Using the Duo Mobile app with your smartphone is the recommended method for Two-Factor Authentication (2FA). We'll take you through the steps to enroll your mobile phone in Duo and activate Duo Mobile for your device. Note that international numbers are NOT supported. EWU has a workaround for adding devices with international numbers here: Adding a device with an international phone number to Duo 2FA This article will explain how to use the Duo app for Push notifications.  Push Notification authentications On a computer, open a browser and navigate to https://inside.ewu.edu/2fa/ Click on Manage > under Manage Device(s) Enter your Username and SSO password, when prompted.  If you are prompted to enter a bypass code, contact the Help Desk at 509.359.2247. Your identity will be verified and a bypass code will be issued. Enter the provided bypass code in the prompt.  Click on Add a device. Select the Duo Mobile option.  Enter the phone number of the device and click Add phone number The next prompt will have you review the entered phone number. If correct, click on Yes, it's correct Follow the prompt and download the Duo Mobile app from the App Store (iOS) or Google Play store (Android) on your phone. Once you tap on Next a QR code will appear. You will need this QR code for step 12. On your phone, open the App Store and search for Duo Mobile. Download the App.  Launch the Duo Mobile app and tap Continue.  Tap Use a QR code. Your camera will launch, ready to scan a QR Code.  On your computer, you should already see a QR code, visible from step 8. Use your phone to scan the QR Code. If you are successful in scanning the code, a prompt will ask you to name your account to continue. Eastern Washington University should pre-fill in the Account Name field. Tap Done.  Your account is now linked. It would be wise to Allow notifications when prompted so you're able to see push notifications when authenticating your login.  It would be wise to Allow notifications when prompted so you're able to see push notifications when authenticating your login.  When launching the Duo App, you should now see an entry for Eastern Washington University, as shown here. If so, you're done.  Duo has published a short video on how Push authentications work from your perspective. Give it a quick watch if you have questions! Please contact the Help Desk via phone at 509.359.2247 or via e-mail at helpdesk@ewu.edu. Office hours are Monday - Friday from 8:00am to 5:00pm. 

If you get a new phone (with the same phone number), you will need to reactivate it in order to use the Duo Mobile app again. If your existing phone stops receiving Duo Push requests, your Duo administrator or help desk might suggest that you try reactivating Duo Mobile on your phone with this process as a troubleshooting step. Note that international numbers are NOT supported. Reactivation On a computer, open a browser and navigate to https://inside.ewu.edu/2fa/ Click on Manage > under Manage Device(s) Enter your Username and SSO password, when prompted.  If you are prompted to enter a bypass code, contact the Help Desk at 509.359.2247. Your identity will be verified and a bypass code will be issued. Enter the provided bypass code in the prompt.  Find the device with the phone number that you want to reactivate and click on the I have a new phone option. A new prompt will appear. Click on Get started to proceed.  Follow the prompt and download the Duo Mobile app from the App Store (iOS) or Google Play store (Android) on your phone. Once you tap on Next a QR code will appear. You will need this QR code for step 12. On your phone, open the App Store and search for Duo Mobile. Download the App.  Launch the Duo Mobile app and tap Continue.  Tap Use a QR code. Your camera will launch, ready to scan a QR Code.  On your computer, you should already see a QR code, visible from step 8. Use your phone to scan the QR Code. If you are successful in scanning the code, a prompt will ask you to name your account to continue. Eastern Washington University should pre-fill in the Account Name field. Tap Done.  Your account is now linked. It would be wise to Allow notifications when prompted so you're able to see push notifications when authenticating your login.  It would be wise to Allow notifications when prompted so you're able to see push notifications when authenticating your login.  When launching the Duo App, you should now see an entry for Eastern Washington University, as shown here. If so, you're done.  Please contact the Help Desk via phone at 509.359.2247 or via e-mail at helpdesk@ewu.edu. Office hours are Monday - Friday from 8:00am to 5:00pm. 

YubiKeys work great for web-based applications that allow you to use a modern browser. Some applications use embedded browsers that do not support the typical use of YubiKeys (tap to log in). If you encounter one of these applications, here's how you can authenticate using your YubiKey:   Important Requirements: This information applies to YubiKey tokens that support one-time password (OTP) functionality, like the YubiKey 5 series. The blue "Security Keys" are not supported (Contact us to replace your EWU-provided security key with a supported 5-series device). Your YubiKey must have been programmed by EWU IT 1. If your YubiKey meets the requirements above, select "Other options" at the Duo Prompt. From the "Other options" menu, click on Use YubiKey passcode 2. Tap your YubiKey. A long string of characters populate the Passcode field and authenticate you. Note: If your device does not work when attempting to authenticate using Passcode, please contact us so we can program your YubiKey.

How to use Duo Mobile Push for 2FA   Using the Duo Mobile app with your smart phone is the recommended method for Two-Factor Authentication (2FA).  The application's Duo Push method is the fastest and easiest way to complete 2FA.   Important: To use Duo Mobile Push, you must: Have your iOS or Android smartphone with you Have enrolled your device in Duo and activated Duo Mobile: https://support.ewu.edu/support/solutions/articles/10000059868-how-to-enroll-a-mobile-phone-for-duo-2fa   Authenticating with Duo Mobile Push   1. If a Push wasn't automatically sent to your device, choose "Other options" at the Duo Prompt. 2. Select "Send Duo Push" associated with the device you would like to receive the Push notification on. 2. Open the Duo Mobile app on your tablet or smartphone   3. In the Duo Mobile app, verify the contextual information and click Approve.   Important: You should Deny the login if you did not request the Push or it seems fraudulent. If you choose to Deny the request, you will see the option below: It seems fraudulent. Choose this option if you suspect someone is trying to access your account. This will trigger an alert to IT Security. A staff member will look into whether someone tried to improperly use your identity to log in.

Using the Duo Mobile app with your smart phone is the recommended method for Two-Factor Authentication (2FA). If your phone isn't able to utilize the Duo Mobile app, you can still authenticate with your phone by using Phone Callback (landline/cell phone) or SMS Passcodes (cell phone only). Note, International numbers are NOT supported with these methods. 1.  Click "Other options" at the Duo Prompt. 2. If you have multiple phone numbers associated with your account, select the phone number you would like to receive the phone callback from and click "Call phone".   3. Your phone will receive an automated call. Follow the instructions given in the automated message to complete the authentication.

Enrollment is available at https://inside.ewu.edu/2fa by clicking the Register for Two Factor Authentication button. Note, International numbers are NOT supported. 1. Sign into any Single Sign-On (SSO) protected application like EagleNET or Canvas. 2. After authenticating with your username and password, an enrollment start screen will be shown. Click Start Setup. 3. The next screen allows you to select the type of device to enroll in Duo. 4. Select your country from the drop-down list and type your phone number. Use the number of your smartphone, landline, or cell phone that you'll have with you when you're logging in to a Duo-protected service. You can enter an extension if you chose "Landline" in the previous step. Double-check that you entered it correctly, check the box, and click Continue. If you're enrolling a tablet you aren't prompted to enter a phone number. 5. Choose your device's operating system and click Continue.  6. Duo Mobile is an app that runs on your smartphone and helps you authenticate quickly and easily. Without it you'll still be able to log in using a phone call or text message, but for the best experience we recommend that you use Duo Mobile. Follow the platform-specific instructions on the screen to install Duo Mobile. After installing the app return to the enrollment window and click I have Duo Mobile installed. 7. Activating the app links it to your account so you can use it for authentication. On iPhone, Android, and Windows Phone activate Duo Mobile by scanning the barcode with the app's built-in barcode scanner. Follow the platform specific instructions for your device: The Continue button is clickable after you scan the barcode successfully. Cant scan the barcode? Click email me an activation link instead and follow the instructions. 8. You can use Device Options to give your phone a more descriptive name, or you can click Add another device to start the enrollment process again and add a second phone or another authenticator. If this is the device you'll use most often with Duo then you may want to enable automatic push requests by changing the When I log in: option and changing the setting from "Ask me to choose an authentication method" to "Automatically send this device a Duo Push" or "Automatically call this device" and click Save. With one of the automatic options enabled Duo automatically sends an authentication request via push notification to the Duo Mobile app on your smartphone or a phone call to your device (depending on your selection). Click Continue to login to proceed to the Duo Prompt. Congratulations!  Your device is ready to approve Duo push authentication requests. Click Send me a Push to give it a try. All you need to do is tap Approve on the Duo login request received at your phone. Additional information about enrolling specific devices: How to enroll a mobile phone for Duo 2FA How to enroll a YubiKey for Duo 2FA How to enroll Touch ID for Duo 2FA

If you have generated or been given a temporary bypass code, follow these steps to use it: 1. When prompted for your Duo second factor, click "Other options"  2. On the second factor options screen, click "I have a bypass code" 2. Type in the code and click Verify. 3. If the passcode you entered was valid, you will be logged in. Bypass codes are generally only good once. If this is not a public or shared computer, be sure to "Trust this browser for 7 days"

Important changes are coming to the tool that powers Eastern Washington University’s Two-factor Authentication (2FA). Duo has released the "Universal Prompt", an improved 2FA browser experience that updates the look and feel of the authentication screen, increases accessibility, and streamlines the verification process. The new Universal Prompt will go live on 1/12/2022. What to Expect with Duo’s Universal Prompt: Users do not need to perform any action to receive the web browser change to the Universal Prompt. All versions of the Duo Mobile app will continue to function normally alongside the Universal Prompt. Visual Changes The Duo login options look different from how they did in the traditional prompt, but the Universal Prompt still supports a wide range of Duo login options. Automatic Prompt Once users sign into an 2FA-enabled system with their Username and SSO password, they will receive a browser notification that an authentication prompt has been sent to their registered device using their most recent method as a default. Changing 2FA Methods If you ever want to choose a different device or Duo method than the one shown automatically by the Universal Prompt, click Other options near the bottom. This takes you to a list of all your available Duo authentication options. Click on the one you want to use and follow the instructions shown to complete logging in to the application. Remember Me & Trusted Devices For applications that allow the "remember me" function, users will now see this option after they authenticate into an 2FA-enabled system. The University relies on Duo to deliver an extra layer of security to help ensure that EWU users are the only ones who can access their account(s), even if their password is compromised. Using Duo is a critical measure in preventing unauthorized access to personal and institutional information.

Q. How do I get started? A. Instructions are available here: https://inside.ewu.edu/2fa/  Q. Do I have to use a mobile device? A. There are several methods that can be used, including a mobile device app, SMS text message, and voice phone call options. Using a mobile device is most convenient option. If you don't own a mobile device, you may request a hardware token instead. Hardware tokens should be treated like ID cards and if you lose it, you will be charged for a replacement. Q. Why is EWU requiring this for students? A. Unfortunately, account compromises and malicious attacks have become more numerous and frequent at EWU. Passwords alone no longer provide a sufficient degree of safety. If your EWU account is “hacked”, criminals will have access to your personal information and everything in your Office 365 Account, your Eaglenet account, and all the online services of InsideEWU. Most credential breaches can be stopped by two-factor authentication. The extra security will allow us to enable requested features like online direct deposit changes for financial aid and student employee paychecks! Q. Who else uses two-factor authentication? A. The use of two-factor authentication is quickly becoming the norm for most universities and colleges. Regionally, schools like the University of Idaho, Washington State University, and Central Washington University already require it or soon will. Nationally, schools like Notre Dame, Penn State, the University of Nebraska, Michigan State and the University of Minnesota, and many others already require it. Q. I don’t have anything confidential in my account, why should I care about two-factor authentication? A. Attackers use compromised student accounts for many purposes, including spam, phishing, and, most importantly, to steal your financial aid or university paycheck. Q. What services will be affected by implementing two-factor authentication? A. Duo protects services that you log in through InsideEWU, including Office 365, Google Workspace, Canvas, Banner and Eaglenet. Duo protection has also been added to select services like VPN. Q. Does this mean I will have to use Duo to login to my personal computer, phone, or tablet? A. No! This requirement only applies to your EWU online account. Q. Does this mean I will have to use Duo to login to an EWU computer? A. No! 2FA is not required for device logins. Q. Are International numbers supported for SMS and voice call options? A. No, only domestic US numbers are supported. Selected Mexican and Canadian carriers may work, but results will vary based on carrier and network. Please see the Adding a device with an international phone number to Duo 2FA knowledge base article for more information.  Q. Does EWU gain control of my personally-owned mobile device once I enable Duo? A. No! By installing Duo on your mobile device, you do not provide EWU with any additional ability to access your device or monitor your personal activity.  Q. Who else uses two-factor authentication at EWU? A. Everyone with an EWU account is required to use 2FA. Q. I have more questions. How can I learn more about two-factor authentication? A. Please check our two-factor site at https://inside.ewu.edu/2fa/ or check out these additional articles in our knowledgebase: Duo Remember Me  Two-factor Authentication Token Frequently Asked Questions Traveling with Duo Duo Two-factor Authentication Frequently Asked Questions Two-factor Authentication Frequently Asked Questions

Below is an overview of all 2nd factor options available to you when using Duo. Duo Push (Recommended) After logging in with username and password, users can choose Send Duo Push on the authentication prompt. Then, they can simply tap ‘Approve’ on the push notification they'll receive on their device. Requires: Duo Mobile app installed on a Apple iOS or Google Android device Duo Mobile Passcode After logging in with username and password, users can choose Use Duo Mobile passcode on the authentication prompt. Using the Duo Mobile app on their device to display a six-digit passcode, the passcode is typed into the Duo prompt. Requires: Duo Mobile app installed on a Apple iOS or Google Android device. No internet or cellular connection is needed, making this a great travel or backup method.  Phone Callback After logging in with username and password, users can choose Call phone on the authentication prompt. Duo will call the phone with an automated message prompting the user to press any key to verify the authentication request. Requires: Any phone, landline or cellular, with phone service available International numbers are NOT supported. SMS Text Passcode After logging in with username and password, users can choose  Sent text message passcode on the authentication prompt. After receiving a six-digit passcode via SMS text message, the passcode is typed into the Duo prompt. Requires: Any cell phone capable of receiving SMS Text messages International numbers are NOT supported. Security Key (Yubikey) After logging in with username and password, users can choose Use security key on the authentication prompt. With the YubiKey plugged into a USB port on the computer, the user touches the YubiKey's gold-colored contact to log in when prompted. Requires: YubiKey and an available/corresponding USB-A or USB-C port on the computer being used Token (Feitian or Yubikey OTP) After logging in with username and password, users can choose Use hardware token on the authentication prompt. After receiving a six-digit passcode by pressing the token's button, the passcode is typed into the Duo prompt. If supported, a YubiKey can also produce a passcode. Requires: Token device Touch ID (Mac) After logging in with username and password, users can choose Use fingerprint sensor on the authentication prompt. When prompted, the user touches the Touch ID button on their keyboard. Requires: A MacBook Pro or MacBook Air with a Touch ID button. A fingerprint enrolled in Touch ID (see how to do this at the Apple Support site). Chrome 70 or later Important Note: This will only allow you to authenticate while using your computer with Touch ID. Adding another 2FA method in addition to Touch ID is strongly recommended.