Loading...

Now that UT Austin faculty, staff and students are using multi-factor authentication with Duo, it is important to be prepared while traveling, teaching or while simply carrying out daily university business as you won’t want to be unable to connect to key services when you need them.

You should have a backup plan in the event your primary authentication factor (e.g., your smartphone) is lost, stolen or replaced.

Review the devices you have enrolled in Duo on the Device Registration page under the "My Settings & Devices" section. 

(Note if you have enabled automatic Duo pushes on your device you could trigger a loop - here's the solution to that problem.)

Authentication Options

Push Notification

The Duo Mobile app—available on Apple, Android, Blackberry, and Windows devices—will send you a push notification that can be used to authenticate yourself.

Wearables

If your wearable device is paired with a smartphone with the Duo Mobile app installed, you could authenticate yourself on the wearable.

More specific support also exists for the Apple Watch (https://guide.duo.com/apple-watch).

Apple Touch ID

If your MacBook Pro or MacBook Air has a Touch ID button then you can pair your it with Duo (https://guide.duo.com/touch-id)

SMS Message

Receive passcodes via SMS and authenticate yourself by typing them into the UTLogin page.

Pre-Generated SMS Passcodes

You can pre-generate 10 single use SMS passcodes that can be used to authenticate yourself.   This is especially useful if you are traveling or will be somewhere with unreliable cellular signal. Keep these safe and secure, but you likely won't want to keep them in Stache as that service will require MFA for login.

Phone Call

Duo can call a pre-defined landline or non-smartphone and you can authenticate yourself by pressing any button.

Hardware Tokens

A hardware token is a device that can either be inserted into your computer to authenticate you or generate a code that can be entered into the UTLogin page for authentication.

Yubikeys, Google Titan keys, and other compatible tokens are very convenient and worth considering.  Yubikeys that have been pre-programmed for the UT Duo environment can be purchased at a significant discount in the Campus Computer Store.

Duo branded hardware tokens are also available from the ITS Service Desk (https://guide.duo.com/tokens).

Recommended Methods for Authentication

Duo can use a number of different factors to best accommodate your work style. Here are some recommended combinations: 

Faculty

Faculty who teach should consider using their smartphone as their primary factor and then consider obtaining a Duo branded hardware token from the ITS Service Desk's Walk Up desk on the ground level of Flawn Academic Center. Once added to the Device Registration page, the hardware token can be added to your keychain so that it is less likely to be lost or forgotten. 

Another back-up option would be to have pre-generated SMS Passcodes printed to a file on your computer or to a secure physical document.  You will obtain 10 passcodes at a time and they are each good for one single use.  Once all 10 passcodes have been used you can request Duo to SMS another set of 10 passcodes to you.

Staff

Staff members should consider using their smartphone as their primary factor and then consider adding one or more landlines to the Device Registration page.

Staff members operating on campus with limited cell phone coverage should consider a hardware token.

Yubikeys, Google Titan keys, and other compatible tokens are very convenient and worth considering.  Yubikeys that have been pre-programmed for the UT Duo environment can be purchased at a significant discount in the Campus Computer Store.

Duo branded hardware tokens are also available from the ITS Service Desk (https://guide.duo.com/tokens).

Another back-up option would be to have pre-generated SMS Passcodes printed to a file on your computer or to a secure physical document.  You will obtain 10 passcodes at a time and they are each good for one single use.  Once all 10 passcodes have been used you can request Duo to SMS another set of 10 passcodes to you.

Students

Students should stick to using their smartphones as their primary factor and consider pre-generated SMS passcodes (printed to a file or physical document) as an alternate option.

Multi-Factor Authentication Best Practices

  • If you are traveling for university business, be sure to take one of those enrolled devices with you on your trip. Note: If you are traveling internationally for University business, be sure to review the International Travel Guidelines to make sure you are following the guidelines for mobile devices.
  • In the event you get a new device you can use one of your backup factors to remove your old device and add your new device.
  • You can also recover your account from the Duo Mobile App if you want to carry it over to a new device.
  • Please see this page for additional multi-factor self-help resources.
  • Be aware of targeted "Vishing" (or 'voice phishing') attacks that seek to compromise your multi-factor controls.  See our Vishing document for more details.