For security purposes, faculty, staff and students are required to use Duo Security two-factor authentication when logging in to the University's VPN service. Two-factor authentication (2FA) strengthens security by requiring two factors to verify your identity: 1)  something you know (RUNetID/passphrase) plus 2) something you have (mobile device/app).  This prevents unauthorized access even if your passphrase has been compromised. Duo authentication occurs after you enter your username and password in the VPN portal or application and uses a mobile phone, tablet, or landline to verify your identity. To use Duo, you will need to download the mobile app, enroll and select an authentication option. Authentication via hardware token is also available.


 

How logging in to VPN with Duo Mobile works

 

 


 

Service Details

 


Frequently Asked Questions


What is Duo Mobile?

Duo Mobile is a mobile application (app) that you install on your smartphone or tablet to generate passcodes for login or receive push notifications (recommended) for easy, one-tap authentication on your mobile device. It works with Duo Security’s two-factor authentication (2FA) service to make your logins more secure.

How do I request a Duo account?

Do I need a smartphone or data plan to use two-factor authentication?

No. Having a smartphone makes for an easier and more secure experience with the "Duo Push" one-tap authentication feature. However, you can also enroll a non-smartphone mobile device or landline to receive SMS passcodes or phone calls (SMS/text messages, voice calling and data fees may apply). Authentication via hardware token is also available.

How will Duo change my login experience?

When logging in to an application that is protected by Duo, you will still enter your username and password. After inputting your login information, Duo requires you to approve a Duo Push notification or other method of two-factor authentication. Duo does not replace or require you to change your username and password. Think of Duo as a layer of security added to your pre-existing login method. Watch the video below to see Duo Push in action.

What is the recommended two-factor authentication method?

If you have a smartphone or tablet, we recommend Duo Push, as it is quick, easy-to-use, and secure. See an introduction to Duo Security and a demonstration of Duo Push in the short video above.

What if I don't receive my enrollment email?

If you have created custom email filters or rules, you may need to check your junk or spam folder for the enrollment email.   

Is there a way to check that I have Duo installed properly?

Yes.  Use the Duo test page to check that Duo is installed properly: https://itservices.rockefeller.edu/duotest/

How much data does a Duo Push request use?

Duo Push authentication requests require a minimal amount of data -- less than 2KB per authentication. For example, you would only consume 1 megabyte (MB) of data if you were to authenticate 500 times in a given month.

Why have I stopped receiving push notifications from Duo Mobile?

There are several reasons this could be happening. Please try the following troubleshooting suggestions:

Can I authenticate if I’m somewhere with no cell signal or WiFi access?

Yes. In the Duo Mobile app, generate a passcode by tapping the key icon. The passcode will appear underneath. If you have a hardware token, you can press the button. If you know in advance that you will have a signal or WiFi access, make sure to test one or more of these options beforehand. See the Duo Knowledge Base article for more information on authenticating without cell or internet service: https://help.duo.com/s/article/4449

What should I do if I lost my phone?

Please contact the IT Help Desk immediately by phone at (212) 327-8940 or email.

Can you show me how to use Duo with my mobile device or landline?

Please watch the appropriate short video below to see how to use Duo on your device or landline.

Can Duo see my RUNet passphrase?

No. Your passphrase is only verified by your organization and never sent to Duo. Duo provides only the second factor, using your enrolled device to verify it’s actually you who is logging in.

Does using Duo give up control of my smartphone?

No. The Duo Mobile app has no access to change settings or remotely wipe your phone. The visibility Duo Mobile requires is to verify the security of your device, such as OS version, device encryption status, screen lock, etc. We use this to help recommend security improvements to your device. You always are in control of whether or not you take action on these recommendations.

What should I do if I get a new phone or a new SIM card in my existing phone?

What should I do if I don't have a phone or tablet capable of using the Duo App?

Bypass codes or hardware tokens are available as an alternative to the the Duo App.

Can international phone numbers be used will the Duo phone call option?

Yes. All international phone numbers are supported in Duo using the following format: Country code + National Destination Code + Phone Number
Example, in Switzerland: +41 33 123456789

Why does the Duo Mobile app need to access my camera?

Duo Mobile only accesses your camera when scanning a QR code during activation. However you can also receive an activation link via email.

Is any software required on my laptop to use Duo?

No.  The Duo app is installed on a mobile device such as a phone or tablet, not a laptop.

I am getting an account locked message from Duo. What should I do?

Your Duo will automatically lock after 10 failed login attempts. The lockout will expire after 15 minutes.

I am entering the passcode from my hardware token and I am getting a message “Incorrect Passcode”. Why?

Try the following:

I'm entering the passcode from my mobile app, but it is being rejected as invalid. What should I do?

If you have not used Duo in over 30 days or made several failed attempts to log in, you may need to resynchronize your Duo account. Try the following:

What is two-factor authentication, and why do we need it?

Login credentials are more valuable than ever and are increasingly easy to compromise. Over 90% of breaches today involve compromised usernames and passwords. Two-factor authentication enhances the security of your account by using a secondary device to verify your identity. This prevents anyone but you from accessing your VPN account (and the Rockefeller network), even if they know your password.

 

Can I connect to VPN using Pulse Secure on my iOS or Android device with Duo?

Yes, but there is a limitation for iOS devices.  Android users will be able to select the type of Duo authentication to use, such as Send Me a Push, Call Me, Enter a Passcode.  For iOS users, when connecting to Pulse Secure, by default, Duo will default to using Push notification to the primrary phone on file.  Users who have a Duo hardware token will need to click on Click here if you need to enter a second factor passcode under the Sign In button prior to tapping Sign In.   

iOS users who does not have a Duo hardware keyfob token or a mobile device that is registered with Duo and use Push or the Duo Security mobile application will not be able to connect using the Pulse Secure mobile application on their iOS device.

 

iOS users who do not tap Click here if you need to enter a second factor passcode, will see an authenticating message as indicated below, after tapping Sign In and Duo will automatically send a Push notification.



For security purposes, faculty, staff and students are required to use Duo Security two-factor authentication when logging in to the University's VPN service. Two-factor authentication (2FA) strength