Skip to Content

Duo FAQ

Estimated Reading Time: 8 Minutes
488  Michael Belanger December 20, 2023  Security, Two-Factor Authentication

FREQUENTLY ASKED QUESTIONS ABOUT DUO

WHAT 

Two-factor authentication requires something you know (your Clemson password) and something you have (like a mobile phone, tablet or a smartphone app) as an added layer of security to prevent anyone else from accessing your account. Two-factor authentication is the most effective method of account takeover prevention, helping to protect both you and the Clemson community.

 

WHY

Passwords are essential for security and privacy, but they are often not enough. They can often be stolen, guessed, and hacked -- you might not even know who else has your password and is accessing your account. Two-factor authentication adds a second layer of security to your account to make sure that it stays safe, even if someone else knows your password, by using your phone or other device to verify your identity. You will be alerted right away (on your phone - mobile - or tablet) if someone tries to log in using your password. This prevents anyone but you from accessing your accounts.

WHO

All Clemson students, faculty, and staff will be required to enroll in Duo in order access 2FA protected applications.

HOW

Duo's self-enrollment process makes it easy to register your phone or tablet and install the application on your device. You can complete your enrollment at https://www.clemson.edu/2fa . We suggest doing this on a device other than the one you plan to register. After completing the process, you can test the authentication process by visiting https://www.clemson.edu/2fa/check


FAQS AND TIPS

What if I do not have a mobile phone?

You can use a tablet or hardware key. Duo also lets you link multiple devices to your account, so you can use your mobile phone or tablet. In fact, we suggest that you enroll more than one device for redundancy in the event a device is lost.

What if I lose my mobile phone or it is stolen?

Contact the Help Desk via email (ITHelp@clemson.edu) or call 864-656-3494 immediately if you lose your phone or suspect that it has been stolen. The device will be disabled for authentication and you will be assisted in enrolling another phone/device. While it is important that you contact the Help Desk if you lose your phone, remember that your password will still protect your account.

What if I get a new mobile phone or wipe existing phone? (Reactivating Duo Mobile)

If you get a new phone you will need to re-activate Duo Mobile. This can be done through our Device Management Portal at https://2fa.clemson.edu/on your computer or other device. When accessing the portal, click on Re-Activate Your Device. You will need to sign in to your Clemson user account. Select the phone number you want to use. Click Send. Open the text messages on your phone and click on the link sent to you. It will show account name "Clemson University". Leave that alone and click Save.

What if I don't have a cell phone or a tablet for a secondary device?

The CCIT Support Center will have Duo D-100 hardware tokens available for $21. These devices are the preferred alternative to a mobile device or phone because they will work for any situation or application. In the event an employee does not have a suitable mobile device, it is our suggestion that the department purchase this token for their employee. If the employee later leaves, the token should be returned to the department and assigned to another user.

Alternatively, you are welcome to purchase a personal YubiKey to be used for 2FA. A list of model prices and feature comparisons can be found on the vendor's website here: https://www.yubico.com/products/yubikey-hardware/. Please be aware the U2F version of the YubiKey only functions in Chrome or Opera web browsers. Native applications like Cisco AnyConnect will not work with the U2F YubiKey. If you purchase another model that supports event-based HOTP, a Duo admin will need to enroll the device for you. This can be done in the CCIT Support Center.

Does Duo work with Texts?

Yes. To receive a passcode on your phone in a text message, you should choose the Enter a Passcode option when authenticating, and a blue bar across the bottom should give you the option to text codes. If you choose to receive text codes, you will be sent one message with 10 different codes. The codes are one time use each. This way, next time you go to log in, you can just enter one of the codes that you were given via text. Once you have used up all 10 codes, you can start the process over again by clicking the blue button to send new text codes.

How many chances will I get to authenticate?

You will have five chances to authenticate a request. After the fifth chance, your two-factor authentication will be deactivated and you will not be able to access the system you are attempting to log into.

What should I do if I get an authentication message and I am not trying to log in?

Deny the request and report the incident to the Help Desk immediately via email (ITHelp@clemson.edu) or by calling 864-656-3494.

I am getting a message that I am locked out. What do I do?

Your account will lock when there are too many failed attempts to authenticate. The lockout should clear automatically in 15 minutes.  You can either wait or contact the Help Desk at 864-656-3494 for assistance with your account.

Can I opt out of Duo?

No. Two-factor authentication adds a second layer of security to our online accounts. In an effort to keep your personal account information secure, we are requiring two-factor authentication on selected services.

I frequently travel internationally. How does this affect two-step verification?

If you travel internationally and need access to resources protected by Duo, you have two choices. You can continue to use Duo Push through your cell phone or purchase a hardware token to use with Duo.

How do I enroll more than one device in 2FA?

Please keep in mind it is important to enroll more than one device (such as a smart phone and tablet) in 2FA to avoid difficulties authenticating if you lose or don’t have your only enrolled device with you. Click here for detailed instructions on how to add multiple devices.

To add multiple devices:

  • Please log in to 2fa.clemson.edu and authenticate with your current device if requested.
  • Then, under the Manage Devices tab,  select Open the Universal Prompt.
  • Do not accept the Duo notification on your phone that this causes.
  • Select Other Options on your computer.
  • Then select Manage Devices. Accept the Duo notification on your phone. 
  • If you don't get a Duo notification on your device, select Duo Push on the computer. In either case, accept the duo notification on your device.
  • On the computer, you should see your current Duo devices.  Select Add a device
  • On the computer, select Duo Mobile
  • If the device you are adding is not a phone (even if it is an old phone with wi-fi only), select I have a tablet
  • Download and install the Duo Mobile app on your new device.
  • On the computer, click Next
  • You will get a QR code on your computer. 
  • On the new device, open the Duo Mobile app. Click Continue. Click Use a QR Code.  
  • Hold new device up to computer to see the QR code and it will automatically take a picture when it is the right distance.
  • It will fill in Account name : Clemson University.  Click done.
  • On the computer, click Continue.
  • On the computer, you will see all of your Duo devices including the new one.
  • If you want to remove any device, click on the Edit beside it, then you will get a choice to Rename or Delete
  • Now if you attempt to access something on your computer that requires a Duo push, you can accept the push on your phone. Or you can click on Other Options.  Then you will have a choice of devices. Select the device you want to use. Then that device will give you the option to Accept so you can continue.

Will Duo ask for my password?

Duo (Clemson’s partner in 2FA) will never ask for your username and password. If you receive such a request, do not respond.

What if I only have one device registered and it's not available to access my account?

We recommend that you have two devices registered with Duo in case one device is unavailable.  In the event that you can't access your account due to your device(s) being unavailable, please contact the CCIT Support Center at 864-656-3494 for a temporary bypass code to allow access to your accounts.

If you have more questions, email ITHELP@clemson.edu.

 

We recommend that you have two devices registered with Duo in case one device is unavailable.  In the event that you can't access your account due to your device(s) being unavailable, please contact the CCIT Support Center at 864-656-3494 for a temporary bypass code to allow access to your accounts.
Duo FAQ
Estimated Reading Time: 8 Minutes  Michael Belanger December 20, 2023