ATTENTION: DUO 2FA changes starting on November 20th
The DUO Two-Factor Authentication (DUO 2FA) system will be changed on November 20 to enhance the university’s information security posture.
This change will impact all systems and services which require DUO 2FA.
What is Duo?
Duo is a form of multifactor authentication service WashU chose to use. It uses a mobile device or phone to verify that the person logging into your account is actually you. Duo adds a second layer of defense against unauthorized logins to your WUSTL account and email.
Why is WashU using Duo?
Duo protects access to your WUSTL accounts and email, even if your password is guessed or stolen. Universities are prime targets for Internet thieves attempting to gain quick access to personal information and use compromised accounts to attack other businesses and institutions. Many other businesses and universities employ 2FA to enhance security and decrease instances of phishing attacks.
How to enroll in Duo
- Enrollment in WashU 2FA is simple. Visit the WashU 2FA enrollment wizard.
- Choose when you want the protection applied. The default setting is Only enforce when accessing WashU WUSTL Key enabled websites while outside of the WashU network (off – campus). However, you have the option to choose Always enforce, whether on or off campus.
- Select Save Changes.
DUO Passcode authentication, described below, is only applicable for individuals with an approved DUO Exception Request from the Office of Information Security. Please see Can I Still Use Passcode Authentication for more information.
For the best experience, we recommend using the DUO Mobile app on your smartphone or mobile device to authenticate quickly and easily.
- Search for Duo Mobile where you download your mobile apps and then install the app on your device.
You can authenticate without a mobile device or cell service using a landline phone or a pre-generated passcode.
- After installing the app on your device, return to the WashU 2FA enrollment wizard.
- Under the Information section, select Enroll in WashU 2FA.
- Select Start Setup.
- Choose your device type and select Continue.
- Enter the device information, verify the number is correct by checking the box and select Continue.
- Choose the make of your device and select Continue.
- Open Duo Mobile on your device.
- Select OK to allow notifications and Accept the License Agreement.
- Select Add Account.
- On the computer, select I have Duo Mobile installed.
- The camera will activate on your device so that you can scan the bar code on the computer screen. Once the activation has been accepted select Continue.
- Select your default settings. Check the box to Automatically send me a: then select either Duo Push (recommended) or Phone Call and then select Save.
Anyone who accesses any Washington University system online, including faculty, staff, students, alumni and volunteers, will need to enroll in Duo to log in.
You will be asked to verify your identity through Duo once every two weeks, or whenever you clear your web browser history.
By enrolling in 2FA, you are taking an important additional step toward securing your online identity and personal information. You are also helping to protect Washington University’s institutional data.
If you do not wish to install the Duo app, you can set up 2FA by entering a phone number. You will receive a phone call when you attempt to log in; press any key to authorize your login.
The Duo app lets you register multiple profiles. Open the Duo app and click the + at the top of the page to add Washington University as a new account.
If you do not use the Duo app, follow the instructions to enroll your phone number without downloading the app below.
The Duo app uses the device’s camera to take a photo of a QR code in order to quickly personalize your access for security purposes. You can deny this permission, but without this access you will have to type a long, alphanumeric “2FA secret” key to get your account working.
This article describes how to turn off permissions you may have granted the Duo Mobile application.
- Enter the telephone number including the area code. Check the box to verify the number (ex: 314-933-3333 is the correct number). Then, scroll down and click continue.
- If you are setting up a cell phone and do not wish to download the Duo app, select Other (and cell phones) as the device type. This will allow you to register without using the app.
- Choose the settings you prefer including your default device (you may have more than one device registered for 2FA) and the method for receiving your authentication. You are enrolled in 2FA.
- If you do not wish to choose a default device (“automatically send me a:”), then you will be asked how you wish you authenticate each time you login. If you select a default, the system will use that method without asking.