There are a number of criteria to consider in selecting a second-factor, including:
Ease of use
Sensitivity of systems and data
Second-factor assurance levels
Any 2FA protection provides a higher assurance level than a static password alone affords. Within the realm of 2FA options, some options provide a higher level of security than others. The threshold for the security level appropriate for a given application that is protected with 2FA will vary with the risk posed to that application. As such, for applications that require a sufficiently high assurance level, less secure 2FA options will not be allowed.
Preferred second-factor option
The preferred option is the Duo Mobile app.
The app is available for iOS and Android devices, with or without cellular access
While an Internet connection is required for adding the device to a user’s Duo account, the app can be used to generate OTP codes even when cellular data or Wi-Fi networks are not available
The app is simple to register and use. It functions, in various modes, with or without cellular data or Wi-Fi connection
Any Duo protected application can be authenticated with the app. It is not necessary to disclose the phone number for a smartphone to use the app
Duo Mobile System Requirements
Android: the current version of Duo Mobile supports Android 7.0 and greater. Duo recommends upgrading to the most recent version of Android available for your device. We cannot ensure compatibility of Duo Mobile with custom variants or distributions of Android.
iPhone: The current version of Duo Mobile supports iOS 11.0 and greater. Support for older Duo Mobile versions on iOS 10.0 ended July 28, 2019.
Tokens for students
A U2F token is a good option for Duo authentication for web applications
A U2F token will not work with the University's virtual private network (VPN)
The U2F standard is currently well supported by Google Chrome
U2F tokens are relatively inexpensive, with prices starting below $20