Frequently Asked Questions
Why it's important.
On average 20 Smith user accounts are compromised each month, often through phishing or web surfing. Once a cyber criminal has access to your account they can view your private and confidential information (such as pay stubs or W2s). They can also use your email to try and gain access to your online banking, social media, or other email accounts you may have; they may send phishing messages to your contacts or others, and use your account for sending spam or engage in other illegal activities.
Two-factor authentication adds an extra step to the Smith login process, most commonly tapping an alert on your smartphone, and is the best protection against account compromise. If you use online banking, you probably already use some form of two-factor authentication. Most account compromise attacks come from email messages or web sites, Mac users and Windows users are both equally vulnerable to having your account compromised.
DUO Presentation Slides (PDF)
Do I have to have a smartphone to use Duo?
No! No! It's easiest if you have a phone that can run the Duo app, or receive texts, but in a pinch, you can use a landline, or one of several other options.
I don't remember getting an email about this after signing up. Can I still get to the setup page?
Yes! Once you are enrolled, all you have to do is go to a Single Sign On protected resource, such as portal.smith.edu, and log in. You will then see the Duo startup screen.
I signed up for Duo, but I’m not getting the Duo setup when I log in.
First, be sure you are logging in to a service that uses Smith’s Single Sign On for authentication; the Smith portal is recommended. Also, did you wait until the next morning after signing up? The background process that actually enables your account in Duo’s service runs automatically but only once a day, usually around 9am. If it has been a full day since you signed up and the Duo setup process still doesn’t launch when you log in, please contact the ITSC so we can troubleshoot the problem.
What services are covered by Duo?
Any service that uses Smith’s Single Sign On for authentication will also require Duo for authentication once activated. The most common services included are Smith email, Portal and Moodle (our Learning Management System).
What are some of our recommended “Best Practices” for using Duo?
- Don’t self-enroll on a Friday.
- Do register at least two devices for authentication verification.
- Do confirm or add a registered alternate “home email” address in Banner.
- Do send yourself a set of one-time codes you can keep in a safe yet accessible location.
What happens if I forget/lose/break my mobile phone/tablet?
We strongly recommend that you register at least one additional device (such as a tablet, a landline, a set of one-time codes, or a Yubikey) before something like that happens. You should then be sure to unregister the lost or broken device from your list of authorized devices.
I'm not seeing the option to have Duo remember me for 30 days.
If you have configured Duo to 'automatically send me a push' (or other 'automatic' action), the "remember me" feature isn't available. To change this, you first have to wait until the method you chose times out waiting for your response. Then click on the Settings & Devices link. Verify it's you, and then change "When I log in:" to "Ask me to choose an authentication method." Once you have done this, the "Remember me for 30 days" check box will appear.
I want to add another device (or change my settings), but I chose "Remember me for 30 days." How do I do it?
The "Remember me" option is tied to a specific browser on one computer. You can open a different browser and/or log into shibboleth on a different device, which will require you to authenticate; you should then be able to access the settings for your Duo account from the menu options on the left side of the Duo screen.
I click “Send Me a Push” but it’s not showing up on my phone.
Check your phone’s settings to be sure that alerts are enabled for the Duo application. Also, try actually launching the Duo app to be sure that the push request is reaching your phone.
How do I get a list of One Time authentication codes? View Instructions
You can select "Enter a passcode" which will text you a list of 5 new codes to your phone. Copy the codes to some place that is both safe and accessible to you, so you have them. Options include printing them then putting the printout in your wallet or purse, add them to secure storage such as a password manager application, or copying the list of codes to your alternate email address.
What happens if I’m away from all my registered devices?
If you’re out of options to authenticate -- your phone is back in your room, your codes are in your car, and you’re not at your registered land line, there is one additional option: you can contact the ITS Service Center (x4487) during normal business hours. Once you have verified your identity to them over the phone, they can generate a short term one-time code that you can use to verify your authentication. This temporary code expires in an hour after being issue.
I’m travelling abroad (and won’t be able to use cell service), what are my options?
- Use a one-time code that you printed and stuck in your wallet or purse.
- Before you leave, purchase and register a “U2F” USB authentication key, such as a Yubikey; it is fast, easy, and does not require a push, text or callback to verify you are you.
- If you’re stuck and don’t have other options, contact the ITSC during business hours, they can give you a temporary one-time code that is good for 1 hour.
I log into multiple accounts at the same time, can I still do this using Duo?
Some users are able to log in to multiple accounts in the same browser, such as your Smith email account and also your personal Goolge account if you have one. This is no longer supported by Google. We recommend that you use different browsers for separate accounts; for example, use Chrome when accessing your Smith account, and Firefox when accessing your personal account.
I have proxy access to another account from my individual account. Will Duo affect my ability to have proxy access?
I am using Microsoft Internet Explorer and the screen does not display correctly.
For the best results we do not recommend using Internet Explorer's Compatibility View with Duo authentication. You may be able to turn off Compatibility View yourself.
From the Address bar: If the Compatibility View button displays (broken page icon)in the Address bar to the right of the page address, you can click the button to exit Compatibility mode.
From the Internet Explorer Tools Menu: In the Internet Explorer browser window press the Alt key to display the menu bar. Navigate to Tools → Compatibility View settings and make one or more of the following changes:
- Remove the website where you use Duo authentication from the "Websites you've added to Compatibility View"
- Uncheck the "Display all websites in Compatibility View" option if present and enabled.
- Uncheck the "Display intranet sites in Compatibility View" option.
Click the Close button to save your changes.
What is a U2F Device? Where can I buy one? How do I use it?
A U2F (Universal 2nd Factor) device is a small USB device that you plug into your computers USB port to authenticate to Duo. These can be purchased from the Smith College Computer Store. Here are instruction on to use it as a additional authentication device.