For security purposes, faculty, staff, and students are required to use Duo Security two-factor authentication when logging in to the University's VPN service or Office365 applications, including RU email.  Two-factor authentication (2FA) strengthens security by requiring two factors to verify your identity: 1)  something you know (RUNetID/passphrase) plus 2) something you have (mobile device/app).  This prevents unauthorized access even if your passphrase has been compromised. Duo authentication occurs after you enter your username and password in the VPN or Office 365 portal or application and uses a mobile phone, tablet, or landline to verify your identity. To use Duo, you will need to download the mobile app, enroll and select an authentication option. Authentication via hardware token is also available.


Service Details


How logging in to applications with Duo Mobile works

Frequently Asked Questions

What is Duo Mobile?

Duo Mobile is a mobile application (app) that you install on your smartphone or tablet to generate passcodes for login or receive push notifications (recommended) for easy, one-tap authentication on your mobile device. It works with Duo Security’s two-factor authentication (2FA) service to make your logins more secure.

How do I create a Duo account?

If you are new to Rockefeller or are an existing employee who has never enrolled in Duo, there are two ways to create a Duo account:

  1. You will automatically receive an enrollment email from Duo Security ( Use the enrollment link and follow the instructions to set up your account.
  2. When you try to log in to an application that is protected by Duo, you will see a prompt to set up your account and enroll your device. Click the Start Setup button and follow the instructions. You'll have 30 days to complete your enrollment.

How can I change my default Duo settings or devices?

Duo gives you several authentication options, including sending a push or calling. You can set Duo to automatically use a preferred authentication method for each device that you have enrolled. You can also choose which device to use as your default.

To open the Duo prompt:

  • Log in to any Duo-protected application, such as VPN.
  • When the prompt appears, select Settings > My Settings & Devices.
  • For detailed instructions, visit the Duo website.

How can I add a new device to Duo?

Have a new phone? You'll need to enroll it before you can use Duo on it.

  • Open the Duo prompt by logging in to a Duo-protected application, such as VPN.
  • When the prompt appears, select Settings > Add a new Device.
  • For detailed instructions, visit the Duo website.

Do I need a smartphone or data plan to use two-factor authentication?

No. Having a smartphone makes for an easier and more secure experience with the "Duo Push" one-tap authentication feature. However, you can also enroll a non-smartphone mobile device or landline to receive SMS passcodes or phone calls (SMS/text messages, voice calling and data fees may apply). Authentication via hardware token is also available.

How will Duo change my login experience?

When logging in to an application that is protected by Duo, you will still enter your username and password. After inputting your login information, Duo requires you to approve a Duo Push notification or other method of two-factor authentication. Duo does not replace or require you to change your username and password. Think of Duo as a layer of security added to your pre-existing login method. Watch the video below to see Duo Push in action.

What is the recommended two-factor authentication method?

If you have a smartphone or tablet, we recommend Duo Push, as it is quick, easy-to-use, and secure. See an introduction to Duo Security and a demonstration of Duo Push in the short video above.

What if I don't receive my enrollment email?

If you have created custom email filters or rules, you may need to check your junk or spam folder for the enrollment email.   

Is there a way to check that I have Duo installed properly?

Yes.  Use the Duo test page to check that Duo is installed properly:

How much data does a Duo Push request use?

Duo Push authentication requests require a minimal amount of data -- less than 2KB per authentication. For example, you would only consume 1 megabyte (MB) of data if you were to authenticate 500 times in a given month.

Why have I stopped receiving push notifications from Duo Mobile?

There are several reasons this could be happening. Please try the following troubleshooting suggestions:

  • Make sure your enrolled device has a cellular network or WiFi connection.
  • Open the Duo Mobile app when you authenticate.
  • Ensure that you have notifications enabled for Duo.
  • Reboot your phone.
  • Try these additional push troubleshooting steps provided on the Duo website:
  • If the above solutions don’t work, try using another authentication method, such as passcodes provided in the Duo Mobile app.

Can I authenticate if I’m somewhere with no cell signal or WiFi access?

Yes. In the Duo Mobile app, generate a passcode by tapping the key icon. The passcode will appear underneath. If you have a hardware token, you can press the button. If you know in advance that you will have a signal or WiFi access, make sure to test one or more of these options beforehand. See the Duo Knowledge Base article for more information on authenticating without cell or internet service:

What should I do if I lost my phone?

Please contact the IT Help Desk immediately by phone at (212) 327-8940 or email.

Can you show me how to use Duo with my mobile device or landline?

Please watch the appropriate short video below to see how to use Duo on your device or landline.

Can Duo see my RUNet passphrase?

No. Your passphrase is only verified by your organization and never sent to Duo. Duo provides only the second factor, using your enrolled device to verify it’s actually you who is logging in.

Does using Duo give up control of my smartphone?

No. The Duo Mobile app has no access to change settings or remotely wipe your phone. The visibility Duo Mobile requires is to verify the security of your device, such as OS version, device encryption status, screen lock, etc. We use this to help recommend security improvements to your device. You always are in control of whether or not you take action on these recommendations.



What should I do if I get a new phone or a new SIM card in my existing phone?

Before you can use the Duo app on your new phone, the Help Desk will need to issue a new one-time activation link, which will be sent to you via text from Duo. If you have already switched phones and need VPN access before receiving your new activation link, use the Passcode method to authenticate from the Duo App on your old phone (see below).

  • If you get a new phone or factory reset your phone:
    • Reinstall the Duo app on the new phone.
    • Contact the Help Desk ( for a new activation invitation and include the following information in your request:
      • type of phone you are switching to
      • confirmation of the mobile phone number associated with the device.

  • If you get a new SIM card but are using the same phone, your Duo app will still work.
  • To authenticate from the Duo App on your old phone:

    • Launch the Duo Mobile app on your old device and then tap the key icon or “Show” to reveal the passcode.
    • Sign in to Pulse Secure and, when prompted, choose Enter a Passcode as your authentication method.
    • Enter the passcode from Duo.

What should I do if I don't have a phone or tablet capable of using the Duo App?

Bypass codes or hardware tokens are available as an alternative to the the Duo App.

    • A bypass code is a one-time code that can be generated for you by contacting the Help Desk during normal business hours. Once this code is generated, it can be used for 1 week.
    • A hardware token is a physical device you carry to authenticate your identity using a passcode. Hardware tokens can be requested and enrolled by contacting the Help Desk. Tokens that are lost or not returned upon leaving the university will incur a charge.

Can international phone numbers be used will the Duo phone call option?

Yes. All international phone numbers are supported in Duo using the following format: Country code + National Destination Code + Phone Number
Example, in Switzerland: +41 33 123456789

Why does the Duo Mobile app need to access my camera?

Duo Mobile only accesses your camera when scanning a QR code during activation. However you can also receive an activation link via email.

Is any software required on my laptop to use Duo?

No.  The Duo app is installed on a mobile device such as a phone or tablet, not a laptop.

I am getting an account locked message from Duo. What should I do?

Your Duo will automatically lock after 10 failed login attempts. The lockout will expire after 15 minutes.

I am entering the passcode from my hardware token and I am getting a message “Incorrect Passcode”. Why?

Try the following:

  • Make sure you entered the correct code. 
  • Be sure your token is right side up.
  • It's possible that your token is out of sync. To resynchronize it with your Duo account:
    • Press the green button to turn off the Duo token.
    • Press the green button again to turn the token back on.
    • Enter the newly displayed code to log in. If your login fails, repeat this process two more times. After 3 passcodes you will be logged in.
  • Contact the IT Help Desk at x8940

I'm entering the passcode from my mobile app, but it is being rejected as invalid. What should I do?

If you have not used Duo in over 30 days or made several failed attempts to log in, you may need to resynchronize your Duo account. Try the following:

  • Close the mobile app on your smartphone, then reopen it and enter the passcode. You may need to repeat this process once more before logging in successfully.
  • Contact the IT Help Desk at x8940

What is two-factor authentication, and why do we need it?

Login credentials are more valuable than ever and are increasingly easy to compromise. Over 90% of breaches today involve compromised usernames and passwords. Two-factor authentication enhances the security of your account by using a secondary device to verify your identity. This prevents anyone but you from accessing your VPN account (and the Rockefeller network), even if they know your password.


Can I connect to VPN using Pulse Secure on my iOS or Android device with Duo?

Yes, but there is a limitation for iOS devices.  Android users will be able to select the type of Duo authentication to use, such as Send Me a Push, Call Me, Enter a Passcode.  For iOS users, when connecting to Pulse Secure, by default, Duo will default to using Push notification to the primrary phone on file.  Users who have a Duo hardware token will need to click on Click here if you need to enter a second factor passcode under the Sign In button prior to tapping Sign In.   

iOS users who does not have a Duo hardware keyfob token or a mobile device that is registered with Duo and use Push or the Duo Security mobile application will not be able to connect using the Pulse Secure mobile application on their iOS device.


iOS users who do not tap Click here if you need to enter a second factor passcode, will see an authenticating message as indicated below, after tapping Sign In and Duo will automatically send a Push notification.

For security purposes, faculty, staff, and students are required to use Duo Security two-factor authentication when logging in to the University's VPN service or Office365 applications, including RU