Topics Map > Security
Topics Map > Campus Services > E-mail
Security - Two-factor Authentication (Duo) FAQ
Frequently asked questions regarding two-factor authentication using Duo at UW-Platteville
A: Two-factor authentication – a.k.a. multi-factor authentication (MFA) - is a second layer of protection that combines something you know (your password) with something you have (phone or tablet). Verifying your identity using a second factor (like your cell phone or tablet) prevents anyone but you from logging into a system, even if they know your password.
A: Information security is everyone’s responsibility. Verifying your identity using a second factor prevents anyone but you from logging in, even if they know your password. The extra step protects your online identity as well as our employees and students and the University as a whole. Two-factor authentication also mimics real life; chances are, you are already using two-factor authentication in your personal online business (e.g. Amazon, Gmail, etc.).
In addition, this effort conforms to existing UW System policy on authentication related to high-risk data. Read the UW System Information Security: Authentication Policy at https://www.wisconsin.edu/uw-policies/uw-system-administrative-policies/information-security-authentication/information-security-authentication/
A: Duo is the service UW-Platteville uses for two-factor authentication.
A: All of the options will do the job, but we strongly recommend using the app on your phone or tablet if possible.
We also recommend that you choose more than one option if possible to cover bases. If you forget one device at home, you have another option. If you are not able to choose more than one option, and you find yourself without a device when you need it, call the ITS Help Desk at 608.342.1400.
- The app is easy to read.
- The app sends notices if someone tries to access your account.
- The app is free while texts and phone calls cost the University money.
Q: What if I do not have a cell phone/device?
A: Call the ITS Help Desk at 608.342.1400 for options. ITS has a limited number of fobs that can be checked out to employees. Note that university-issued fobs must be returned to the ITS Help Desk when an employee leaves employment at UW-Platteville.
Q: What if I break, lose, or do not return my university-issued fob?
A: Call the ITS Help Desk at 608.342.1400. There will be a $20 charge to replace the device.
Q: What if I only enroll one device, and I forget it at home?
A: Call ITS Help Desk at 608.342.1400. They will ask you to verify your identity using the Help Desk questions you set up for your password. Once verified, staff will issue a temporary code to get you into the system.
Q: If I use my personal device, will it be subject to open records requests?
A: No. Duo does not capture or store University data. It is merely a method for verifying logins.
Q: If I have to use two-factor authentication for one system that uses Single Sign On (SSO), why am I required to use to two-factor authentication for all applications that use Single Sign On (SSO)?
A: If you have access to sensitive data in any application that uses Single Sign On (SSO) for authentication, Single Sign On will require two-factor authentication for all SSO applications. This is required to protect sensitive data due to the nature of how Single Sign On works.
Q: DUO phone calls are not coming through, but the number I have on file is correct. What's up?
A: Check to make sure that your phone is not blocking the DUO calls. Sometimes phones will block numbers that it thinks are spam.
A: Perceptive Content contains sensitive data including Personally Identifiable Information (PII) and financial data related to Purchasing and Accounts Payable. Because of this, all Perceptive Content (and Perceptive Experience) users are required to authenticate using two-factor.
Q: What is the Duo LDAP Proxy?
A: For applications that do not natively support two-factor authentication (such as Perceptive Content), the Duo Self-Service box will not appear to ask you which authentication method you want to use. Instead, Duo LDAP Proxy service is used to facilitate two-factor authentication.
The Duo LDAP Proxy service will automatically use the default device you selected in Duo. The system name will appear as "LDAP Proxy" on your device instead of "Perceptive Content". (See comparison below when default is push notification.) (Need to enroll in Duo? Go to Security - Enrolling in Duo and Managing your Devices for instructions.)
Sample push notification using Duo Self-Service (displays name of system: Shibboleth SSO)
Sample push notification using LDAP Proxy (displays LDAP Proxy instead of Perceptive Content)
Q: How do I authenticate with the Duo LDAP Proxy if I do not have my default device?
A: If you need to use a device other than your default device to authenticate using LDAP Proxy, you can enter additional information after your password on the login window for your application, e.g. Perceptive Content.
To use a push notification to the Duo App on your cell phone:NetID: username
To use a passcode from a fob or the Duo App (example passcode: 1234567):NetID: username
To initiate a phone call to your device registered to receive calls, you would enter the device name from Duo (example: landline):NetID: username
Q: Will I have to use two-factor authentication every time I log into my email account?
A. If you use the Office 365 web application in a browser, you will have to use two-factor every time you log in. The same is true of related apps like Teams, OneDrive, and SharePoint.For the Outlook app or the native app on your mobile device, you will log in once with two-factor, and that should last for awhile. Factors that may require you to use two-factor include changing your password or system updates.For Outlook desktop client, you will log in once with two-factor, and that should last you until you change your password. Again, factors such as system updates may require you to use two-factor on occasion.
A. Yes. Azure Active Directory is a system Microsoft uses for authentication. (See example below.)
Sample push notification displaying Microsoft Azure Active Directory instead of Office 365
A: The term "single sign-on" can be a bit misleading. The first sign-on only lasts 30 minutes. For example, if you log into one SSO system using two-factor at 9:00 a.m., and then you log into additional systems before 9:30 a.m. you will only have to use two-factor the first time. However, if you sign into a SSO system at 9:00 a.m. and then you sign into another SSO system at 9:45 a.m., you will be required to use two-factor for that second system.
If you have questions, please contact the ITS Help Desk at 608.342.1400 or firstname.lastname@example.org. You may also visit the Help Desk on the first floor of the Karrmann Library.