember Me for 3 days:

  • It won't carry over between different computers
  • It won't carry over when you switch web browsers, like changing from Chrome to Firefox
  • It isn't available for all services
  • Due to some technical limitations, it may not carry over between different services
Was this helpful?
8% helpful - 13 reviews

Details

Article ID: 42526
Created
Tue 11/14/17 11:42 AM
Modified
Wed 10/20/21 11:09 AM