Duo logo

MFA on Duo

Duo Security provides Multi-Factor Authentication (MFA) service to protect users against account takeover and data theft. This additional identification step blocks hackers from logging in your account even when your password is compromised or leaked. You will also be notified when someone tries to log in with your password, providng an additional level of protection to secured login. At EdUHK, most critical information systems are covered by Duo. It complements MFA on O365 introduced earlier to protect staff emails, OneDrive and etc.


How can I enable MFA on Duo via the Duo Mobile app?

Although enrolment on Duo is voluntary at this stage, it is strongly recommended that colleagues log in critical information systems via MFA on Duo for security purposes. Setting up of Duo on your mobile device is quick and easy with just a few clicks.


1. System requirements

 

  1. Make sure your mobile device meets the requirements below before you install the Duo Mobile app.
    iOS:‐ iOS 11 or above
    Android OS:‐ Android 8 or above
    (Which versions of Android does Duo Mobile support?)

 



2. Install and configure Duo Mobile App

Install the Duo Mobile app and allow notification for this app:

 


Get the Duo Mobile App for your device: Apple App Store Google Play Store

For android devices without Google Play store, please download the APK file here.


3. Register your mobile device for Duo

Users can register your mobile device for Duo via the self-service portal at https://selfservice.eduhk.hk/duo_ss/.

Register your mobile device for Duo: (Click to expand)

You can follow the video below: (If you cannot view the video, please click here to open the video.)

  1. Open a web browser and visit https://selfservice.eduhk.hk/duo_ss/.
  2. Log in with your EdUHK username, password and Date of Birth (mm-dd) and click "SUBMIT".
    Duo self-service portal login

  3. Click "Set Active User".
    Set active user

  4. Click "Manage Your Duo settings".
    Choose manage your duo settings

  5. Click "Start setup".
    Start to setup

  6. Choose “Mobile phone” as the primary verification device. Then click "Continue".
    Choose device type

  7. Choose Hong Kong for country code and enter your mobile phone number. Tick the check box to confirm the phone number is correct. Then click "Continue".
    Enter your phone number

  8. Choose the type of your phone (e.g. iPhone) and click "Continue".
    Choose phone type

  9. Click "I have Duo Mobile installed". (Note: Make sure you have the Duo mobile app installed on your device. If not, please install it before you proceed to the next step. Please visit Install Duo Mobile app for details.)
    Prompt user to launch the Duo Mobile app

  10. When you see the following screen, open the Duo Mobile app on your mobile.
    Prompt user to scan the QR code

  11. Click “+” to add an account on your mobile device.
    Add account on Duo Mobile app

  12. Scan the QR code you get from step 10.
    Scan QR code from Duo Mobile app

  13. A six-digit passcode will be shown and your account is added successfully.
    six-digit passcode will be shown

  14. Then switch back to your computer and click “Continue”.
    QR code scanned, continue on the computer

  15. Choose "Ask me to choose an authentication method" and click "Continue to Login".
    choose an authentication method

  16. Click "Send Me a Push" to trigger the login approval process.
    Trigger login process

  17. You will then receive a notification on your mobile. Tap on the notification
    Authenticator app icon

  18. Click “Approve” on the app as the second step of verification.
    Prompt for login in approval

  19. Congratulations. Your device is ready to approve authentication requests and you can click "logout" or close your web browser. (Note: Please do not un-install the Duo Mobile App on your mobile device as you will need to use it for login approvals.)
    Trigger login process



Applications currently covered by Duo

Currently, most of the critical information systems and cloud services (e.g Qualtrics, Zoom) are covered by MFA on Duo. VPN and Moodle will be enabled in the next phase.


Do I need to approve every time I log in?

You will be prompted to approve every time when you log in a system covered by Duo like The Portal. You can also tick the option "Remember me for 30 days" to trust the browser and computer you are using. Then, you will not be prompted for approval for 30 days accessing the same system on the same browser on the same computer.

Remember me 30 days option

However, this "trust" feature is applied on the browser only. If you access the system with another browser, Duo will prompt for approval again.


- What if I do not have my mobile with me during log in?

If your registered device is not with you, you can apply for a "Bypass Code" on the Duo Security Self-Service Portal. The code is valid for 60 minutes only. For details, please visit FAQ: : How can I verify my identity when I do not have my registered device with me?


- Can I register more than one device for Duo?

Yes, you can register multiple devices on the Duo Security Self-Service Portal". For details, please visit FAQ: How should I reconfigure Duo when I have my mobile device replaced?.



If you have other questions about Duo, please visit the FAQ: MFA on Duo or Guide to Two-Factor Authentication by Duo , or contact IT Help Desk for assistance.