IT Support in New Jersey & New York: (347) 351-3031 or (201) 645-1255

Duo MFA: Frequently Asked Questions

General Questions About Duo

What is Duo?

Duo is a 2-factor authentication service that centralizes the management of 2FA for your company.

Duo makes managing 2FA much easier and more secure. It is enforced centrally, no users don’t have an option of whether to use it or not.

Duo also makes 2FA much easier for your users. Each user only has to enroll once, not for each login they use.

As your Duo administrator, we can add applications (such as Dropbox, Google, etc.) to your company’s Duo configuration as needed with no time-consuming set-up for individual users.

What is 2-Factor Authentication?

2FA is an extra layer of security used to verify the identity of a user before allowing access to a login account. First, a user enters their username and a password. Then, instead of immediately gaining access, they are required to provide another piece of information, usually a code or other kind of validation that only they can receive.

My users already use 2FA. Why should we use Duo?

Duo is designed to scale with your business.It puts control of 2FA in your hands, not your users’. Centrally managed 2FA allows you to manage access, create bypass codes and change which device receives the authentication request if users leave.

Duo is faster and more secure than other 2FA solutions. The user can even see the location that the request is coming from and the time of the login.

If a phone is lost or stolen, an administrator can disable the device remotely, which makes Duo more secure than stand-alone 2FA.

Another advantage of Duo over free authenticator apps is that the user does not need to set up all their 2FA accounts all over again every time they purchase a new phone as they may need to with free authenticators.

With Duo, the user enrolls the new device once and all their apps re-appear. They don’t have to worry about losing their 2FA accounts when they switch devices.

Finally, Duo Push works even if there is no cell service; it works in any country; there are no telephony charges.

 

 

What are some of the security advantages of using Duo?

Duo Push uses cutting-edge end-to-end encryption that SMS and phone calls can’t.

If a phone is lost or stolen, an administrator can disable the device remotely.

Duo protects against the actions of rogue users, and fired or disgruntled employees. You have complete control. Users can be disabled quickly. Any bypass codes that the user may have can be deleted immediately.

Duo is faster and more secure than other 2FA solutions. The user can even see the location that the request is coming from and the time of the login.

 

What is Push authentication?

Duo is unique in that you do not need to enter a code every time you authenticate. You use Push, which means you just tap on the Accept button and you are authenticated without typing anything.

 

What if someone forgets their phone or is offline?

Duo users can be provided with bypass codes in advance or as needed. They can be used if they forget their phone or if they are in a location where they can’t receive a signal like on an airplane.

Each code can be set with a different date and/or number of uses before it expires.

As your Duo administrator, we can delete and create bypass codes as needed. 

 

What are the main differences between the different versions of Duo

Duo Access provides extra security features not included with Duo MFA. These include geo-enforced access, enforcement of access based on device health (for example, the presence of working antivirus or whether there is a log-on required on the workstation), and reminders to users to remediate security issues on their devices.

 

What if a user leaves the company?

You never have to worry that a 2FA account is tied to the phone number of a user who’s no longer with the company, or that a user will lose access if their phone is stolen.

The administrator can add devices to users’ Duo accounts, disable users, bypass 2FA if needed, delete and create bypass codes as needed, etc. It’s all centrally managed.

 

If we ever fire a user, can we get past the 2FA to take over his Windows profile login?

Yes, since this is managed 2-factor authentication, you never have to worry about being locked out, or about users doing anything shady. You have complete control. We can disable users, bypass 2FA if needed, delete and create bypass codes as needed, etc.

 

We don't have company mobile devices. What if our users don’t want to install the Duo app on their own mobiles phones to authenticate?

Duo supports hardware tokens that can be used instead of mobile phones. (The hardware tokens cost $20 each and can be recycled if a user leaves the company.)

You can also use USB authentication devices such as Yubikeys.

When possible we recommend using a mobile device to enable the full convenience of Push technology. (With a hardware token, there is no “approve/disapprove” option pushed to the authentication device. The token simply generates a code and the user types it in.

 

What are some other web apps we can use Duo 2FA with?

Many apps work with Duo including:

  • Sales Force
  • WordPress admin panel
  • Dropbox for Business
  • Microsoft 365 (formerly Office 365)
  • Microsoft Azure
  • Google Drive
  • Keeper Security
  • Any application that supports SAML

Single Sign-On (SSO)

What is SSO and why should I care?

Single Sign-On provides for one login for multiple enterprise accounts, eliminating the need to remember multiple passwords. This encourages users to use a more secure password, because they only have to keep track of one.

Once a user is authenticated via Duo for one login, they are automatically logged into the other applications in the same browser session without having to enter their user names and passwords again.

If you add up all the time logging in and then authenticating with a stand alone authenticator, it’s clear that Single Sign-On will pay for itself in productivity gains.

 

Can I see a demo of SSO?

Yes. Check out this interactive demo.

 

Protecting Your Windows and Mac Computers and Servers

How does 2FA for computer logins work?

Duo 2FA adds an extra layer of security to your Mac and Windows workstations and servers.

After the admin installs the Duo client on a computer, whenever a user logs into that workstation, they will have to complete one more step of approving the login via 2FA.

 

How does Duo for RDP work if we want to assign a different user to a workstation normally used by someone else?

2FA is based on the user. If another user is logging in that user would use their own Duo account to authenticate.

In a situation where a login is shared by more than one user, you can link an account to multiple Duo devices. When a user logs in, they see a drop-down box showing all the Duo users attached to that account, and they choose their phone number. Duo then sends the authentication prompt only to that device.

 

ascii logo
Microsoft Partner
Geek Girls IT Services is a Cisco Partner
Geek Girls IT Services is a Cisco Partner
Dell Partner - Computer Services in NJ
Duo MFA Partner - Computer Services in NJ
Dropbox Business Partner Logo