Environment
University of Michigan, Duo Two-Factor Authentication, Supported Device OS Versions: iPhone, Android, iPad
Issue
Describes the options available with Duo at U-M for two-factor authentication.
Resolution
If this is your first time enrolling in Duo, please see First-Time Enrollment Instructions.
Duo Authentication Options
- Duo Mobile app
- Verified Push Notifications is the recommended option for two-factor authentication if you are able to use it.
- Mobile Passcodes is the recommended option for two-factor authentication if you are traveling and/or do not have access to WiFi or a cellular connection.
- U-M Hardware Token or YubiKey
- Security Key
- Biometric options and security keys are the most secure, but they are not the most flexible options.
- Temporary Bypass Code
Change Duo Authentication Option
After enrolling in Duo two-factor authentication, you have multiple options for methods of authentication.
- Note: You can only modify your authentication method by clicking the Other Options link on the bottom of the Duo prompt notification.

Duo Mobile App
We recommend using the Duo Mobile App on a smartphone, tablet, or smartwatch because it offers multiple login-approval methods that are very secure and work with or without a WiFi or cellular connection.
Verified Push Notification
- Duo sends a notification to your device, where you enter a three-digit verification code from the authentication screen and tap Verify within 60 seconds.
Mobile Passcodes
- Enter a six-digit passcode within 60 seconds to authenticate (works with or without a WiFi or cellular connection).
Other Options (Non-Mobile App)
U-M Hardware Token or YubiKey
You can use a U-M hardware token or YubiKey to generate a passcode when authenticating with Duo. A hardware token is a key fob that generates a passcode for you to enter. A YubiKey generates a passcode when you tap it.
U-M hardware tokens and YubiKeys are available from the ITS Tech Shop. The university will cover the cost of an initial U-M hardware token for individuals. Individuals can purchase additional or replacement hardware tokens or YubiKeys (need-based exceptions are considered on a case-by-case basis).
Security Key
A U-M YubiKey from the Tech Shop may be activated as a security key. Third-party security keys (e.g, those purchased on Amazon) do not work with Duo at U-M. A security key plugs into your USB port and when tapped or pressed it completes the Duo authentication.
Biometric Options
You can use your device's biometric authentication, if available. See Duo’s enrollment instructions for different biometric options:
Temporary Bypass Code
If you are temporarily restricted from using technology, such as the internet or hardware tokens, or if you won’t be able to charge a device, contact the ITS Service Center.
Additional Information
Note: Users should regularly update their version of the Duo Mobile app to the most current version. If you are unable to update to the most current version of Duo Mobile app, you may need to choose an alternate method. The most recent version of Duo Mobile is available from the app stores for devices running Android 11 or later and iOS 15 or later.
Michigan Medicine affiliates may be subject to different policies regarding available Duo authentication methods. Contact Health Information Technology & Services (HITS) if you have additional questions about Duo authentication for Michigan Medicine.
Need additional information or assistance? Contact the ITS Service Center.