What is Duo multi-factor authentication?
Multi-factor authentication (MFA) increases account security by requiring multiple forms of verification to prove your identity when signing into an application. Duo MFA is an application that CU Boulder faculty, students, and staff will be required to use to securely log in to MyCUInfo or Buff Portal starting on January 9, 2024.
For some time, OIT has required Duo multi-factor authentication for system administrators and those with privileged access to services or private networks. This requirement is still in place to reduce the risk of a compromised administrator password being used to gain access to critical campus resources.
How to enroll and use Duo
When you log in to a service that requires Duo MFA (e.g. MyCUInfo or Buff Portal) you will be prompted to authenticate using one of the following methods:
- Duo Mobile app (recommended): Get a push notification from the Duo Mobile app on your smartphone or watch.
- Phone number: Set up a phone number then choose between receiving a text message with a code or an automated phone call during which you can approve access by pressing 1 on your keypad.
- Security key: Use a device like a Yubikey to verify your identity.
If you have a smartphone, OIT recommends the Duo Mobile app for the best experience. Whatever your preferred method, OIT also recommends enrolling more than one device (e.g. the mobile app and a phone number) so you can still authenticate if you lose or replace a device.
Troubleshooting
If you're having trouble authenticating using Duo, log into the Duo multi-factor authentication enrollment website to view your settings, re-register the app, or add a new device.
If Duo pushes an authentication request that doesn't show up in your app, click Other options and you'll be able to select a different authentication method:
- Duo Push will send a push from the Duo Mobile app
- Duo Mobile passcode uses the code automatically generated for your account in the Duo Mobile app
- Text Message Passcode will send a text message with a code to your phone number
- Phone call will generate a phone call where you can approve access by pressing 1 on your keypad
- Bypass code can be used if no other authentication methods are working. Contact the IT Service center to be provided with a one-time bypass code. Please note: To receive a one-time bypass code you will be required to get on a Zoom video call with an IT Service Center analyst and show proof of identity, using your Buff OneCard or a government issued photo ID.
Once authenticated, you will see a success notice and can continue to log in or click Manage devices to change your preferences. Our manage devices in Duo instructions as well as the mobile app and phone number setup tutorials show screenshots of this process.
Support
Visit our Duo MFA FAQ page for additional information about this service. If you need assistance, contact the IT Service Center at 303-735-4357 or oithelp@colorado.edu.