Duo Two-Factor Authentication

 

 

 

 

 

 

 

Advisory: February 17, 2025 will be the last date of support for Duo Mobile on iOS 15. Effective February 17, 2025, iOS 16 will be the minimum supported version for Duo Mobile.

Recent Changes 

On October 17th 2024, UIT will be upgrading the current Duo 2FA service with an additional layer of security. For more information on the new security enhancements, please visit the links below:


Overview

2FA is required for all active student, staff, faculty, sponsored affiliates accounts and retirees to promote a safer online environment and to help safeguard York and the community's information security and privacy. This is particularly important during the pandemic and resultant remote working/learning, which has seen a dramatic increase in cyber-criminal activity and risk.

Helpful tips:
- When you first setup Duo 2FA, we recommend you enroll using the Duo Mobile App as your primary authentication factor. Please do not enroll using Touch ID, Android Biometrics, or Windows Hello. These factors can be used as supplementary authenticators once initial enrolment is complete. For more information, please read this FAQ.
- Duo and Touch ID can only be used for web-based logins and will only work in Google Chrome 70 or later.
- Enable the 30-day "Remember Me" option by checking the box at login time to reduce how often 2FA is required on a particular trusted device.
- If you have multiple accounts and want to use the same authentication device, please read this FAQ.

What is 2FA?

Two-factor, two-step, or multi-factor authentication (MFA) is a security process that requires you to use two different authentication factors (methods) to verify your login. Think of your first factor as the lock on the front door of your house and the second factor as the door's deadbolt. The first factor is your Passport York password, and the second factor is a push notification, a code or call sent to your cellphone or a physical security key inserted into your computer. Two-factor authentication is the most effective way of protecting both your credentials and the resources you access with those credentials. With two-factor authentication, you can ensure that all your data remains safe, even if your password is compromised.

Why Do I Need This?

Two-Factor authentication adds an additional layer of protection to your accounts and the data you access through them. The easiest way for malicious hackers and phishers to access York's systems and data is by hijacking your account. With two-factor authentication, you are protecting yourself and your community against these sorts of attacks and ensuring each link in our security chain is strong.

How Does It Work?

  1. Enter your Passport York username and password
  2. Use one of the Duo Supported Devices to verify your identity
  3. You are securely logged in

When will I be prompted to authenticate with 2FA?

After you complete your 2FA Setup, you will be prompted to authenticate with 2FA every time you log in to Passport York web services and Office 365.

When will 2FA be activated?

Active Staff, Faculty and Students have been activated for 2FA as of April 2021.

New Students, Staff and Faculty members are activated on a daily basis.
Duo Mobile Compatible Devices

To use Duo Mobile, you will need either an Android or iOS device. The Mobile App with Android Version 10.0 and above, as well as, iOS 14.0 and above.

Helpful Resources & Information

UIT recommends enrolling for Duo 2FA using the Duo Mobile app on your smartphone for ease of use and best experience. Please do not enroll using Touch ID, Android Biometrics, or Windows Hello. These factors can be used as supplementary authenticators once initial enrolment is complete. If you don't have a smartphone, you can order your Duo hardware token at the YorkU Bookstore. When completing your Duo token order, please use your York University email address.

Once two-factor authentication is activated for your account, you have 14 business days to complete your setup. If you've ordered a duo token, your grace period will be extended to 30 days.

Please note that the instructions on this page are intended for first-time setup of 2FA. If you have already completed your setup, and want to add additional devices, please stop and read the FAQ on "How to add a new device?"

 

To begin, please choose one of the instructions below.

An Introduction to Duo Security

 

Authenticate with Duo Mobile (Android)

 

Authenticate with Duo Mobile (iPhone)

 

Authenticate with Duo Hardware Tokens

 

Authenticate with Mobile Passcodes

 

Authenticate with By-pass Codes

 

Authenticate with U2F

 

How to Enroll and Use Touch ID with Duo