Duo Two-Factor Authentication - Original - March 8 2021

 

 

 

 

 

 

 

Overview

Two-factor, two-step, or multi-factor authentication (MFA) is a security process that requires you to use two different authentication factors (methods) to verify your login. Think of your first factor as the lock on the front door of your house and the second factor as the door's deadbolt. The first factor is your Passport York password, and the second factor is a push notification, a code or call sent to your cellphone or a physical security key inserted into your computer. Two-factor authentication is the most effective way of protecting both your credentials and the resources you access with those credentials. With two-factor authentication, you can ensure that all your data remains safe, even if your password is compromised.

Why Do I Need This?

Two-Factor authentication adds an additional layer of protection to your accounts and the data you access through them. The easiest way for malicious hackers and phishers to access York's systems and data is by hijacking your account. With two-factor authentication, you are protecting yourself and your community against these sorts of attacks and ensuring each link in our security chain is strong.

How Does It Work?

  1. Enter your Passport York username and password
  2. Use one of the Duo Supported Devices to verify your identity
  3. You are securely logged in
Helpful tip: Enable the 30-day "Remember Me" option by checking the box at login time to reduce how often 2FA is required on a particular trusted device.

 

When will 2FA be activated?

The enrollment of Duo 2FA will begin on February 9th, starting with activation of those with surname beginning with "A", and proceeding alphabetically until all community members have been enrolled.

Surname Begins With Activation Date. Week of:
A February 09, 2021
B February 16, 2021
C & D February 23, 2021
E, F & G March 02, 2021

 

The schedule for the remaining surnames will be available soon.

 

Helpful Resources

Duo Mobile System Requirements for Android and iOS

Download the Duo Mobile App for Android (version 8.0+)  and iOS (version 12.0+)

UIT recommends enrolling your smartphone with the Duo app for ease of use and best experience. If you don't have a smartphone, you can order your Duo hardware token at the YorkU Bookstore. When completing your Duo token order, please use your York University email address.

Once two-factor authentication is activated for your account, you have 14 business days to complete your setup. If you've ordered a duo token, your grace period will be extended to 30 days.

To begin, please choose one of the instructions below.

2FA Setup with a Smartphone

If you do not have cellular data on your smartphone but have WiFi access, please follow the 2FA Setup with a Tablet instructions.

Step One: Login to Passport York
Go to Manage My Services and log in to Passport York

Step Two: Welcome Screen

To go through the setup process, please click Setup. Otherwise, click on Setup Later. You have up-to 14 business days to setup a device before login is permitted.

Click Start setup to begin setup your device.

Step Three: Choose Your Authentication Device Type

Select Mobile phone and click Continue.

Step Four: Type Your Phone Number

Select your Country from the drop-down list and type your phone number.

In the illustration below, we chose Canada

Use the number of your smartphone that you'll have with you when you're logging in to a Duo-protected service. Double-check that you entered it correctly, check the box, and click Continue.

Step Five: Choose Platform
Choose your device's operating system and click Continue.

Step Six: Install Duo Mobile

Duo Mobile is an app that runs on your smartphone and helps you authenticate quickly and easily.

On your smartphone, search for Duo Mobile in the Apps store (iPhone) or Google Play Store (Android). Follow the platform-specific instructions on the screen to install Duo Mobile.

After installing the app, return to the setup window and click I have Duo Mobile installed.

Step Seven: Activate Duo Mobile

Activating the app links it to your account so you can use it for authentication.

On iPhone and Android devices, activate Duo Mobile by scanning the barcode with the app's built-in barcode scanner. Follow the platform specific instructions for your device:

The "Continue" button is clickable after you scan the barcode successfully.

Helpful tip: If you want to receive a Duo Push every time, please click on the drop down menu3, choose Automatically send this device a Duo Push4 and Save5.

Otherwise, click on Back to Login.

Step 8: Congratulations!

Your device is ready to approve Duo push authentication requests.

Helpful tip: Enable the 30-day "Remember Me" option by checking the box at login time to reduce how often 2FA is required on a particular trusted device. Never enable this option on public or shared devices.

Click Send me a Push to give it a try. All you need to do is tap Approve on the Duo login request received at your phone.

If you have been assigned a Duo hardware token, click Enter a Passcode, press the green button on your Duo token, enter the passcode and click Log In.

If you need assistance or experience login problems after 2FA is activated, please contact askit@yorku.ca or your local IT support group.

2FA Setup with a Tablet

These instructions also apply for smartphones without cellular data but with WiFi access.

Step One: Login to Passport York
Go to Manage My Services and log in to Passport York

Step Two: Welcome Screen

To go through the setup process, please click Setup. Otherwise, click on Setup Later. You have up-to 14 business days to setup a device before login is permitted.

Click Start setup to begin setup your device.

Step Three: Choose Your Authentication Device Type

Select Tablet and click Continue.

 

 

 

 

 

Step Four: Choose Platform

Choose your device's operating system and click Continue.

 

 

 

 

Step Five: Install Duo Mobile

Duo Mobile is an app that runs on your smartphone and helps you authenticate quickly and easily.

On your smartphone, search for Duo Mobile in the Apps store (iPhone) or Google Play Store (Android). Follow the platform-specific instructions on the screen to install Duo Mobile.

After installing the app, return to the setup window and click I have Duo Mobile installed.

Step Six: Activate Duo Mobile

Activating the app links it to your account so you can use it for authentication.

On iPhone and Android devices, activate Duo Mobile by scanning the barcode with the app's built-in barcode scanner. Follow the platform specific instructions for your device:

The "Continue" button is clickable after you scan the barcode successfully.

 

 

 

 

 

Click on Continue to Login

Step Seven: Enter a Passcode

Helpful tip: Enable the 30-day "Remember Me" option by checking the box at login time to reduce how often 2FA is required on a particular trusted device. Never enable this option on public or shared devices.

Click Enter a Passcode

On your device, open the Duo Mobile App and tap on the York University to generate a one-time passcode. Then enter the passcode on your screen and click Log In.

 

 

 

 

 

Duo Mobile Passcodes are one-time codes and can be generated without an internet connection or cellular service.

If you need assistance or experience login problems after 2FA is activated, please contact askit@yorku.ca or your local IT support group.

2FA Setup with a Duo Hardware Token

To use a Duo token, you must first order one via the YorkU Bookstore. After receiving the token, use the steps below to complete the 2FA Setup.

Step One: Login to Passport York
Go to Manage My Services and log in to Passport York

Step Two: Welcome Screen

To go through the setup process, please click Setup. Otherwise, click on Setup Later. You have up-to 14 business days to setup a device before login is permitted.

Click Start setup to begin setup your device.

Step 3: Enter a Passcode

Helpful tip: Enable the 30-day "Remember Me" option by checking the box at login time to reduce how often 2FA is required on a particular trusted device. Never enable this option on public or shared devices.

Click Enter a Passcode.

 

 

 

 

On your Duo hardware token, press on the green button.

To correctly read the passcode, the DUO label is up

Enter the passcode and click Log In.

 

 

 

 

 

If you need assistance or experience login problems after 2FA is activated, please contact askit@yorku.ca or your local IT support group.

2FA Setup with a Security Key (Yubikey, Feitian, etc)

 

 

 

In order to use a security key with Duo, make sure you have the following:

 

Step One: Login to Passport York
Go to Manage My Services and log in to Passport York

Step Two: Welcome Screen

To go through the setup process, please click Setup. Otherwise, click on Setup Later. You have up-to 14 business days to setup a device before login is permitted.

Click Start setup to begin setup your device.

Step 3: Choose Your Authentication Device Type

Select Security Key and click Continue

 

 

 

 

 

Make sure that you are not blocking pop-up windows for the enrollment site before continuing

 

 

 

 

 

Step 4: Insert and tap your security key

 

 

 

 

 

 

Depending on your security key, you will need to tap, insert, or press a button on your device to proceed.

When enrolling your security key, you'll be prompted to tap to enroll your security key (possibly more than once). You may also be asked if you want to allow Duo to access information about your security key (click Allow or Proceed as applicable).
You will see whether the security key identification was successful or not.

Step 5: Security Key registered

Click on Continue to Login

Step 6: Authenticate

Helpful tip: Enable the 30-day "Remember Me" option by checking the box at login time to reduce how often 2FA is required on a particular trusted device. Never enable this option on public or shared devices.

 

 

 

 

 

Click Use Security Key

The illustration below was done on a windows system

 

 

 

 

 

Touch you security key to authenticate.

If you need assistance or experience login problems after 2FA is activated, please contact askit@yorku.ca or your local IT support group.

Who is required to use two-factor authentication (2FA)?

2FA is required for all active student, staff, faculty and sponsored affiliates accounts. Once 2FA is activated for your account, you have up-to 14 business days to setup your device. After that period, you will be required to setup a device before login is permitted.

Can I install the Duo Mobile app on multiple devices?

Yes, you can configure several devices on your Duo account. Please see FAQ "How to add a new device?"

 

 

 

 

 

List of Supported Devices

 

 

 

 

 

Can I use my Android, iOS mail client after completing my Duo setup?

Only applications that support Microsoft's Modern Authentication libraries are able to prompt for Duo two-factor authentication. This is a Microsoft -- not Duo -- limitation.

Mobile applications that support Modern Authentication libraries are as follows:

  • The native Mail app on iOS 11.x+
  • Microsoft Outlook app on iOS version 10.x and greater
  • Microsoft Outlook app on Android

Note: If your smartphone mail app keeps prompting you for your email password, please read "Issues with email on my smartphone" under the "General Issues and Troubleshooting" tab

Can I use Google Authenticator or other authenticators with Duo 2FA?

Duo 2FA does not provide support for software OTP applications like Google Authenticator, Authy and FreeOTP. However, you can use the Duo Mobile App with other online services and web applications. Learn more at https://guide.duo.com/third-party-accounts.

Duo Mobile Privacy Information

What about my privacy with the Duo mobile app?

Duo Mobile cannot see your user data like your contacts, it cannot read your text messages, it cannot access your photos (but it can use your camera to scan a QR code if you explicitly allow that permission), it cannot access your files, it cannot erase your device, it cannot see information about other applications on your device. Duo Mobile cannot track your location. In general, the only personal data that Duo Mobile knows about you are the service accounts that you explicitly add to Duo Mobile. However, Duo does not track personal data about these accounts--only the name of the service.

The DUO Mobile application will also ask you whether you wish to share Application usage information with the creator of the DUO product. This is optional to allow or deny.

For additional information, please see Duo's Privacy Information

https://help.duo.com/s/article/4683?language=en_US

How do I enable the Duo Push notification to my default mobile device?

To enable the Duo Push notification, do the following:

Step 1. Go to Manage My Services and log in to Passport York

Step 2. In the Duo Prompt, Click on My Settings and Devices to access the Self-Service Portal, then Click Send Me a Push to authenticate and access the Duo portal.

Step 3. Approve the pending Push request on your smartphone.

Step 4. Under Default Device - "When I log in" section, click on the drop down menu, select "Automatically send this device a Duo Push" and click Save.

The next time you authenticate to Passport York, Duo will automatically send you a Push request to your Default mobile device.

How to add a new device?

Have a new phone? Want to add a security key? You can easily add new devices from the Duo Prompt. If you upgraded your phone and you do not have the original device, please stop and read the FAQ on How to migrate the Duo Mobile app to my new phone ?

Setup a New Device

Step 1. Go to Manage My Services and log in to Passport York

Step 2. If you have the "Remember me for 30 days" check, click Cancel.

Otherwise, click on Add a new device

Step 3. Proceed with your 2nd factor authentication by clicking Send Me a Push or Enter a Passcode.

Step 4. Choose the new device you want to add. In this example, we'll add another phone.

Step 5. Select your phone type and click Continue.

Step 6. Install the Duo Mobile app on your new phone and click I have Duo Mobile installed.

Step 7. Scan the barcode with the app's built-in barcode scanner.

Step 8. The "Continue" button is clickable after you scan the barcode successfully.

Step 9. The new phone is added and listed with your other devices. You can click Add another device to start the setup process again.

I have multiple York accounts. Can I use the same 2FA device for them?

Yes. You can use the same 2FA device for multiple York accounts.

Duo Mobile App

Proceed with the enrollment of your first account by following the Get Started With Duo 2FA steps and register your device. When enrolling your other accounts with the same phone number, you will be ask to contact the administrator.

 

 

 

 

Please contact askit@yorku.ca or local IT support to associate your phone number with your other accounts.

Duo Hardware Token

To register your hardware token to your various York accounts, please contact askit@yorku.ca or your local IT support group.

I switched/upgraded my phone and the Duo Mobile app does not work.

If you upgraded or changed your phone and you do NOT have your old device, please contact askit@yorku.ca or your local IT support group for assistance and do not proceed with the instructions below.

If you still have your old device, please read through:

Step 1. Go to Manage My Services and log in to Passport York

** If you enabled the "Remember me" setting, access https://mms.yorku.ca in incognito mode.

 

Step 2. In the Duo Prompt, Click on My Settings and Devices¹ to access the Self-Service Portal, then Click Send Me a Push² to authenticate and access the Duo portal.

 

 

Step 3.  Approve the pending Push request on your old device.

 

Step 4. Click on Device Options³ next to the device you want changed.

 

 

Step 5. If this is a new phone with the same number, click Reactivate Duo Mobile4. (For new phone with a new number, click on the trash can and then click on +Add another device.)

 

 

Step 6. Select your phone type and click Continue.

 

 

Step 7. Install the Duo Mobile app on your phone and click I have Duo Mobile installed.

 

 

Step 8. Scan the barcode with the app's built-in barcode scanner.

 

 

Step 9. The "Continue" button is clickable after you scan the barcode successfully.

 

 

Step 10. Click on Back to Login.

 

Remember Me Feature

You can enable a 30-day "Remember Me" option to reduce how often 2FA is required. The "Remember Me" should only be used with a device you own or that is assigned only to you. Never use the feature on public or shared devices.

If you've clicked on the "Remember Me" setting and you are still being asked to authenticate, head over to the "General Issues and Troubleshooting" tab >  "The Remember Me setting is not working or the box is grayed out. How do I fix it?"

What are the elected Duo 2FA authentication methods of validating logins?

York University has elected to use the more secure Duo 2FA authentication methods.

Duo Push (Preferred method)

Install the Duo Security Mobile app on your smartphone to receive push notifications. Once this is installed, and you attempt to login to Passport York applications and O365, you’ll receive a push notification on your smartphone. Open the notification, and you’ll see a green checkmark and a red x. Simply tap the green checkmark to gain access. Using the Duo app also adds an extra physical layer of security to any smartphone with a passcode enabled.
Concerned about data usage? Duo Push uses very little data. 500 pushes to your device will use 1 MB of data in total. This is roughly equivalent to loading one webpage on your smartphone.

Passcodes

Use the Duo Security mobile app to generate temporary passcodes. This option does not require WiFi or data, so this is a great option if you’re traveling or if you have limited or no cell/internet service. Open your Duo mobile app, tap the key icon, and it will reveal a passcode. Log into the application, choose the enter a passcode option, enter the code, and you’re in!

 

Duo Hardware Token

The Duo hardware token will generate temporary passcodes.

Reference: https://infosec.yorku.ca/elected-authentication-methods/

What if I don't have a smartphone?

If you do not have a smartphone, or do not wish to use your smartphone as your second factor, you can use a Duo hardware token. Please read the FAQ on "What is a duo hardware token and How do I get one?"

What is a Duo hardware token? How do I get one or get it replaced?

A Duo hardware token is small fob that generates passcodes for Duo access. Each hardware token is tied to one user. The passcodes generated by that token can only be used by that user.

How do I get a 2FA hardware token?

Tokens for Students

Duo hardware tokens are available to students at a minimum cost. You can order your tokens at the YorkU Bookstore. Note: Token shipping and delivery may take 2-4 weeks, and your 2FA activation period will be extended to ensure you are not required to set up 2FA prior to having the token.

Tokens for Staff/Faculty

Staff and Faculty members who prefer to use a duo hardware token, can request their first token for free by ordering it at the YorkU Bookstore. Note: Token shipping and delivery may take 2-4 weeks, and your 2FA activation period will be extended to ensure you are not required to set up 2FA prior to having the token.

I lost my hardware token. Now what?

If you are a Staff and Faculty member, you can request for a replacement hardware token by contacting Client Services at askit@yorku.ca

There is a $40 replacement fee that will be charged to your department.
My duo hardware token is defective. How do I replace it?
If the duo hardware is defective with no apparent physical damage, we will gladly replace it for free. Please email askit@yorku.ca or contact your local IT support unit for a replacement. 

What happens if I lose my phone?

Please access My Settings and Devices to remove the lost device.

 

 

 

 

 

If you are unable to access My Settings and Devices, contact askit@yorku.ca or your local IT support group to have the lost device disabled, and to have an alternate device added.

Which second factor is the most secure?

Second-factor assurance levels

A higher degree of assurance is offered by any 2FA protection than a static password alone provides. Within the realm of 2FA options, some methods have a higher degree of protection than others. The security level threshold acceptable for a given 2FA protected application will vary with the risk posed by that application. As such, for applications that require a sufficiently high assurance level, less secure 2FA options will not be allowed.

York University has elected to use the more secure Duo 2FA authentication methods.

2FA authentication method Assurance level Self-serve 2FA Setup? Phone number required? Cellular network connection required? Wi-Fi connection required?
Duo Mobile App High Yes No No No (Only for 2FA Setup)
Duo Hardware token Moderate-High No No No No
Text Message Low Yes Yes Yes No
Phone Call/Landline Low Yes Yes Yes (or landline) No

Reference: https://infosec.yorku.ca/which-second-factor-is-the-most-secure/

What if my smartphone is not compatible with Duo Mobile?

Overview

The Duo 2FA solution offers a number of convenient and easy-to-use features and options to suit the range of uses and needs of the entire York community. The following is a summary of the available methods.

Duo Mobile App - "Push" Authentication

This is the preferred method as it is both highly secure as well as being most convenient for those with a smartphone. Once set up, validating your logins is a simple one-touch action. To use it, install the Duo Mobile app from the Apple or Google app store. It is available at no charge for Android 8.0+ and iOS 12.0+. (If you do not see the app, your device may not meet minimum system requirements) Requires an active data or cellular data connection to work.

Duo Mobile App - "Passcode" Authentication

This uses the same app as the "push" method, but instead of the one-touch validation, you make use of the passcode provided by the app. The advantage of this method is that it will work even without an active data or cellular connection.

Duo Hardware Token

A Duo hardware token is small fob that generates passcodes for Duo access. This works similarly to the Duo Mobile passcode option above, but without the need for a smartphone; although you do need to keep your token handy, usually on your keychain. It is available via the York Bookstore. For staff and faculty, please note the coupon code provided on the Bookstore page to obtain one at no charge.

Note: Token shipping and delivery may take 2-4 weeks, and your 2FA activation period will be extended to ensure you are not required to set up 2FA prior to having the token.
Passcode via Text Message

If the Duo Mobile app is not compatible with your phone and the hardware token is not suitable, you can enable passcodes via text message via request to askit@yorku.ca. When validating, you will receive a passcode that you can use; this requires cellular service availability.

Validation by Phone Call/Landline

If you do not have or do not wish to use a smartphone or cellphone, and a hardware token is not suitable, you can enable phone call validation via request to askit@yorku.ca. When validating, you will receive a call to the registered phone number you provide, and you will need to confirm using phone keypad. This method will work with any cellphone or landline phone.

 

Second-factor criteria comparison & Assurance levels

2FA authentication method Assurance level Self-serve 2FA Setup? Phone number required? Cellular network connection required? Wi-Fi connection required?
Duo Mobile App High Yes No No No (Only for 2FA Setup)
Duo Hardware token Moderate-High No No No No
Text Message Low Yes Yes Yes No
Phone Call/Landline Low Yes Yes Yes (or landline) No

Reference: https://infosec.yorku.ca/2fa-auth-methods/

An Introduction to Duo Security

 

Authenticate with Duo Mobile (Android)

 

Authenticate with Duo Mobile (iPhone)

 

Authenticate with Duo Hardware Tokens

 

Authenticate with Mobile Passcodes

 

Authenticate with By-pass Codes

 

Authenticate with U2F

I stopped receiving push notifications on the Duo Mobile App.

You may have trouble receiving push requests if there are network issues between your phone and the Duo service. If that is the case, use the Duo Mobile app to generate a passcode.

Issues with email on my smartphone/tablet.

Android Users:

Some native and third-party mail apps do not support Modern Authentication. Please install the Microsoft Outlook app on your Android device.

iOS users:

The preferred method is to use the Microsoft Outlook app.

The built-in mail app included with your iPhone or iPad works with Duo 2FA, as long as your iOS version is 11 or better. If your device meets the Duo requirement and you are constantly being prompted to enter your Outlook password, you need to delete and re-add your Outlook account as shown below.

Step 1. Go to Settings > Passwords & Accounts > [Select your YorkU Outlook account] > Delete Account

                       

Settings > Passwords & Accounts > [Select your                              Confirm Deletion of the Account
 YorkU Outlook account] > Delete Account

Step 2. Re-add your YorkU Outlook account. Settings > Passwords & Accounts > Add Account > Exchange

                       

Step 3. Enter your full YorkU email address e.g duomfa@yorku.ca. For the Description, you can type in YorkU. Click Next.

Step 4. Click Sign In and enter your Passport York password. Then click Sign In

                       

Step 5. Assuming that your iPhone/iPad has a passcode, you can click Save Password and validate the Duo request on your phone.

                       

Step 6. Microsoft may prompt you for a permission request. Click Accept and select your desired Exchange attributes.

                      

Your YorkU Outlook account has been successfully re-added.

Step 7 (Optional). If you have more than one email accounts configured on your iPhone or iPad and wish to set the YorkU Outlook account to be the default, go to Settings > Mail > Default Account. Choose YorkU.

                       

I get a Duo error when launching Quick Assist

If you try to launch the Microsoft Quick Assist and you receive the "Oops Looks Like Something Went Wrong" message, your Microsoft 365 Work or School Profile may not be properly configured. The steps below may help you fix the issue.

Step 1. Click on the start up menu¹, go to Settings² and Accounts³

Step 2. Go to Access work4 or school and sign-out of your York profile

Step 3. Launch one of the Microsoft Office Suite programs. In this example, I have chosen Word. Go to File, Office Account5 and Sign out6.

Step 4. Close Word and launch it again. If you are prompted to sign in, stop. If Word automatically signs you in, Repeat Step 3 until you are prompted to sign in.

Step 5. When you are prompted to sign-in, login with your PY account.

Step 6. The checkbox "Allow my organization to manage my device" is checked by default. You can uncheck the box. Click OK.

If you choose "No, sign in to this app only", you will run into the Oops error message again.

The Duo Mobile app does not show up in the App Store or the Playstore.

Check that your smartphone is running a Duo supported platform.

iPhone: iOS 12.0+

Android: Android 8.0+

The Remember Me setting is not working or the box is grayed out. How do I fix it?

The "Remember Me" setting must be applied to each browser you use and on each computer you use. DO NOT apply this setting on public or shared devices. If you choose this setting, but log in later with a different browser you will have to set it again for that browser during authentication. If you are certain you chose it to remember you on both the computer and the browser you are using, then it might be a setting on the browser that is not saving your choice. If the Remember Me box is grayed out, scroll down to "Grayed out box."

Browser Settings

Chrome

  1. While in Chrome click on the 3 vertical dots in the top-right corner of the browser (More Options Icon.png) and choose “Settings” in the drop down menu.
  2. Scroll to the bottom of the settings page and click “Advanced.” This will add more options to the bottom of the page.
  3. The next section is “Privacy and security.” Scroll through that section until you find “Content settings” (it may be the next-to-last option) and click on it.
  4. From here you will click in “Cookies” (it should be the first option) and make sure:
    1. "Allow sites to save and read cookie data (recommended)" is turned ON.
    2. “Keep local data only until you quit your browser” is turned OFF.
    3. "Block third-party cookies" is turned OFF.
  5. If you are still having trouble after doing steps 1-4; on "Cookies" page under "Allow" at the bottom, click the "Add" button and add [*.]duosecurity.com.
  6. Changes you make here are immediate, so there is no option to save. You can close the settings tab/window whenever you are finished.

Firefox

  1. While in Firefox click on the 3 horizontal lines in the top-right corner of the browser (Firefox More Icon.png) and choose “Preferences” from the drop down menu.
  2. On the left-hand side, choose the “Privacy & Security” option.
  3. In the “History” section make sure you either uncheck the "Clear history when Firefox closes" option, OR click the Settings button just to the right of that option and uncheck "Cookies" from the list of things that get cleared.
  4. In the "Cookies & Site Data" section make sure "Accept cookies and site data from websites (recommended)" is selected and "Keep until" is set to "They expire."
    1.  If you still have trouble after doing steps 1-4, you can also click the Exceptions button to the right of this option and add https://duosecurity.com to the exceptions list.
  5. Changes you make here are immediate, so there is no option to save. You can close the preferences tab/window whenever you are finished.

Safari

NOTE: If you are using Safari 12 for macOS 10.12 or later, please use a different browser, for example Google Chrome. Safari 12 for macOS 10.12 does not allow setting exceptions for third- party cookies. iOS WKWebView limits the ability to issue and read browser cookies. This is intentionally designed by Apple, and Remembered Devices will not work. For Safari version 11.x and lower,

  1. Go to Safari > Preferences.
  2. Click the Privacy tab.
  3. Disable the Block all cookies option.
  4. Safari 13.1 and later: You must also disable the Prevent cross-site tracking option.

Grayed Out box

If you have set Duo to send you a push notification automatically, the "Remember me for 30 days" checkbox may be grayed out.

If you want to reactivate this feature:

  1. Cancel the push by clicking the blue Cancel button in the lower right corner of the window.
  2. Check the box "Remember me for 30 days" and click "Send Me a Push" to authenticate.