Set Up and Manage Duo for Your Account and Devices

1. Open  towson.edu/netid and select the Enroll/Manage Duo Devices link under Manage NetID and Duo.

2. Log in using your NetID and password. An Attention box will prompt you to enable Duo if you have not already done so.

3. Select the Duo and Security link. Then, ADD a DEVICE.

4. In the ADD DEVICE box:

• select Mobile phone 

• Under Device Name, enter a friendly name for your device

• Under Platform Type, Select IOS, Android, or Generic.

• Under country code, select a Country Code (if necessary), enter the phone number for your device.

• Click on the check box to confirm the provided phone number is accurate.

• Select Submit.

5. Select, Activate Using Duo Mobile (or one of the other options provided). 

6. Open the Duo Mobile app on your device, tap the "+" button in the app to add a device, and scan the QR code.

7. Select the Complete button.

Duo will be required upon account activation for all TU students, faculty, staff, retirees, and guests.

In some rare cases, the Welcome to Duo Security screen appears during login for accounts (such as guest accounts) who were not initially setup with Duo, do not close or exit this screen. You must successfully enroll a device to proceed. Exiting prematurely will interrupt the enrollment process and require assistance from the OTS Technology Support Desk.

Below is an example of what you’ll see when prompted to enroll after logging into a Duo-protected service:

You will be asked to add a device (Duo Mobile App is recommended).

Follow the on-screen prompts to complete your Duo setup, based on the type of device you wish to add.

Once enrollment is complete, Duo two-factor authentication will be required each time you log in.

You will receive a confirmation email whenever a new device is enrolled. This ensures you’ll be notified if a new device is added in the future.

Instructions on how to register a replacement device with the same phone number.

• Select MY PROFILE from within NetID Management, then select Duo and Security.
• Select Add a Device, and fill in the Device Type, Device Name, Platform Type, and any other options available (depending on what device type is chosen).
• Select Submit. A QR code will be displayed.
• Open the Duo Mobile app on your phone.
• Tap the + button.
• Scan the QR code using the phone's camera.

There are several ways to authenticate using your enrolled device:

✅ Duo Push (Recommended)

Using the Duo Mobile app, a login request is sent to your smartphone or tablet. You’ll see a notification on your device’s screen — simply tap Approve to complete the sign-in on your computer.

🔢 Passcodes

You can authenticate using numeric passcodes, which can be:

• Generated within the Duo Mobile app (no internet/cell/data required),

• Sent via text message (SMS), or

• Obtained from NetID Management as backup codes.

Enter the passcode on your computer to complete the login process.

Use Duo to authenticate

Duo will prompt you with your most secure option. If that option is not available, select 'Other Options' to see all the other options you have registered or have available to you.
 

Learn more about using Duo — including available login options — by visiting:
Duo Universal Prompt: Guide to Two-Factor Authentication

✅ Have Duo Remember You

When using Duo to authenticate web applications such as PeopleSoft or Microsoft 365, you may see a check box labeled "Remember me."
As long as you're using a personal or trusted device, you can safely select this option to reduce how often you need to authenticate.

🛠️ Troubleshooting “Remember Me” Visibility

In some situations, the "Remember me" check box may be hidden or unavailable due to your device or settings. Here’s how to resolve common issues:

📱 On Mobile Devices

If the check box is hidden (e.g., covered by the on-screen keyboard):

• Minimize the keyboard or

• Swipe down to view the full Duo prompt.

💻 On Computers or Mobile Devices with Auto-Push/Call Configured

If Duo is set to automatically send a push notification, the check box may be grayed out.

🔔 Push Notifications

1. When the “Pushed a login request to your device” bar appears, click Cancel.

2. When the “Authentication request canceled” message appears, click Dismiss.

3. Now, check “Remember me” and choose your preferred authentication method.

The Duo Mobile app that can be installed on smart phones and tablets does not require any connections. At the Duo prompt, choose "Duo Mobile passcode" and then open the Duo mobile app, tap your account, and the 6-digit passcodes will cycle through every 30 seconds.

Alternatively, you can generate and print out bypass codes. These can come in handy if you forget your device or cannot have your device in certain locations. To generate a set of codes to use when you are unable to use other Duo authentication methods, select GENERATE RANDOM CODES at the bottom of the Manage Duo page within NetID Management (www.towson.edu/netid).

• Keep the bypass codes in a secure location.
• Each code can be used only once.
• All codes will expire in six months.  

Depending on what devices you have registered to use with Duo will depend on how the Duo prompt will ask you to verify your identity. Duo Push through Duo Mobile App is the easiest and one of the more secure ways of using Duo to protect your account and the campus network by preventing potential phishing and other credential-stealing attacks.  It also reduces the likelihood of accidental approval of malicious login attempts.

1. A four-digit number will be displayed on the screen when you attempt to log in to a service.

2. That number will then need to be entered in the Duo mobile app before hitting ‘Verify’ and continuing.

If your Duo attempt runs out of time, you can Try again, or use other options you may have previously configured.

After several incorrect attempts, Duo will lock you out for 10 minutes Further attempts to log in to a service will result in Duo confirming that you are locked out.

Be careful not to approve any Duo prompts you did not initiate. 

If you receive a push in your mobile app unexpectedly, you can report it by tapping "I'm not logging in" from the mobile app. You should also change your password and contact OTS by creating a TechHelp request or calling 410-704-5151.

To add Duo to your Shared Guest Account, log in with that account at netid.towson.edu, select Duo and Security, and follow the self-guided setup. If you're using the Duo Mobile app, you'll be adding a new account — separate from your regular NetID.

If Duo multi-factor authentication has been applied to your shared guest account, the first person to use the account must complete the Duo registration process and add at least one authentication method/device.

📲 Setting Up Multiple User Devices

Subsequent users needing to access the account with the same credentials would need to coordinate with the first user to have an additional phone number or device added to Duo. This is done by choosing “Other options” from the Duo Push pop-up: 

1. Choose “Manage devices” from the bottom of the list
2. Choose “Add a device” and adding the device details:
3. After initial configuration of each users’ device details, they would need to be sure to choose their personal device utilizing “Other options” from the Duo push screen and selecting the appropriate device. 

🔑 Using Bypass Codes (Alternative Option)

If you are unable to setup multiple devices between users easily, Bypass Codes offer flexibility and security. The main account holder can log into NetID Management, select Manage Duo, and review Bypass Codes.

More information on Bypass Codes may be found here:  Towson TechHelp - Bypass Codes Guide

🛡️ Using Security Keys

If using a Shared Guest account on a single machine, security keys, such as a YubiKey, may be a good solution. The security key can stay plugged into the machine and used when the account is logged in. You can use the Duo Device Management Portal to add these type of devices.

More information on using Duo Device Management may be found here:  Towson TechHelp - Duo Device Management Guide

In this example we will be logging into Office with the shared guest account: dduosharedtest

Sign in with the email address or NetID (depending on the prompt) as you normally would:

When Duo prompts, simply look for your device and method you wish to use:

On the next screen, to reduce the amount of Duo prompts for your shared guest account, the person logging in should choose 'Yes':

This will be followed by a "Success" screen. If prompted to "Stay signed in?" also select 'Yes' to reduce the amount of times you need to log in with the account overall.

Eligible Towson University faculty and staff may request a hardware token — a small electronic security device — for use with Duo multi-factor authentication. These tokens generate random bypass codes you enter at the Duo prompt to authenticate.

Note: Hardware tokens are limited in quantity. All requests are reviewed and must be approved by OTS. Unused tokens may be recalled to support others in need.

The Duo mobile app works offline and does not require Wi-Fi or cellular reception to generate passcodes.

When Can You Request a Hardware Token?

To receive a token, one or more of these scenarios must apply:

• You do not have a mobile phone or tablet and need to authenticate in places like conference rooms or classrooms where mobile devices aren’t available.
• Your mobile device does not support Duo Mobile, and you frequently use locations with poor reception, making phone calls and texts unreliable.

How to Request a Hardware Token

1. Open TechHelp Services> NetIDs & Duo> Duo and select Open a Ticket.
2. Complete the service request form describing your use case for a Duo token.
3. Select the gold Request button. The OTS Faculty/Staff Help Center will either approve and arrange a pickup time, deny or escalate the request.

How to Enroll Your Hardware Token

1. Open the NetID Management page in your preferred browser.
2. Enter your NetID (username) and Password, then select Login.
3. Select Duo and Security.
4. Select the ADD a DEVICE button under Duo Devices.
5. Select the Device Type dropdown and select the Hardware Token option.
6. For University issued Duo tokens, select D100 for the the Token Type.
7. Enter the token serial number (without dashes) followed by GO6OATH.
8. Select the Submit button. 

See the following article for using and troubleshooting your hardware token:  Towson TechHelp - Hardware Token Guide

If you use a Duo hardware token, you can generate a passcode at the push of a button. Simply enter the passcode displayed on the token into the Duo prompt to complete your authentication.

Authenticate using a hardware token

1. When the Duo panel (pictured below) appears after you log in with your TU NetID and password, select Token from the Device menu.
   
   
    
2. Select the Enter a Passcode button in the Duo box. The button will change to Log In.
3. On your hardware token (pictured below), press the green button once. Then wait a few seconds for a passcode to appear on the token’s display.
   
   
4. Enter the passcode into the passcode field on the Duo panel, then select the Log In button. If available, you may also check the Remember me for 30 days option.

Troubleshoot your hardware token

A hardware token can become out-of-sync with the Duo service if its button is pressed too many times without the passcode being entered into the Duo Authentication panel. If this happens to you:

• Try authenticating with your hardware token three times in a row.
• On the first two attempts, the Duo panel will report Incorrect Passcode.
• On the third attempt, you should be granted access. 

Faculty, staff, students, and retirees must use Duo when accessing certain protected TU resources on additional devices they possess (phone, tablet, etc.). However, the steps to set up a new device are largely the same as before. Install the Duo Mobile app from your device's app store, then follow the steps below to complete the enrollment process. 

Adding a new phone or tablet

1. Open the NetID Management page in your preferred browser on a desktop or laptop computer.
2. Select Add a device under the Duo and Security section.
3. Select the type of device you plan to enroll — Mobile phone, Tablet, or Hardware Token. 
4. Enter a friendly name for the device (My iPhone, for example). ​
5. Select the Platform Type.
6. Set the phone country code, if needed, and enter your phone number, then select Submit.
7. Verify that the Duo Mobile app is installed on your phone. If it is not, install it now.
8. Select I HAVE DUO MOBILE to display a QR code (a square, black and white graphic) on your desktop or laptop screen, then follow the next three steps to link your phone to your TU account. If you prefer not to use the QR code, select the "...have an activation link emailed to you instead" option. Links expire after 24 hours. 
   1. Open the Duo Mobile app on your phone.
   2. Tap the + button.
   3. Scan the QR code using the phone's camera. 
9. Select DONE on your computer. Your phone should be listed under Duo Authentication Devices with the status Enabled. 

A Duo bypass code can be useful for authentication if ever your Duo-enrolled mobile devices are unavailable. If you generate a bypass code ahead of time, print and store it in a secure location or email it to a personal address, you will be ready when the need arises. Note: Even when there is no cell or Wi-Fi service, the Duo Mobile apps can still generate passcodes manually. Further, if you have previously received Duo passcodes via text message, you may be able to use one of the remaining passcodes in that text message without relying on bypass codes.

Generate a Duo Bypass Code

1. Open the NetID Management page in your preferred browser on a desktop or laptop computer.
2. Select Manage an Existing NetID Profile, under the Manage NetID and Duo section.
3. Enter your NetID (username) and Password, then select Login. 
4. Select Duo and Security.
5. Select the gold GENERATE CODES button (under the Duo Bypass Codes section) to display a set of numeric codes in the Bypass Codes box.
6. Use the buttons at the bottom of the Bypass Codes section to:
   1. CLEAR the displayed codes.
   2. GENERATE RANDOM CODES, invalidating the previous set and displaying a new set.
   3. PRINT BYPASS CODES.

Please note that each code can be used one time only and they expire after 180 days.