There are a number of criteria to consider in selecting a second-factor, including:
Assurance levels
Ease of use
Cost
Sensitivity of systems and data
Any 2FA protection provides a higher assurance level than a static password alone affords. Within the realm of 2FA options, some options provide a higher level of security than others. The threshold for the security level appropriate for a given application that is protected with 2FA will vary with the risk posed to that application. As such, for applications that require a sufficiently high assurance level, less secure 2FA options will not be allowed.
The preferred option is the Duo Mobile app.
The app is available for iOS and Android devices, with or without cellular access
While an Internet connection is required for adding the device to a user’s Duo account, the app can be used to generate OTP codes even when cellular data or Wi-Fi networks are not available
The app is simple to register and use. It functions, in various modes, with or without cellular data or Wi-Fi connection
Any Duo protected application can be authenticated with the app. It is not necessary to disclose the phone number for a smartphone to use the app
Duo Mobile System Requirements
|
A U2F token is a good option for Duo authentication for web applications
A U2F token will not work with the University's virtual private network (VPN)
The U2F standard is currently well supported by Google Chrome
U2F tokens are relatively inexpensive, with prices starting below $20
Most Yubikey are compatible with Duo, see this page for details
It is easy for a user to add a U2F token to your Duo account in the self-service portal
Tokens must be added to a Duo account by an administrator
Employees who don't have a mobile phone or tablet or would prefer an alternate option, can request a token using the 2FA token request form
Report a lost or stolen token or transfer a token to another employee
Phone call authentication can be used for any Duo protected application that supports push authentication
A user can add a phone number to their Duo account for phone call authentication in the self-service portal
Any phone that can receive SMS messages can receive an OTP code via text message
These codes can be used to authenticate with any Duo protected application
A user can add a cell phone to their Duo account in the self-service portal
For steps on enrolling in Duo 2FA using one of the above alternate second-factor methods, please see the Device management instructions page.
Second-factor option | Self-serve enrollment? | Phone number required? | Cellular network connection required? | Wi-Fi connection required? |
---|---|---|---|---|
Duo Mobile app | Yes | No | No | No (only for enrollment) |
U2F token | Yes | No | No | Yes |
OTP token | No | No | No | No |
Combined U2F/OTP token | Yes (U2F) | No | No | No |
SMS | Yes | Yes | Yes | No |
Phone call | Yes | Yes | Yes (or landline) | No |
Second-factor option | Assurance level |
---|---|
Duo Mobile App | High |
U2F token | High |
OTP token | Moderate - high |
SMS | Low |
Phone call | Low |
Related articles appear here based on the labels you select. Click to edit the macro and add or change labels.
Need help?Contact the IST Service Desk online or 519-888-4567 ext. 44357. |
Article feedbackIf you’d like to share any feedback about this article, please let us know |