Duo Multi-Factor Authentication
What is Multi-Factor Authentication?
Multi-factor authentication (MFA) requires you to verify your identity using one or more factors in addition to username+password, such as your phone or other mobile device. This process prevents anyone but you from logging in, even if they know your password.
How does Duo work?
This video helps illustrate how the process will work.
Why are we implementing MFA?
Multi-factor authentication will add an additional layer of security to LC State accounts. Passwords are increasingly easy to compromise. They can often be stolen, guessed, or hacked - you might not even know someone is accessing your account. Multi-factor authentication helps keep your account secure even if your password is compromised.
What is the timeline and scope?
Email (Office 365) | Colleague | Other applications to follow
Duo was applied to Office 365 on 2/15/2023 and Colleague is scheduled for 6/2/2023. Other applications that use the LC State username and password will be added later. Throughout the deployment, IT will seek to minimize disruption to your routines and workflows, while gradually introducing the security enhancements provided by multi-factor authentication.
How do I get started?
New employees will receive a prompt to enroll when signing into their email. You can watch this 35 second video to get a quick demo of the enrollment process.
If you would rather use a security key instead of a smartphone then contact [email protected]. There is a $90 charge for the security key.
What if I don't enroll by deadline?
MFA will be activated on 2/15/2023 and if you have not enrolled in Duo by then, you will be prompted to enroll the next time you access your Office 365 applications. Please enroll by 2/15 to prevent disruption to your account.
What should I choose for a second factor?
We strongly recommend you choose your smartphone as it provides the best experience with Duo multi-factor authentication. This device will need to be with you when you need to access your Office 365 applications.
- Install the Duo Mobile app on your smartphone, smart watch or tablet. The app provides two options: push notifications or Mobile Passcode.
If you are unable to download the Duo Mobile app because your smartphone is not supported, choose not to use your smartphone, or do not have a smartphone, then you can utilize a USB security key. The security key will be purchased by your department and costs $90.
How often will I be prompted for a second factor?
The policy is set to every 14 days, but some circumstances may require you to log in more often, including: clearing the browsing history; accessing certain websites; using certain browser settings; using more than one device and web browser.
What if I forget or lose my two-factor device?
If you don't have your two-factor device, contact the Help Desk to request a temporary bypass code to log in. If you lose your two-factor device, contact the Help Desk immediately so we can disable your device and work with you to determine a backup method.
What should I do if I don't get a notification I'm expecting?
Open the Duo Mobile app and the push should be there waiting. If it still doesn't appear right away, you can "drag" the Duo Mobile screen down to force a refresh and the prompt should appear as expected. Also check "Notifications" on your phone to make sure you are allowing Duo Mobile to notify you.
What do I do if I get a random Duo Push when I'm not trying to log in?
If you get a random Duo Push, use the ‘Deny’ button to reject the Duo multi-factor authentication, then push ‘Yes’ to report the push as fraudulent, and report it to the Help Desk so we can reset your password. Never authorize a Duo Push if you did not initiate it. If you receive an unexpected Duo Push it could be a malicious actor who has your password and is trying to access your account.