Multi-factor authentication is widely regarded as one of the best solutions to prevent the theft and misuse of information from individuals and institutions. WashU uses the Duo application to make it quick and easy for users to protect themselves using multi-factor authentication.
What is Duo?
Duo is a form of multifactor authentication that uses a mobile device or phone to verify that the person logging into your account is actually you. Duo adds a second layer of defense against unauthorized logins to your WUSTL account and email.
Why is Washington University using Duo?
Duo protects access to your WUSTL accounts and email, even if your password is guessed or stolen. Universities are prime targets for Internet thieves attempting to gain quick access to personal information and use compromised accounts to attack other businesses and institutions. Many other businesses and universities employ 2FA to enhance security and decrease instances of phishing attacks.
Do I need to use Duo?
Anyone who accesses any Washington University system online, including faculty, staff, students, alumni and volunteers, will need to enroll in Duo to log in.
You will be asked to verify your identity through Duo once every two weeks, or whenever you clear your web browser history.
By enrolling in 2FA, you are taking an important additional step toward securing your online identity and personal information. You are also helping to protect Washington University’s institutional data.
If you do not wish to install the Duo app, you can set up 2FA by entering a phone number. You will receive a phone call when you attempt to log in; press any key to authorize your login.
What if I already use Duo for another purpose?
The Duo app lets you register multiple profiles. Open the Duo app and click the + at the top of the page to add Washington University as a new account.
If you do not use the Duo app, follow the instructions to enroll your phone number without downloading the app below.
Do I have to give Duo Mobile access to my camera if I download the app onto my device?
The Duo app uses the device’s camera to take a photo of a QR code in order to quickly personalize your access for security purposes. You can deny this permission, but without this access you will have to type a long, alphanumeric “2FA secret” key to get your account working.
This article describes how to turn off permissions you may have granted the Duo Mobile application.
Two-Factor Authentication (2FA) is used to access a multitude WUSTL Key enabled services such as one.wustl.edu. This means that when accessing the service, you will need to log in with your WUSTL Key and then verify it’s you via the Duo Mobile App on your Duo-registered device.
Follow the steps below to register for WashU 2FA:
- From a browser, navigate to the WashU 2FA enrollment wizard and select the Sign Up / Manage Enrollment button.
a. Service Desk see special note at end. - The Welcome to Duo Security window will show, select Next.
- The ‘Did you know?’ window will show, select Next.
- The ‘What can you do?’ window will show, select Next.
- The ‘Select an Option’ window will show, select Duo Mobile.
- The ‘Enter your phone number’ window will show, enter your phone number formatted as XXX-XXX-XXXX, then select Add phone number.
- The ‘Is this correct?’ window will show, verify the number is correct, and then select Yes, it’s correct.
a. If you need to make a change, select the link No, I need to change it, make the necessary edits and repeat step 6 & 7. - On the device, download Dup Mobile from the App Store or Google Play, then select Next.
- The following instructions may vary per device.
a. The Apple steps should be similar (but may vary) to the following:
i. On the ‘Duo Mobile would like to send you notifications’ window, be sure to Allow notifications so that you can get the on-screen and/or audio notification when being prompted to complete an authentication. You may adjust these later in the device Settings under Notifications. Apple Notification Settings.
ii. On the ‘Accounts’ window, tap the Add (or plus icon) to add a new account.
iii. On the ‘Add account’ window, tap Use QR code.
1. A request to use the camera may pop up, tap OK.
iv. When the camera window appears, point the camera at the QR code on the computer screen. This will send the WUSTL information to your phone.
v. On the ‘Organization’ window, the default account name is WUSTL Key. You may rename it or leave it as is then tap Save.
vi. On the ‘Account Linked’ screen, you may tap practice now, to experience some examples, or Skip.
b. The Android steps should be similar (but may vary) to the following:
i. On the ‘Welcome’ window, tap Set up account.
ii. On the ‘Link your account’ window, tap Use a QR code.
iii. When the camera opens, point it at the QR code on the computer screen. This should automatically send the WUSTL information to the device.
1. Note: if a notification pops up asking for permission to use the camera, tap OK or Allow.
iv. On the ‘Name your account to continue’ window, tap Next.
v. On the ‘Name Account’ window, the default account name is WUSTL Key. You may rename it or leave it as is then tap Save.
vi. On the ‘Account Linked’ screen, you may tap practice now, to experience some examples, or Skip.
vii. Note: Be sure to visit your device settings to allow notifications from Duo Mobile. Android Notification Instructions
10. Your WashU 2FA set up is now complete.
From step 1.a. Special Note to the Service Desk:
If the user does not initiate enrollment from the wizard, they may get this screen after attempting their first WUSTL Key log in.
To enhance our information security, WashU IT will require an approved exception request form for both the Call Me and Passcode authentication methods of WashU Two-Factor Authentication (2FA).
The Send Me a Push (requires DUO Mobile App on your mobile device) is the preferred option.