Multifactor Authentication (MFA-DUO): Available options for authentication
Yale University Information Technology Services (ITS) recommends everyone have at least two options set up for multifactor authentication (MFA); there is no limit to the number of eligible devices you may add to your MFA account. MFA lets you link multiple devices to your account, so you can use your mobile phone, a landline, and a hardware token as your second factor. You have the option to define which device is the default, set a device to automatically receive authentication attempts, and to rename devices.
See Multifactor Authentication (MFA-DUO): Enrolling and managing devices for instructions on enrolling devices.
Eligible devices for DUO MFA include:
- Smartphones (US and international numbers)
- Android-based tablets
- Mobile/Flip phones (US and international numbers)
- Land lines (US and international numbers)
- DUO Hardware tokens
- Duo Push is the easiest and quickest way of authenticating. You'll get a login request sent to your phone — just press Approve to authenticate. This method requires the DUO Mobile app be activated on a enrolled device. See Multifactor Authentication (MFA-DUO): Enrolling and managing devices for directions to enroll a device or activate DUO Mobile on an already enrolled device.
- Just tap the key button to generate a passcode. This works anywhere, even in places where you don't have an internet connection or can't get cell service. This method requires the DUO Mobile app be activated on a enrolled device, or use of a DUO Hardware token. See Multifactor Authentication (MFA-DUO): Enrolling and managing devices for directions to enroll a device or activate DUO Mobile on an already enrolled device. You can pick up a DUO hardware token at any of the ITS walk-in centers.
- Note: Tokens must be picked up by the individual to which they are assigned.
- Phone Call
- Select the Call Me button on the Duo Prompt (or type "phone" in the "second password" field if you don't see Duo's interactive prompt) and Duo will call your phone. The status bar at the bottom of the Duo Prompt updates at each step of the process. Answer the call and listen to the instructions to authenticate. The Duo Prompt's status bar also tells you how to approve the request over the phone.
- SMS Passcode
- You can authenticate using a passcode texted to your phone. To have Duo text you a passcode click the Text me new codes button after clicking Passcode at the authentication screen (or type "sms" in the "second password" field when logging in via the Cisco AnyConnect VPN client). To authenticate using an SMS passcode, click the Enter a Passcode button, type in a passcode you received from Duo via text message, and click Log In.
Authentication devices and their supported methods of authentication:
- Smartphone with US or International # (iPhone and Android)
- Push, Passcode, Phone Call, SMS Passcodes
- Tablets (iPad and Android)
- Phone Call, Push, Passcode
- Mobile/Flip phone with US or international #
- Phone Call, SMS Passcodes
- Land line with US or International #
- Phone Call
- DUO Hardware Token
Common Authentication Questions
- How long does authentication last?
- You will be required to use MFA every time you log in, when off-campus. MFA authentication will last for the lesser of your browser session or 24 hours. You will have the option to remember your device for one day with Yale's Central Authentication System (CAS). This functionality is browser based so you will have to do it in each browser you use. If you connect toYale's Virtual Private Network (VPN), you will not be prompted for MFA as long as you remain connected.
- How can I log into a CAS-protected resource or VPN while on an airplane equipped with wifi?
- This experience will be the same no matter what off campus location you are trying to log in from. You will be required to authenticate with MFA. In the case where a Push or SMS passcode is not working, you can generate a Passcode with the DUO Mobile app on your phone, or with a DUO Hardware token.
- How can I get a token?
- You can pick up a DUO hardware token at any of the ITS walk-in centers. Note: the individual to which they are assigned must pick up Tokens.
- Does it cost me money to authenticate with my phone?
- Push authentication uses a very small amount of Internet data traffic (a few kilobytes per login) to function. SMS codes and voice calls are sent only when you request them, and are billed by your carrier like any other text message or inbound voice call. The Duo mobile app also works like a DUO hardware token and can generate a passcode; this functionality will not require any data and works when your smart phone is in “airplane” mode.