2-Step with Duo - FAQs

Don't be a victim! Never provide the Duo verification code to anyone!

If you get random requests for Duo verification – when you're not logging into anything – your account has been compromised and someone has your password. Select "I'm not logging in" and reset your password immediately! 

2-Step with Duo - The Basics

What is 2-Step with Duo Verified Push and why am I being required to enter a code?

2-Step with Duo is a form of multi-factor authentication (also known as MFA), which has become a best practice for protecting accounts and information. Verified Duo Push is an extra layer of security on your account that requires you to enter a code into the Duo app, which is a more secure practice. You may already be using it to access banking and health care records, along with any other account the includes personal information.  

Recent experiences at UAlbany and other institutions have demonstrated that the former Duo Push implementation was vulnerable to both harassment (multiple, successive push notifications intended to bother a user into accepting a push for fraudulent login attempt) and user fatigue (users paying less attention to the details, causing them to mindlessly accept a push login).  This additional layer of user intervention requires the entry of a verification code that is sent to the device that must be entered during the push login process.  This ensures that only verified users can log in and prevents someone absentmindedly accepting a push they did not request. 

To access campus IT services here at the University, you'll start by entering your NetID and password. Then you'll receive a Duo notification asking you to enter a code to verify your identity.

What version of Duo is the University at Albany Using? 

Duo has released the "Universal Prompt", offering an improved browser experience that updates the look and feel to a modern authentication screen, increases accessibility, and streamlines the verification process by offering a 'Trust Browser' option. 

Who has to use Duo and why is it required?

All members of the campus community are required to use 2-Step with Duo verified push to access campus IT services.

How often do I have to use 2-Step with Duo?

2-Step with Duo verified push authentication is required to access any service that uses the University's main sign-in page. Check the "Trust Browser" box to reduce the number of notifications you get from Duo.  Select this feature in all browsers you use for the most seamless experience. You should only use this feature on your personal devices. For more information, see Duo - Trust Browser Option - Instructions.

I can't use the Duo Mobile app. What should I do?

No Smartphone? No problem. Ask the ITS Service Desk for a free Hardware Token.

Best Practices and Tips

What is the Trust Browser option and how does it work?

You should ONLY use this feature on your personal devices. This is a setting that gets saved in your browser's cookies. If you check the "Trust Browser" box, and use the same computer and browser, you won't have to verify your identity with Duo for 30 days.  Select this feature in all browsers on your personal devices, that you use for the most seamless experience.  For more information, see Trust Browser instructions.

What is a Bypass code and when can it be helpful to me? 

A Bypass code can be used to grant temporary access for multiple use case scenarios:

  • Complete activating your mobile device.

  • Adding a new phone/device. 

  • If you are a current Duo user, and you don't have access to your registered device, your device stopped working unexpectedly, or was lost/stolen. 

Request a self-service Bypass code when the need arises. The Bypass code will provide secure temporary access for 24 hours

How many devices can I register with Duo?

ITS recommends registering multiple devices via the Duo Device Portal to authenticate. Make 2-Step with Duo as mobile as you are by registering your Smart phone, tablet, and other devices to maximize your verification options. 

Can I use Duo when I'm traveling?

Yes. Use the Duo Mobile app utilizing the built-in Passcode feature while traveling within the United States as well as Internationally.  This is a great feature to use because you can generate and use passcodes without a Wi-Fi connection (i.e airplane mode).  You may wish to manage or update devices to correspond with the availability of technology resources while you are traveling.  For more information visit our International Travel and International Number Use with Duo resource.

Duo Instant Restore

Android Devices

Set up Duo Instant Restore to make it easy to move your Duo account from one Android phone to another. You must set up Duo Instant Restore before you get your new phone, and you'll need both phones to successfully complete this process. Duo Instant Restore can only be used to move between Android devices.

  1. Open Duo Mobile and tap the menu icon in the top right to open Settings.

  2. Tap Duo Restore in the "General" settings.

  3. On the "Duo Restore Settings" screen, tap to enable the Backup accounts with Google Drive.

  4. Select the Google account to use for Duo Restore and grant Duo Mobile permission to store the backup in your Google Drive.

  5. Choose to enable account recovery for your third-party accounts by tapping Automatically reconnect third-party accounts. If you don't enable this now, Duo Mobile will remind you later.

  6. When prompted, enter and confirm a recovery password between 10-128 characters. Do not lose this password! You'll need this to recover any third-party accounts after restoring Duo Mobile on a new phone. Duo cannot recover this password for you.

iOS Devices

Set up Duo Instant Restore to make it easy to move your Duo account from one iOS device to another. You must set up Duo Instant Restore before you get your new device, and you'll need both devices to successfully complete this process. Duo Instant Restore can only be used to move between iOS devices. 

  1. Verify that you are running the latest version of Duo Mobile on your device. 

  2. Backup your iPhone to iCloud with iCloud keychain enabled. Make sure to enable iCloud keychain before backing up data.

  3. From your new iPhone, sign in to iCloud and restore the phone from iCloud.

  4. Enable iCloud keychain.

  5. Install Duo Mobile from the AppStore.

  6. Open Duo Mobile and tap Get Started on the "Welcome Back" screen.


    Duo Mobile will locate your backed-up Duo Mobile account and restore it to your new device.
    A success message will display when the Duo Mobile account is restored on the new device. 

Using 2-Step with Duo

What's the best way to authenticate using Duo and which browsers and operating systems are supported?

ITS recommends using the Duo Mobile app for the easiest, most secure experience.  The Duo Mobile app is available from the App Store or Google Play

  • It's free, easy to use and provides options that work with or without WiFi or a data connection.

  • Supported browsers include Chrome (Desktop and Mobile), Firefox, Safari (Desktop and Mobile), Edge, and Internet Explorer. Not all browsers support all Duo authentication methods, so for the widest compatibility we recommend Chrome.

  • Duo Mobile supports specific versions of iOS and Android.

How do I authenticate to Duo?

There are two ways to authenticate using the Duo Mobile app:

Using the Duo Mobile App:

  • 'Send Me a Push' is the default. Duo sends a notification requiring you to enter a code into the app. You'll need WiFi or a data connection.

  • 'Enter a Passcode' generates a 6-digit code that you'll enter when prompted. You do not need WiFi or a data connection.

Using a Hardware Token:

No smartphone? No problem. Ask ITS for a free Hardware Token.  Once you have been provided a hardware token, follow these instructions to use it for gaining access to UAlbany services.

What is a Security Key and how is it used as a secondary back-up login option?

A security key plugs into your USB port and when tapped or pressed it sends a signed response back to Duo to verify your login.  A security key is considered a secondary back up method because it will not work with all UAlbany applications.  It does not work with the VPN nor the CBORD app.   You will need to download the free Duo Mobile app from the App Store or Google Play for full authentication functionality with UAlbany services and activate your mobile device in addition to using a security key. There are also supported browser and security key requirements.  Please see the instructions for using a security key with the Duo Universal prompt. 

How do I change my Duo devices and settings?

Log into the Duo Device Portal to change Duo devices or settings. You will need to verify your identify with your current Duo settings prior to making any changes. For more information, see the Duo Device Portal - Instructions page.

Duo passcodes - how and when to use them

Passcodes are a great way to access campus IT services when you have no other devices available. Generate passcodes on the app at your convenience and save them in a secure location for future use. Passcodes never expire, but they can only be used once, and must be used in the order they are created. Visit the Duo Authentication Methods page for more information.

Can I use Duo when I'm traveling?

Yes. Use the Duo Mobile app utilizing the built-in Passcode feature while traveling within the United States as well as Internationally.  This is a great feature to use because you can generate and use passcodes without a Wi-Fi connection (i.e airplane mode).  You may wish to manage or update devices to correspond with the availability of technology resources while you are traveling.  For more information visit our International Travel and International Number Use with Duo resource.

I do not have internet or cell service.  Can I still login to my account?

Yes, you can still complete authentication if you have the Duo mobile app enrolled on your account.  With the app, you can generate a Passcode to enter when logging in by opening the Duo app, tapping the ‘Show’ button just below Passcode to reveal the 6-digit passcode to enter.

Duo Security

Does 2-Step with Duo prevent scams?

No. 2-Step with Duo provides additional security, but you are ultimately responsible for protecting your account and information. If a scammer gets your NetID and password, 2-Step with Duo will keep them out–as long as you do not Approve any Duo notifications you did not initiate.  Protect yourself and learn more about 2-Step with Duo Fraud Awareness.

I'm getting Duo notifications when I'm not logging in. What should I do?

Deny the Duo notification and reset your password immediately! See 2-Step with Duo Fraud Awareness for more information.

Not sure if that Duo verification is suspicious? These clues can help:

  • Are you logging into a campus IT service? If not, deny and reset your password.

  • Is the timestamp on the Duo verification consistent with a login you initiated? If not, deny and reset your password.

  • Is the geolocation on the Duo verification consistent with your location? Depending on your network, this may reflect a neighboring town or city. It should not reflect a distant location, such as another state or country.

Duo locked me out of my account. What happened?

As a safety feature, 2-Step with Duo locks an account after several failed access attempts. Your account will be reactivated automatically after 60 minutes. For more information or assistance, contact the ITS Service Desk.

How do I know if the Duo Mobile app is up-to-date?

Duo's Mobile Security Checkup verifies your device settings and lets you know whether you are up to date with their recommended security settings.  

How does Duo rank authentication methods from most to least secure?

Duo considers Touch ID and security keys to be the most secure authentication methods. The next most secure Duo method is using Duo Mobile to approve push notifications. If you have a phone or tablet with Duo Mobile activated, the Universal Prompt will automatically send you a Duo Push the first time you log into that application.  You will also have to enter a code to approve the 'push'.  Please visit Duo authentication methods from most to least secure for a complete break down.   If you haven't set up Duo Mobile, then the Duo Universal Prompt automatically selects your next available option, following the most to least secure preference order and what is allowed by the University at Albany.

If you don't want to use the method Duo automatically suggests for that application, cancel the Duo authentication in progress and click or tap Other options. Then, select the method you want from the list.

Completing Duo login sets the login option you used as the first choice for this application. Future Universal Prompt logins to that application from the same device and browser will automatically use that same method. If you cancel the authentication in process and choose a different device, then the device you use becomes the first choice for that application.  You will need to have cookies enabled on your browsers for this to work. 

Hardware Tokens

My hardware token stopped working. what should I do?

Hardware Tokens can get 'out of sync' if the button is pressed too many times and the passcodes are not used. If your Token stops working or you can't login with the passcode it provides, try re-syncing it:

  1. Generate 3 passcodes in a row

  2. Login to a Duo-protected service, such as MyUAlbany, with your NetID and password

  3. Use the third passcode you just generated to verify your identity

Contact the ITS Service Desk if you are still unable to access campus IT services.

I lost my hardware token. What should I do?

Contact the ITS Service Desk. If you have a secondary method for receiving Duo notifications, ITS recommends logging into the Duo Device Portal and disabling your Hardware Token.

I don't need a hardware token anymore. What should I do with it?

If you no longer need a Duo Token, please return it to ITS so it can be reassigned.

Other questions about 2-Step with Duo

Duo Guide to Two-Factor Authentication

What data does Duo collect and use?

The Duo Mobile app and Duo prompts collect information from your device whenever you open the app, and whenever you use it to verify your identity. This includes the following:

  • The model of your device, its operating system, address, and the version of the app you are using

  • Connection information, including the name of a mobile operator or ISP, language, time zone, and phone number

  • IP address

The Duo Mobile app does not:

  • Track your location

  • Access your contacts, text messages, or email

  • Access your browser history

  • Erase anything on your device

  • Allow UAlbany to manage your device in any way

  • Access your photos

How does Duo Mobile protect my privacy?

Learn more about: