the letters D U O shown as DUO Security Incorporated's logo

Already registered with Duo Security? Enroll or update your second factors.

Multi-Factor Authentication (MFA)

Authentication is the process of proving your identity by providing something or things that only you should know or possess.

Your username (NetID) and your password, in combination, are considered one factor – the knowledge factor. With a strong password, kept in secret, this was enough for many years, but no longer. Attempts to deceive people into using their password under false pretenses (e.g. phony web sites/forms, threatening email) have proven effective repeatedly--and not just to people in other states, but right here at UVM.┬áTo solve this inherent weakness, we have improved our authentication methods by adding something that can't be easily coerced, captured or stolen.

A second ownership factor can now be added to services. This factor comes in the form of a message or single-use code.

Sometimes called "two-factor authentication" or "2FA," we're using the term "multi-factor authentication," or "MFA," since we are providing several means of submitting the second element. Duo Security is the system behind the scenes, furnishing all of the methods below—"Duo" is more than just a smartphone app.

There are several second factor options available. We suggest the following methods, outlined below in descending order based on ease-of-use and convenience. You can choose whichever method(s) makes the most sense for your use case.

Smartphone App

This is the most convenient method for smartphone owners as it is free to install and use. A program installed on your smartphone is used as a second path to reach you. It receives a message from the service you are trying to authenticate with, requesting you to approve or deny. To use the Duo mobile app, you will need to enroll your Smart Phone in Duo Mobile. Once enrolled, you will be ready to login to UVM Services. If preferred, you can also use the Duo Mobile app to generate "one-time use" codes.

Offline Codes

If you do not own a Smartphone, or don't want to use your personal device, you can use our website to generate a batch of one-time codes at no cost to you. This list of 10 codes can be carried with you and protected in the same manner as a driver's license or UVM ID card. As each code is used, you simply move on to the next code in the list the next time you login. You can create a new batch of codes at our website whenever you need more.

Text Message (SMS)

iphone text image of the message and ten codes sent

Smartphone or not, if you can receive a text message on your phone, you can use this to receive the second factor message. This method is convenient, it requires no USB port and is mobile. This is not necessarily a preferred method of use due to a small, per-use cost to UVM and possibly your phone bill depending on your service. You will need to enroll your phone first. Once enrolled, see our guide on using SMS text messages with Duo.

Phone Call (Voice)

Example of what you will hear:

This method involves an automated phone call where the system asks you to press a number to approve the authentication. You can setup your office phone[1], your mobile phone, and your home phone if you wish. There is a small cost per use to UVM and possibly your phone bill depending on your service. If you have used either the Smartphone App or Text Message procedures above, you will also be able to use the Call method, though it's less convenient than the Duo Mobile app. If you have not used either method yet, you will need to enroll your phone number first. Once enrolled, see our guide to receiving a phone call from Duo.

[1] Shared phones cannot be used. See our FAQ page about this.

USB Key (YubiKey)

Is small device that resembles a USB flash drive, plugged into the computer you are using to access the service on. Pressing the button on the key provides the second factor to the service allowing you access. This method has a one time cost of $40 to your department for the device that will last many years.

One key can work for multiple accounts though doing so is not recommended without a valid use case (e.g. departmental accounts). Contact Identity and Account Management at iam@uvm.edu or 656-2006 to have a YubiKey provisioned for you. When you have obtained the key, see our guide to using a YubiKey.

Frequently Asked Questions (FAQ) and Troubleshooting

See our FAQ for answers to questions that we've been asked and some troubleshooting tips.