DUO Account Security
Enroll in or Make updates to DUO
Click here for information about recent Duo updates.
Account security has never been more important as an increasing number of businesses and users are targeted by hackers. Password management has always been a weak point in systems that rely solely on a knowledge-based authentication factor (something you know). Passwords are reused across multiple systems, making all accounts vulnerable when a reused password is leaked.
When all is said and done, passwords are simply no longer reliable as the sole method of authentication to sensitive systems. A better security option is having two (or more) factors needed before gaining access to an account. These come from different categories:
- Something you know (password)
- Something you have (phone)
- Something you are (biometric, such as a thumbprint)
What is DUO Account Security?
The UofM Single Sign-On System (SSO) now includes Multi-factor Authentication (MFA) capabilities. This means that users protect their accounts by requiring a second means to authenticate in addition to their password. Passwords alone have become increasingly easy to hack and MFA substantially reduces the threat of unauthorized access to accounts.
The ITS Security team has implemented MFA using a product from DUO Security, which allows users to use their phones as a second factor for authentication. Users can use the DUO Mobile app to enroll their smartphone or tablet to receive online push notifications, or generate a one-time passcode. Other methods of second factor authentication are available with DUO.
Am I required to enroll in DUO Account Security?
As of February 2021, all students, faculty and staff are required to enroll in DUO Account Security to protect their accounts.
How do I enroll or change my devices in DUO Account Security?
To enroll in DUO or to see your settings, login to https://iam.memphis.edu/duo. If you are setting up your account, you will be guided through the process of registering your device(s). Once you have enabled DUO, you will be prompted to authenticate with your second factor the next time you log in to any SSO-protected web resource. New hires are guided through the enrollment process during orientation.
It is strongly recommended that you have more than one device registered in case there is an issue with your primary device.
If you change devices, even if you keep the same phone number, that device needs to be registered with DUO to work. Register the new device at the above link.
Where can I get help with DUO Account Security?
Full documentation for the DUO Account Security service can be found in the DUO Account Security documentation. For further assistance, please contact the ITS Service Desk at 901.678.8888.
How can I give feedback on the DUO Account Security service?
The ITS Security team would appreciate any feedback that you might have regarding your experience using DUO or registering devices within iAM. Suggestions for improving the service can be submitted via the ITS Suggestion Box.
Frequently Asked Questions
Why is this service necessary?
Threats such as social engineering and phishing increase the risk of an individual
inadvertently sharing their username and password. MFA helps protect critical University
resources by requiring an additional piece of information or factor during login that
a hacker will not have access to. Even if a password is suspicious for an account,
the account cannot be used to access critical or important University information.
What methods are supported by DUO MFA?
- DUO App - When paired with the DUO app installed on a smartphone or tablet, DUO can send
a push message to the app. The user only has to approve the push to login. The DUO
app is free and can be downloaded from the Apple Store or Google Play. Note: The DUO application may be restricted in some international countries, and the client
may need to download the DUO Mobile APK App directly from DUO website.
- One-time passcodes - The DUO app can also be used to generate one-time passcodes in the event that the
device does not have an WiFi or cellular data connection.
- DUO tokens - DUO tokens can be used to generate a code or token when an individual has no usable
phone options or if traveling internationally. The token will need to be kept near
or on the person to whom it is assigned, as it will be needed whenever you attempt
to login a system protected by DUO. The price for a Duo for is $20. Note: The DUO App is free. There will be a 5-7 day time period for clients to pick up the
DUO token once notified. The DUO token MUST be picked up in person by the requestor,
on the main campus at the Administration Building room 100. It cannot be picked up
from someone else other than the original requestor.
- Bypass codes - A bypass code allows you to log in using Duo when you do not have access to your
registered device. For example, if you lose your phone, you can still access your
account using a bypass code. UofM Duo users have access to a list of single-use bypass
codes in iAM. These bypass codes can be saved in a secure location offline in case
you ever need to log in without access to a registered device. All bypass codes can
be used only once and only for your account.
- Accessing Your Bypass Codes:
1. Log in at iam.memphis.edu.
2. Click Duo Account Security.
3. Click the Bypass Codes button.
4. Write down one or more bypass codes and save them in a secure location.
Students can also request a bypass code to be sent to their personal email address. You must have a personal email address registered in Banner to use this option. Generating a bypass code in this way will reset any previous bypass codes, including those stored in iAM. For instructions on finding your bypass codes or sending one to yourself via email, visit the Duo Bypass Code Self-Service webpage.
If you are unable to generate a bypass code for yourself, the ITS Help Desk can provide a temporary bypass code for account holders.
- Accessing Your Bypass Codes:
Please see the DUO Account Security documentation for further assistance with DUO MFA methods.
When do I have to use DUO?
DUO is required whenever you log on to a website protected by our Single Sign-On (SSO)
authentication service, such as the myMemphis portal, eCourseware, email, and others.
It is not required to log on to your computer.
Do I have to do this every time I log on?
You will have to use DUO MFA the first time you log on to a website behind our SSO
authentication service. You will not be prompted to use DUO on other sites if you
already have an active logon session to another site. If you restart your browser
or computer, you may be prompted to use DUO again. You can also use the "Remember
me" option at the bottom of the DUO screen to remember your DUO session on that device
for a seven day period.
Who is required to use multi-factor authentication?
As of February 2021, all students, faculty and staff are required to use DUO MFA to
secure their access to University computer resources and mitigate the risk of University
data being exposed in the event of suspicious activity.
What is a DUO Token?
The DUO token is a small, thumb-sized device that generates 6-digit codes or tokens
to be used during DUO sign-on. The device requires no internet connection, no phone
number, and is suitable for situations where the mobile app or phone cannot be used,
such as in secure areas or when traveling. There will be a 5-7 day time period for
clients to pick up the DUO token, once notified. The DUO token MUST be picked up in
person by the requestor, on the main campus at the Administration Building room 100.
It cannot be picked up from someone else other than the original requestor.
DUO tokens must be assigned to specific user accounts and cannot be shared. For faculty and staff, a DUO token can be requested via the following Service Desk form. DUO tokens are available for $20 and can be charged to a departmental index #. Tokens that are lost or damaged are subject to a $20 replacement fee. Students can order a DUO Token on this web page.
What if I don't have my cell phone with me or it is not charged?
When enrolling in DUO, you are prompted to enroll a backup device or phone number,
such as an office or home phone, that can be used in the event your primary device
is not available. When logging in with DUO, simply select the backup device instead
of your primary device to authenticate.
My phone has an international number. Why am I having trouble using Duo?
International phone numbers should be entered in the correct format: The plus sign
(+) followed by the country code and full number with no spaces or dashes. Example:
+911234567890.
If you are experiencing problems setting up Duo with an international number, refer
to the DUO Account Security documentation for more information. For further assistance, please contact the ITS Service Desk
at 901.678.8888.
I travel frequently and don't always have cell service. How can I use the DUO service?
The DUO app, installed on a smartphone or tablet, can be used to generate a one-time
passcode even when the device does not have an internet connection. Please see the
"Using the DUO Mobile Application in location with poor cell coverage or no WIFI"
section of the DUO Account Security documentation. If you are traveling internationally, you can also request a DUO token to use in
cases where taking your smartphone or tablet are not safe or feasible.
Why can't I receive an email as a second factor?
The DUO MFA service does not currently support email as a second factor. Email uses
DUO MFA and is not a good candidate for use as a second factor.
I use the DUO services at another University. Do I need to install a different app?
No, you can use the same app. Simply open your existing app and press the (+) icon
to scan the barcode and add your UofM account.
DUO didn't work. How do I get help?
Please see the full DUO Account Security documentation or contact the ITS Service Desk at (901) 678-8888.
Documentation
Note: If you cannot log into iAm, you will need to contact the Service Desk for assistance.
Infographics:
Documentation:
Please see the full DUO Account Security documentation or contact the ITS Service Desk at (901) 678-8888.
Duo Updates:
Duo released version 4 of the Duo Mobile app in October 2021. The update was primarily focused on design elements. If your device has updated from version 3 to 4, you might have noticed some graphical changes, including swapping the locations of the Approve and Deny buttons. Otherwise, the core function of the Duo app has not changed.
Duo mobile app version 4
For more information about the updated app, view the video below. You can also read Duo's documentation for iOS and Android devices.
Note: Access to this service may be limited in compliance with sanctions announced by the Office of Foreign Assets Control.