Set Up, Activate, and Use Duo for Your Account

1. Open towson.edu/netid and select the Manage link under Manage NetID.

2. Log in using your NetID and password. An Attention box will prompt you to enable Duo.

3. Select CLOSE to hide the box and continue.

4. Select MY PROFILE in the black area at the top of the page. Then select MANAGE DUO in the gray area.
   

5. Select ADD NEW DEVICE at the bottom of the page.
    

6. In the Add new Duo device box, select Mobile phone and click NEXT. 
    

7. Enter a friendly name for your device and select NEXT.
    

8. Select your country code (if necessary), enter the phone number for your device, and select NEXT. 
    

9. Select your phone type, and select NEXT.
    

10. Install the Duo Mobile app as instructed. Then, select I HAVE DUO MOBILE. 
     

11. Link your device using the using the QR code or request an activation link via email. 
    

For new account holder's who do not setup Duo right away, you will be prompted to setup Duo during log on.

If the Welcome to Duo Security screen appears, do not exit this screen! You will not be able to log in until you successfully enroll a device. This will interrupt the Duo enrollment process and require you to contact the OTS Technology Support Desk. 

Here is what you will see when you are set to enroll after logging into a service:

You will be asked to add a device (Duo Mobile is universally recommended).

Follow the prompts depending on the device you wish to add to complete your Duo set up!

Once completed you will be required to log in with Duo.

Every time you add a new device you should receive an email confirming your device enrollment. You will be notified when a new device is added in the future.

Duo adds an additional layer of security when you sign in to a TU system by requiring something you have at the time of login. Various ways to authenticate using these devices include the following:

• Duo Push using the Duo Mobile app displays an alert message on your smartphone/tablet screen using the installed Duo app. Select Approve on your smartphone/tablet to complete the sign-in on your computer. This is the recommended method.
• Passcodes can be sent via a text message, generated from the Duo mobile app which requires no cell/data/internet service, or from NetID Management back up codes. These codes containing a numeric code that you enter on your computer to complete the sign-in.

Use Duo to authenticate

Duo will prompt you with your most secure option. If that option is not available, select 'Other Options' to see all the other options you have registered or have available to you.
 

Learn more about using Duo such as Login Options at  Duo Universal Prompt - Guide to Two-Factor Authentication · Duo Security 
 

Have Duo remember you

When using Duo to authenticate web applications such as PeopleSoft or Microsoft 365, you might see a checkbox labeled Remember me. As long as the computer is not a public or shared machine, you can select the checkbox.

In certain situations, selecting the Remember me option may require additional action.

• Mobile Device - If the Remember me checkbox is covered by the on-screen keyboard or otherwise not visible, minimize your keyboard or swipe to see the bottom of the authentication box.
• Computer/Mobile Device - If you have configured Duo to automatically call your phone or send a push notification, the Remember me checkbox may be grayed out when the Duo prompt first appears. To access the option, do the following:
  • Push Notifications
    • Select Cancel when the Pushed a login request to your device blue bar appears.
    • Select Dismiss when the Authentication request canceled message appears.
    • Select the Remember me checkbox and choose an authentication method.
  • Call Notifications
    • You must Decline the phone call.
    • Select Cancel when the blue bar appears.
    • Select Dismiss when the Authentication request canceled message appears.
    • Select the Remember me checkbox and choose an authentication method.

Bypass codes can come in handy if you forget your device or cannot have your device in certain locations. To generate a set of codes to use when you are unable to use other Duo authentication methods, select GENERATE RANDOM CODES at the bottom of the Manage Duo page within NetID Management (www.towson.edu/netid).

• Keep the bypass codes in a secure location.
• Each code can be used only once.
• All codes will expire in six months.  

Depending on what devices you have registered to use with Duo will depend on how the Duo prompt will ask you to verify your identity. Duo Verified Push further increases the security of your account and the campus network by preventing potential phishing and other credential-stealing attacks.  It also reduces the likelihood of accidental approval of malicious login attempts.

Verified Push ties your active login session, such as logging into email, and the Duo push approval together​ by generating a code on the page you are logging into and verifying that login with Duo's mobile app.

1. A four-digit number will be displayed on the screen when you attempt to log in to a service.

2. That number will then need to be entered in the Duo mobile app before hitting ‘Verify’ and continuing.

If your Duo attempt runs out of time, you can Try again, or use other options you may have previously configured.

After several incorrect attempts, Duo will lock you out for 10 minutes Further attempts to log in to a service will result in Duo confirming that you are locked out.

Be careful not to approve any Duo prompts you did not initiate. 

If you receive a push in your mobile app unexpectedly, you can report it by tapping "I'm not logging in" from the mobile app. You should also change your password and contact OTS by creating a TechHelp request or calling 410-704-5151.

In the use cases listed below, eligible TU faculty and staff may request a hardware token — a small electronic security device — for Duo multi-factor authentication. These hardware tokens are assigned to users and are used to generate a random bypass code.

There are a limited number of tokens available for the campus community. All requests are reviewed and must be approved by OTS. Hardware tokens that are issued and are unused may be requested back by OTS for others in need.

Hardware token use cases

To receive a token, one or more of these scenarios must apply:

• You do not have a mobile phone or tablet that you regularly carry with you, and you need a way to authenticate in conference rooms, classrooms or anywhere else where you lack a permanent landline phone. 
• Your only mobile device is a flip phone, and you teach in classrooms or meet in conference rooms with poor reception, making phone calls and text messages unreliable.
• You teach in classrooms with poor cell and Wi-Fi reception and have had difficulties with mobile devices functioning previously.

Request a hardware token

1. Open TechHelp Services> NetIDs & Duo> Duo and select Open a Ticket.
2. Complete the service request form describing your use case for a Duo token.
3. Select the gold Request button. The OTS Faculty/Staff Help Center will either approve and arrange a pickup time, deny or escalate the request.

Enroll your hardware token

1. Open the NetID Management page in your preferred browser. 
2. Select Manage Duo Devices under Other OTS Faculty/Staff NetID Tools.
3. Enter your NetID (username) and Password, then select Login. 
4. Select MY PROFILE at the top of the page, then select MANAGE DUO in the gray area below. If necessary, select the sandwich button (three stacked lines) to reveal MANAGE DUO. 
5. Select the ADD NEW DEVICE button under Duo Security Tokens.
6. Select Hardware Token, then select Next. 
7. Enter the token serial number followed by GO6OATH.
8. Select the ASSOCIATE button. 

See the following article for using and troubleshooting your hardware token: https://techhelp.towson.edu/TDClient/1879/Portal/KB/ArticleDet?ID=140342

If you use a Duo hardware token, you can create a passcode at the push of a button. Simply enter the passcode displayed on the token into the Duo box to complete your authentication.

Authenticate using a hardware token

1. When the Duo panel (pictured below) appears after you log in with your TU NetID and password, select Token from the Device menu.
   
   
   
   
   
   
   
    
2. Select the Enter a Passcode button in the Duo box. The button will change to Log In.
3. On your hardware token (pictured below), press the green button once. Wait a few seconds for a passcode to display on the token. 
   
   
   
   
   
   
   
   
    
4. Enter the passcode into the passcode field of the Duo panel and select the Log In button. You may also check the Remember me for 30 days option if it is available.

Troubleshoot your hardware token

A hardware token can become out-of-sync with the Duo service if its button is pressed too many times without the passcode being entered into the Duo Authentication panel. If this happens to you:

• Try authenticating with your hardware token three times in a row.
• On the first two attempts, the Duo panel will report Incorrect Passcode.
• On the third attempt, you should be granted access. 

Faculty, staff, students, and retirees must use Duo when accessing certain protected TU resources on additional devices they possess (phone, tablet, etc.). However, the steps to set up a new device are largely the same as before. Install the Duo Mobile app from your device's app store, then follow the steps below to complete the enrollment process. 

Start adding a new phone or tablet

1. Open the NetID Management page in your preferred browser on a desktop or laptop computer.
2. In the Manage NetID section, select the Manage link.
3. Enter your NetID (username) and Password, then select Login. 
4. Select MY PROFILE at the top of the page, then select MANAGE DUO in the gray area below. If necessary, select the sandwich button (three stacked lines) to reveal MANAGE DUO.
5. Select the gold ADD NEW DEVICE button to display the Add new Duo device box.
6. Select the type of device you plan to enroll — Mobile phone, Tablet (iPad, Nexus 7, etc.), or Hardware Token (which includes security keys) — then select NEXT. Continue with the most appropriate section below.

Finish adding a new phone

7. Enter a friendly name for the device (My iPhone, for example), then select NEXT. ​
8. Set the phone country code to United States (+1), enter your phone number, then select NEXT.
9. Select the phone type, then select NEXT.
10. Verify that the Duo Mobile app is installed on your phone. If it is not, install it now.
11. Select I HAVE DUO MOBILE to display a QR code (a square, black and white graphic) on your desktop or laptop screen, then follow the next three steps to link your phone to your TU account. If you prefer not to use the QR code, select the "...have an activation link emailed to you instead" option. Links expire after 24 hours. 
    1. Open the Duo Mobile app on your phone.
    2. Tap the + button.
    3. Scan the QR code using the phone's camera. 
12. Select DONE on your computer. Your phone should be listed under Duo Authentication Devices with the status Enabled. 

Finish adding a new tablet

7. Enter a friendly name for the device (My iPad, for example), then select NEXT. ​
8. Select the tablet type — iOS or Android — then select NEXT.
9. Verify that the Duo Mobile app is installed on your tablet. If it is not, install it now.
10. Select I HAVE DUO MOBILE to display a QR code (a square, black and white graphic) on your desktop or laptop screen, then follow the next three steps to link your tablet to your TU account. If you prefer not to use the QR code, select the "...have an activation link emailed to you instead" option. Links expire after 24 hours. 
    1. Open the Duo Mobile app on your tablet.
    2. Tap the + button.
    3. Scan the QR code using the tablet's camera. 
11. Select DONE on your computer. Your tablet should be listed under Duo Authentication Devices with the status Enabled. 

A Duo bypass code can be useful for authentication if ever your Duo-enrolled mobile devices are unavailable. If you generate a bypass code ahead of time, print and store it in a secure location or email it to a personal address, you will be ready when the need arises. Note: Even when there is no cell or Wi-Fi service, the Duo Mobile apps can still generate passcodes manually. Further, if you have previously received Duo passcodes via text message, you may be able to use one of the remaining passcodes in that text message without relying on bypass codes.

Generate a Duo Bypass Code

1. Open the NetID Management page in your preferred browser on a desktop or laptop computer.
2. In the Manage NetID section, select the Manage an existing NetID profile link.
3. Enter your NetID (username) and Password, then select Login. 
4. Select MY PROFILE at the top of the page, then select MANAGE DUO in the gray area below. If necessary, select the sandwich button (three stacked lines) to reveal MANAGE DUO.
5. Select the gold GENERATE RANDOM CODES button to display a set of numeric codes in the Bypass Codes box.
6. Use the buttons at the bottom of the Bypass Codes section to:
   1. CLEAR the displayed codes.
   2. GENERATE RANDOM CODES, invalidating the previous set and displaying a new set.
   3. PRINT BYPASS CODES.

Please note that each code can be used one time only and they expire after 180 days.