Duo Security Frequently Asked Questions
What is 2-Step Verification?
2-Step Verification helps protect your account from unauthorized access should someone manage to obtain your password. Even if a password is cracked, guessed, or otherwise stolen, an attacker can't sign in without access to the user's additional verification. After logging in with your username and password, you'll be prompted to verify your identity—the second step—using something in your possession, such as a mobile phone with the Duo Mobile App, Duo Backup Code or Duo Token.
ATTENTION: The College is currently beginning the process of migrating and requiring all users to use Duo Security for 2-Step Verification
- All alumni and students not enrolled for courses began receiving an enrollment prompt on 12/19/22
- Students enrolled in courses are being prompted in segments for Duo prompt enrollment as of 1/16/23
Who is required to enroll in 2-Step verification?
All users are required to enroll to protect their personal data and improve overall security by enabling 2-Step verification. Many other Colleges and Universities have implemented 2-Step verification, as have most major service providers such as Google, Facebook, and Twitter. Please consider enabling 2-Step verification not only for the College but also for your other personal accounts.
What is Duo Security?
The College has partnered with Duo Security to provide all users with the best 2-Step Verification experience possible. All users will be prompted to enroll in Duo Security when they log in to delaGATE. The primary method for securing your account using Duo Security is the Duo Mobile smartphone application.
What are the requirements to use my mobile/smartphone device?
Apple device running iOS 15 and higher (iPhone 6s and below is not compatible) (As of May 2023)
Android device running Android 11.0 or higher (As of May 2023)
You must have a lock screen enabled with security provided by a passcode, pattern lock or biometric login (touch ID/face ID)
You must download the free Duo Mobile App. Apple iOS - dccc.edu/duoapple and Android - dccc.edu/duoplay)
Your device must not be rooted or jailbroken.
What permissions are required for the Duo Security application to work? What is the privacy policy?
Duo Mobile cannot access things like your contacts, photos, text messages, and emails. Duo Mobile does not perform any GPS tracking and does not require access to GPS. Please review this article for more information:
What are my options if I do not have a smartphone that meets the requirements or if I do not want to use my smartphone?
A physical hardware token is available for sale at all of the College's Bookstore locations and via the College's online storefront.
Students with financial insecurities who are in need of a Duo Token (D-100) should complete a Duo Token Financial Assistance Form, which the Student Resource Center will evaluate.
The Duo Token (D-100) costs $20 and has a lifespan of approx. two years. The Battery cannot be replaced.
The Duo Token cannot be transferred to another user once registered with DCCC's system.
The Duo Token is non-returnable and non-refundable
Duo Tokens purchased at the College's bookstore will only work with the DCCC Duo System.
How do I register my Duo Token (D-100) once I have purchased and received it?
Please follow the instructions found here to register your token. Duo Tokens are immediately activated once registered in the system.
Can I use or purchase my own YubiKey?
Currently, the College does not support YubiKey's Duo Security System for Students or Adjunct Faculty. All users are able to register a YubiKey as a Duo Security Key; however, it will not work when attempting to log in to the College's computers, which use the Duo Windows Client. OIT does not provide support for any YubiKey unless it was provided to an employee by the College
I already use Duo. Why am I getting prompted to enroll?
Many College students and staff are already set up for 2-Step Verification and use Duo Mobile to generate an authentication code. The app is currently operating in 'Third-Party' mode, which does not provide the required level of protection. Please follow the enrollment steps to set up your device with Duo Mobile. Once set up, you can delete the 'Third-Party' token from the Duo Mobile app for delaGATE.
How do I get started?
Watch the video below for step-by-step instructions on how to enroll your account in 2-Step Verification.
You can enlarge this video by clicking the box icon in the lower right-hand corner once the video starts.
You can enable HD by clicking the setting gear, clicking quality, and change to 1080
How to Enroll in Duo Security when prompted during delaGATE Login:
How to Enroll in Duo Security using the delaGATE Account Management Page (Not Prompted at Login):
What should I do if I get an authentication message and I am NOT trying to log in?
- Click Deny and then Yes, as it was a suspicious login.
- Contact the IT Support Center and let us know that you received a fraudulent push.
- We strongly advise that you change your password, as it is possible that it has been compromised.
What should I do if my cell phone is lost, stolen, or broken?
Please contact the IT Support Center at 610-359-5211
Once enrolled, what systems will require 2-Step verification?
All applications that use delaGATE for authentication. 2-Step Verification is also required to login into Employee computer systems and for all remote access by employees.
Can I disable 2-Step Verification once it has been enabled?
No. There is no option to disable it.
Please note that OIT cannot disable 2-Step Verification on any account. If users cannot access the account, they must follow the 2-Step Lockout procedure to gain access to the account.
What do I do if I receive a message that I am locked out of Duo Security?
Your account will lock after too many failed attempts to authenticate. The lock-out will automatically be removed after a period of time.
What if I am unable to generate a code and I am locked out?
Users with 2-Step verification should always have a backup mode configured. All users must print a list of one-time-use verification codes during the enrollment process, as outlined in the video above.
If you do not have access to your backup verification codes, you should contact the OIT Support center during regular operating hours (Monday – Thursday, 7:30 a.m. – 10 p.m. EST, Friday, 7:30am to 5:00 pm and Saturday, 8 a.m. - 4:30 p.m. EST).
You may come in person to the IT Support Center at Marple with a valid Government Issued Photo ID or Passport or remotely by connecting to a Zoom video session, with Video enabled with a valid Government Issued Photo ID or Passport.
You will also be asked a series of authentication questions.
Does the 2 Step Verification application use my data plan?
The Duo Mobile application uses a very small amount of data to send push notifications. If you received 500 push notifications per month, that would equate to 1 MB of data usage. Less than loading one web page to your mobile device. You may disable push notifications if you do not want to use any data; however, you will have to manually enter a code from the app as a passcode to log in. Data fees may be incurred during the installation of the application and during any updates if auto-update is enabled. We recommend connecting your device to the College wifi system when on campus.
What if I have no cellular or/ WiFi connection?
The Duo Mobile app can generate passcodes with no Internet or data to generate codes. We recommend connecting your device to the College wifi system when on campus to ensure the best user experience.
I have a new phone, and I am enrolled in 2-Step verification. What do I do?
If you are migrating between Apple and Android, you should log in prior to disposing of your old phone and add your new device. If migrating between similar devices and you have cloud backups enabled, you can use Instant Restore. Please see the videos below:
Please review this video if you're migrating from iPhone to iPhone:
Migrating from Android Phone to Android Phone:
Why am I getting an 'Access Denied' error message?
There are two reasons you could be getting this message. To better secure your accounts, users may not connect from TOR endpoints or networks used to anonymize or proxy traffic. In many cases, using a VPN to obscure your location will cause an 'Access Denied' message. Disable your VPN and try again.
In order to comply with U.S. regulations, Duo blocks authentications from users whose IP address originates in a country or region subject to economic and trade sanctions enforced by the U.S. Office of Foreign Assets Control.
OFAC restrictions relevant to Duo currently apply to the following countries or regions:
- Cuba (CU)
- North Korea (KP)
- Iran (IR)
- Sudan (SD)
- Syria (SY)
- Crimea region (43)
- Donetsk region (14)
- Luhansk region (09)
- Sevastopol region (40)
