FAQ - Two-factor Authentication with Duo
Brief description of the service and overview of purpose of Q&A
- 1 Do I need a smartphone to use Two-Factor Authentication (2FA)?
- 2 What devices are supported by Duo Mobile?
- 3 Can I generate backup codes for when I don't have access to my devices?
- 4 I have an Apple Watch. Will it work with Two-Factor Authentication (2FA)?
- 5 How long do I have to enter my Duo security code or reply to a Push notification?
- 6 I seem to be locked out of the Two-Factor Authentication (2FA) service. What should I do?
- 7 What do I do if I get a Duo notification and I haven't attempted to log into any Lehigh system?
- 8 How do I set up an older cell phone, or use a smartphone without the Duo app installed?
- 9 What do I do if I don’t have my mobile phone with me?
- 10 I will be getting a new phone soon. How can I make a smooth transition to a new phone?
- 11 Can I reuse a passcode?
- 12 How long are passcodes good for?
- 13 I clicked on the 30 day checkbox -- why do I keep getting prompted for 2FA?
- 14 My phone was stolen, damaged, or lost. Now what?
- 15 I already have Duo setup at another institution, can I add Lehigh?
- 16 What data is stored by Duo Security?
- 17 How do I add or remove 2FA devices and manage my Duo settings?
- 18 I use a landline for Two-Factor Authentication (2FA), and I’m going away for a week. Can I still use the service?
- 19 Will Duo work while I’m traveling outside the U.S.?
- 20 I'm an international student/employee; how will Duo work for me?
- 21 I will be using the Internet only at wifi hotspots and won’t have cell phone access while traveling, will Duo still work?
- 22 I’m an employee who will be retiring soon. Will I be required to use 2FA after I retire?
- 23 Requested a push notification but did not receive one on iPhone?
- 24 How do I resolve Duo Prompt display issues (white screen, no fields) related to iOS or macOS content restrictions?
- 25 Mac version of Cisco AnyConnect does not allow setting the "30 Day" cookie in the Duo Authentication app
- 26 I'm using Chrome on my iPhone with cookies enabled, but it's still telling me to enable cookies to 'Remember me for 30 days'. How do I fix this?
- 27 How do I change my default authentication method?
Do I need a smartphone to use Two-Factor Authentication (2FA)?
A smartphone is the recommended device since the Duo Mobile app provides the greatest level of security and flexibility. The app can receive push notifications for easy, one-tap authentication. Duo Security offers multiple other ways to authenticate with Duo. Besides a smartphone, you can use a tablet, USB security key, or printed backup codes.
What devices are supported by Duo Mobile?
The Duo Mobile App is available on iOS, Android, and Apple WatchOS.
Can I generate backup codes for when I don't have access to my devices?
It is highly recommended that you generate and print backup codes that you can use when you do not have access to your other devices, such as phone. Connect to https://accounts.lehigh.edu/duocodes/generate to generate and print these codes. Remember to store the codes in a safe location such as your wallet.
I have an Apple Watch. Will it work with Two-Factor Authentication (2FA)?
Yes, it will work for 2FA. You will need to have an iPhone enrolled in the service, and then follow the set up instructions from Duo Security.
How long do I have to enter my Duo security code or reply to a Push notification?
The Duo 2FA prompt will remain on-screen for one minute before returning you to the login prompt.
I seem to be locked out of the Two-Factor Authentication (2FA) service. What should I do?
A user is automatically locked out when there are 10 consecutive failed log in attempts. This could happen if you don't respond to multiple push notifications, or if you selected the wrong device (calling an office landline when at home), or automatic log-in attempts by a 2FA-protected system when a user isn’t expecting them.
Once you have been locked out, you can call the LTS Help Desk (610-758-4357) for assistance in unlocking the account.
What do I do if I get a Duo notification and I haven't attempted to log into any Lehigh system?
This could be an indication that your account has been compromised. The first thing to do is change your password by visiting the Password Change page. After changing your password, please notify us by calling or emailing the Help Desk.
How do I set up an older cell phone, or use a smartphone without the Duo app installed?
(This option will no longer be available for new enrollments Dec. 1 and will be unavailable for all accounts beginning March 4, 2024)
Duo will work with any cell phone that can receive text (SMS) messages. When adding a device in this mode, first choose "Phone number" and on the next screen enter the phone number. After confirming the phone number you will be returned to the main Devices menu.
Now that your phone has been added, whenever you see the Duo Authentication screen, you can select "Text message passcode" as your authentication option. A new code will be sent via SMS to your phone immediately, just take a look in your phone's text message app.
What do I do if I don’t have my mobile phone with me?
It is highly recommended that you generate and print backup codes that you can use when you do not have access to your other devices, such as phone. Connect to https://accounts.lehigh.edu/duocodes/generate to generate and print these codes. Remember to store the codes in a safe location such as your wallet.
You can use a USB Security Key, available from YubiKey and other vendors. Again, this must be set up in advance. We have tested the following options.
I will be getting a new phone soon. How can I make a smooth transition to a new phone?
Steps to take for setting up a new phone.
STEP 1. Before wiping your old phone, go to go.lehigh.edu/duobackup to print out a new set of one-time-use bypass codes to help with enrolling your new phone. You can use these codes at other times too – if you lose, break, or forget your phone, for example. Keep them in your wallet or purse!
STEP 2. Once you have the codes, download the Duo Mobile app on your new phone.
You can also search Duo mobile in the Playstore or Apple Store and look for this icon:
STEP 3. Open a web browser and go to Duo Device Management. You may need to authenticate with Duo using the "Bypass Code" option.
STEP 4. You will see your existing iPhone or Android phone in the list of devices.
If your phone number will not change, choose "I have a new Phone" and follow the steps. You can scan the QR code or have an activation link texted to you.
If you have a new phone number, choose "Add a device" and follow the steps.
Can I reuse a passcode?
No. Passcodes are only good for a single use.
How long are passcodes good for?
Passcodes never expire. They last until they are used, or until you generate a new set.
I clicked on the 30 day checkbox -- why do I keep getting prompted for 2FA?
The “remember me” option is tied to a particular browser on a device. So if you are using a different browser, or a different device to login, you will need to check the box again.
My phone was stolen, damaged, or lost. Now what?
Ideally, you will have other options for authenticating. Did you set up the app on another cell phone, tablet, set up a security key, or print out backup codes at go.lehigh.edu/duobackup ? If not call or email the Help Desk for assistance removing the device from your account.
I already have Duo setup at another institution, can I add Lehigh?
Yes! Duo supports multi-factor authentication across many institutions. To add Lehigh, simply visit your Duo Options page and proceed with the setup until you see the QR code. Open the Duo Mobile app on your phone and tap on the "+" sign in the upper right corner. Point your phone's camera at the QR code and Lehigh is added! That's all there is to it.
What data is stored by Duo Security?
The only data stored by Duo Security is the client's Lehigh user ID (Duo does NOT know your password) and information about your second factor, such as a phone number (if using a phone for the service) or the serial number of your Duo Token (if not using a phone for the service).
How do I add or remove 2FA devices and manage my Duo settings?
I use a landline for Two-Factor Authentication (2FA), and I’m going away for a week. Can I still use the service?
(This option will no longer be available for new enrollments Dec. 1 and will be unavailable for all accounts beginning March 4, 2024)
Yes, you can forward your enrolled phone to another number (or add the other number temporarily at the 2FA self-service portal).
Will Duo work while I’m traveling outside the U.S.?
Yes, Duo will work from pretty much anywhere you can access the Internet. We recommend that you have the Duo mobile app installed on your phone while traveling. If you’re planning to travel without your phone please print out backup codes or set up a security key. Please contact us if you need assistance.
I'm an international student/employee; how will Duo work for me?
The Duo app will work internationally as long as you have cellular data, and is recommended as a primary authentication method. Generating backup codes or set up a security key to have handy when your connection may not be available is also recommended. Duo might be unavailable is countries sanctioned by the United States due to export control regulations. Contact the Help Desk for assistance in changing your phone number, installing the app, or obtaining a one-time use backup code.
I will be using the Internet only at wifi hotspots and won’t have cell phone access while traveling, will Duo still work?
(The Duo mobile generated passcodes, SMS, phone callback option will no longer be available for new enrollments Dec. 1 and will be unavailable for all accounts beginning March 4, 2024)
Yes, Duo Mobile application can be used to generate passcodes on airplanes or in remote regions where Duo Push, SMS-delivered passcodes, phone callback or cellular service may be unavailable or difficult to use. Duo Push can use a Wi-Fi connection to function. If you can access the Internet from your mobile device, you can receive push notifications.