Versions Compared

Old Version 30

changes.mady.by.user Natasha Jennings

Saved on

compared with

New Version 31

changes.mady.by.user Natasha Jennings

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Duo Mobile System Requirements

  • Android: the current version of Duo Mobile supports Android 7.0 and greater. Duo recommends upgrading to the most recent version of Android available for your device. We cannot ensure compatibility of Duo Mobile with custom variants or distributions of Android.

  • iPhone: The current version of Duo Mobile supports iOS 11.0 and greater. Support for older Duo Mobile versions on iOS 10.0 ended July 28, 2019.

Factors to consider

There are a number of criteria to consider in selecting a second-factor, including:

  • Assurance levels

  • Ease of use

  • Cost

  • Sensitivity of systems and data

Second-factor assurance levels

Any 2FA protection provides a higher assurance level than a static password alone affords. Within the realm of 2FA options, some options provide a higher level of security than others. The threshold for the security level appropriate for a given application that is protected with 2FA will vary with the risk posed to that application. As such, for applications that require a sufficiently high assurance level, less secure 2FA options will not be allowed.

Duo mobile app | Preferred second-factor option

Info

The preferred option is the Duo Mobile app.

  • The app is available for iOS and Android devices, with or without cellular access

  • While an Internet connection is required for adding the device to a user’s Duo account, the app can be used to generate OTP codes even when cellular data or Wi-Fi networks are not available

  • The app is simple to register and use. It functions, in various modes, with or without cellular data or Wi-Fi connection

  • Any Duo protected application can be authenticated with the app

...

  • ; it is not necessary to disclose the phone number for a smartphone to use the app

...

Duo Mobile System Requirements

...

Android: the current version of Duo Mobile supports Android 7.0 and greater. Duo recommends upgrading to the most recent version of Android available for your device. We cannot ensure compatibility of Duo Mobile with custom variants or distributions of Android.

...

Generate Mobile app passcodes, even offline!

If you need to access a 2FA protected service when your mobile device is not connected to Wi-Fi or cellular data, you can generate a single-use passcode. Simply open the Duo Mobile app and select your account. This will display a 6-digit passcode you can type in to a 2FA prompt. 

Image Added

Image Added

Alternative options

Hardware tokens

Tokens for students

  • A U2F token is a good option for Duo authentication for web applications

  • A U2F token will not work with the University's virtual private network (VPN)

  • The U2F standard is currently well supported by Google Chrome

  • U2F tokens are relatively inexpensive, with prices starting below $30

  • Most YubiKey are compatible with Duo, see this page for details

  • It is easy for a user to add a U2F token to your Duo account in the self-service portal

Tokens for employees

  • Tokens must be added to a Duo account by an administrator

  • Employees who don't have a mobile phone or tablet or would prefer an

...

Phone call

  • Phone call authentication can be used for any Duo protected application that supports push authentication

  • A user can add a phone number to their Duo account for phone call authentication in the self-service portal

SMS

...

Any phone that can receive SMS messages can receive an OTP code via text message

...

These codes can be used to authenticate with any Duo protected application

Avoid use of SMS and phone call for 2FA

Note

SMS and phone call 2FA are our least secure – and often least reliable – 2FA options. University employees should plan to transition away from SMS and phone call options by installing the Duo Mobile app or requesting a YubiKey. If you already have the Duo Mobile app set up, you can follow the instructions below to remove your phone number and prevent SMS and phone call 2FA options. 

Removing your mobile phone number from Duo 

To remove your mobile device phone number from Duo: 

  1. Sign in to the 2FA Device Management Portal at: https://2fa.uwaterloo.ca/duo/dmp  

  2. Delete your mobile device from the Device Management Portal. 

  3. Remove your University of Waterloo account from the Duo Mobile app. 

  4. In the Device Management Portal, “+ Add another device” then select the “Tablet” option and follow the directions to set up the Duo Mobile app again on your mobile device. 

Device management instructions

For steps on enrolling in Duo 2FA using one of the above alternate second-factor methods, please see the Device management instructions page.

Second-factor criteria comparison 

Second-factor option

Self-serve

...

enrolment?

Phone number required?

Cellular network connection required?

Wi-Fi connection required?

Duo Mobile app

Yes

No

No

No (only for

...

enrolment)

U2F token

Yes

No

No

Yes

OTP token

No 

No

No

No

Combined U2F/OTP token

Yes (U2F)

No

No

No

SMS

Yes

Yes

Yes

No

Phone call

Yes

Yes

Yes (or landline)

No

Assurance levels

Second-factor option

Assurance level

Duo Mobile App

High

U2F token

High

OTP token

Moderate - high

SMS

Low

Phone call

Low

Filter by label (Content by label)
showLabelsfalse
max5
spacesISTKB
sortmodified
showSpacefalse
reversetrue
typepage
excludeCurrenttrue
cqllabel in ( "duo" , "2fa" ) and type = "page" and space = "ISTKB"
labelsduo 2fa
Info

Need help?

Contact the IST Service Desk online or 519-888-4567 ext. 44357.

Tip

Article feedback

If you’d like to share any feedback about this article, please let us know