Duo Options for Two-Factor Authentication

Environment

University of Michigan, Duo Two-Factor Authentication, Supported Device OS Versions: iPhone, Android, iPad

Issue

Describes the options available with Duo at U-M for two-factor authentication.

Resolution

If this is your first time enrolling in Duo, please see First-Time Enrollment Instructions.

Duo Authentication Options

• Duo Mobile app
  • Verified Push Notifications is the recommended option for two-factor authentication if you are able to use it.
  • Mobile Passcodes is the recommended option for two-factor authentication if you are traveling and/or do not have access to WiFi or a cellular connection.
• U-M Hardware Token or YubiKey
• Security Key
• Biometric options and security keys are the most secure, but they are not the most flexible options. 
• Temporary Bypass Code

Change Duo Authentication Option

After enrolling in Duo two-factor authentication, you have multiple options for methods of authentication. 

• Note: You can only modify your authentication method by clicking the Other Options link on the bottom of the Duo prompt notification.

Duo Mobile App

We recommend using the Duo Mobile App on a smartphone, tablet, or smartwatch because it offers multiple login-approval methods that are very secure and work with or without a WiFi or cellular connection.

Verified Push Notification

• Duo sends a notification to your device, where you enter a three-digit verification code from the authentication screen and tap Verify within 60 seconds.

Mobile Passcodes

• Enter a six-digit passcode within 60 seconds to authenticate (works with or without a WiFi or cellular connection).

Other Options (Non-Mobile App) 

U-M Hardware Token or YubiKey

You can use a U-M hardware token or YubiKey to generate a passcode when authenticating with Duo. A hardware token is a key fob that generates a passcode for you to enter. A YubiKey generates a passcode when you tap it.

U-M hardware tokens and YubiKeys are available from the ITS Tech Shop. The university will cover the cost of an initial U-M hardware token for individuals. Individuals can purchase additional or replacement hardware tokens or YubiKeys (need-based exceptions are considered on a case-by-case basis). 

• Add a Hardware Token or YubiKey

Security Key

A U-M YubiKey from the Tech Shop may be activated as a security key. Third-party security keys (e.g, those purchased on Amazon) do not work with Duo at U-M. A security key plugs into your USB port and when tapped or pressed it completes the Duo authentication.

• Add a U-M YubiKey as a Security Key

Biometric Options

You can use your device's biometric authentication, if available. See Duo’s enrollment instructions for different biometric options:

• Touch ID on Mac
• Windows Hello
• Face ID/Touch ID on iPhone or iPad
• Android Biometrics

Temporary Bypass Code

If you are temporarily restricted from using technology, such as the internet or hardware tokens, or if you won’t be able to charge a device, contact the ITS Service Center.

Additional Information

Note: Users should regularly update their version of the Duo Mobile app to the most current version. If you are unable to update to the most current version of Duo Mobile app, you may need to choose an alternate method. The most recent version of Duo Mobile is available from the app stores for devices running Android 11 or later and iOS 15 or later.

Michigan Medicine affiliates may be subject to different policies regarding available Duo authentication methods.  Contact Health Information Technology & Services (HITS) if you have additional questions about Duo authentication for Michigan Medicine. 

Need additional information or assistance? Contact the ITS Service Center.