MIT IS&T
MIT IS&T
« Back to Software Grid

IS&T provides access to Duo, a two-factor authentication application that leverages landlines and smartphones as an "Approve" or "Deny" system to identify users. Two-factor authentication is an effective way of safeguarding against security attacks, particularly related to financial data.

Duo is a self-service web application for Touchstone-enabled web applications at MIT. Integration with other applications is also available.

How to Obtain

Accessing

Enroll and register your device(s) with MIT Duo at: https://duo.mit.edu (Touchstone authentication required)

Note: Installing the Duo Security application on your personal mobile device does not grant MIT control of your device.

Using

Important: IS&T strongly recommends that you register a backup device for 2-factor authentication. If something happens to your phone, you'll need another way to authenticate. If you do not have another device, request a USB hardware token (YubiKey) to generate one-time passcodes for use with Duo.

FAQs

What do I do if my Duo-enabled device is lost or stolen, or if I changed my phone number? 

1) Deactivate your lost/stolen device or old phone number immediately. Since Duo requires Touchstone, you will need a second Duo-registered device to login.

a) Login to Duo.

b) Click Next to take you to the main Duo management page.

c) Find all the entries that correspond to the device you want to deactivate and click Delete Phone.

Result: You will not be asked to confirm the deletion. After a brief period, you should see the device removed from your list.

 
What if I only have one device, so I can't login to Duo?

The IS&T Service Deskcan temporarily disable the Duo requirement for Touchstone in order for you to get into https://duo.mit.edu to register another device. Before doing so, IS&T will need to verify your identity. Note that IS&T cannot and will never remove the Duo requirement for any other site.

2) Register your new device/phone number. IS&T recommends registering at least two devices as a backup option. This can be another smartphone, landline or YubiKey. IS&T recommends downloading and using the Duo smartphone app (available for iOS, Android, and Windows Phone).

To begin the process, visit http://duo.mit.edu/ and sign in using your MIT kerberos ID and login through Touchstone. From there, follow the applicable set of instructions in the Knowledge Base (also available by logging in with your kerberos ID):

What do I do if my account has been locked out due to excessive authentication failures?

A behavioral change has been implemented that will lock users out of their accounts after 10 failed attempts. Accounts will automatically revert to an unlocked state after 90 minutes. In exceptional circumstances, you may contact the IS&T Help Desk <helpdesk@mit.edu>, 617-253.1101 to request your account be unlocked.

I get a blank gray box instead of my push options when trying to authenticate with Duo. What do I do? 

This can happen if you have no devices registered for Duo. Check to see if you have registered a device for Duo at http://duo.mit.edu. If not, register one. Other solutions include: 

  • Clear your browser cache and try again.
  • Quit and restart your browser, then try again. this can clear up any lingering issues from other sites you've visited recently.
  • Disable any custom browser extensions you've installed. Some can cause issues with Duo.
  • Try another browser. For example, if you're using IE, try Chrome or Firefox.

Dragon and Touchstone (whether or not "Remember this device for 30 days" is selected) results in a Touchstone error that says this site requires cookies. 

Browser extensions for Dragon NaturallySpeaking cause Duo/Touchstone to fail. Turning off this extension will resolve the issue and allow the user to authenticate properly. To disable extentions: 

NOTE: it is not possible to work around the behavior by disabling Dragon extensions, setting Duo to "remember for 30 days", then enabling Dragon extensions again. Access to the Duo-protected site will fail on the next browser launch.

NOTE: it is not necessary to select "remember for 30 days" in order for Duo to fail.