Options for Two-Factor Authentication

Environment

University of Michigan, Duo Two-Factor Authentication

Issue

Describes the options available with Duo at U-M for two-factor authentication.

Resolution

As of April 15, 2025, Phone Call and SMS (text message) options are no longer available when enrolling in Duo. See Alternatives to Phone/SMS Options for Two-Factor Authentication for additional details. 

Duo two-factor authentication has multiple options for methods of authentication. You can modify your options from the Duo prompt by clicking the Other Options link.

Duo prompt with Other Options link circled

 

Overall Recommendations

  • We recommend using the Duo Mobile App because it offers multiple login-approval methods that are very secure and work with or without a WiFi or cellular connection.
    • Verified Push Notifications is the recommended option for two-factor authentication if you are able to use it.
    • Mobile Passcodes is the recommended option for two-factor authentication if you are traveling and/or do not have access to WiFi or a cellular connection.
  • Biometric options and security keys are the most secure, but they are not the most flexible options.

The options for two-factor authentication are described below.

Duo Mobile App

The Duo Mobile app on a smartphone, tablet, or smartwatch gives you the best combination of flexibility and security when you need to authenticate with Duo two-factor. Options include:

Verified Push Notification: Duo sends a notification to your device, where you enter a three-digit  verification code from the authentication screen and tap Verify within 60 seconds.

 Duo Verified Push Notification screen on a smartphone

Mobile App Passcode: Enter a six-digit passcode within 60 seconds to authenticate (works with or without a WiFi or cellular connection).

Notes:

  • If you cannot read the three-digit verification code and enter it in the verified push notification in the allotted time, the ITS Accessibility Team may be able to assist you in identifying different two-factor options that may be more accessible.
  • Users should regularly update their version of the Duo Mobile app to the most current version. If you are unable to update to the most current version of Duo Mobile app, you will need to choose an alternate method.
  • The most recent version of Duo Mobile is available from the app stores for devices running Android 11 or later and iOS 15 or later.

Enrollment Instructions: Manage Your Duo Options and Settings
Supported Device OS Versions: iPhone, AndroidiPad

U-M Security Token

You can use a U-M security token to generate a passcode when authenticating with Duo. There are two types of U-M security tokens:

  • U-M hardware token: This is a key fob that generates a passcode for you to enter.
  • YubiKey: A YubiKey is a chip that you insert into the USB port of your computer. When logging in, place your cursor in the passcode field and tap the YubiKey to enter a passcode.

U-M security tokens are available from the ITS Tech Shop. The university will cover the cost of an initial U-M security token for individuals. Individuals can purchase additional or replacement hardware tokens (need-based exceptions are considered on a case-by-case basis). 

Enrollment Instructions: Manage Your Duo Options and Settings​​​​​​​
Supported Device OS Versions: iPad, Android

Security Key

A security key plugs into your USB port and when tapped or pressed it sends a signed response back to Duo to validate your identity. You may enroll a third-party security key or a U-M YubiKey as a security key.

Note: A U-M YubiKey may be enrolled as either a U-M security token to generate a passcode or as a security key that can be tapped to verify your identity.

Enrollment Instructions: Manage Your Duo Options and Settings​​​​​​​
Supported Device OS Versions: Security Key Requirements

Biometric Options

You can use your device's biometric authentication, if available. See Duo’s enrollment instructions for different biometric options:

Temporary Bypass Code

If you are restricted from using technology, such as the internet or hardware tokens, or if you won’t be able to charge a device, contact the ITS Service Center.

Additional Information

Michigan Medicine affiliates will not be able to call or text options with Michigan Medicine related resources. Contact Health Information Technology & Services (HITS) if you have additional questions about Duo authentication for Michigan Medicine. 

Need additional information or assistance? Contact the ITS Service Center.

If you need help choosing a Duo two-factor authentication option that meets your needs, or encounter a disability-related barrier, contact the ITS Accessibility Team.

Print Article

Related Articles (3)

Enroll a U-M Hardware Token or U-M YubiKey
This document provides instructions for enrolling U-M hardware tokens and U-M YubiKeys.
First-Time Setup: Enroll a Device in Duo
This document provides instructions for enrolling your device (smartphone or tablet) in Duo so you can use it for two-factor authentication (2FA).
Install the Duo Mobile App
This document provides instructions for downloading and installing the Duo Mobile app on your mobile device for for two-factor authentication (2FA).