MFA on Duo
Duo Security provides Multi-Factor Authentication (MFA) service to protect users against account takeover and data theft. This additional identification step blocks hackers from logging in your account even when your password is compromised or leaked. You will also be notified when someone tries to log in with your password, providing an additional level of protection to secured login. At EdUHK, most critical information systems are covered by Duo. It complements MFA on O365 introduced earlier to protect staff emails, OneDrive and etc.
How can I enable MFA on Duo via the Duo Mobile app?
Setting up of Duo on your mobile device is quick and easy with just a few clicks. The steps below will guide you through the process. Nonetheless, you are always welcome to contact IT Help Desk at 2948 6601 should you have any problems. (For new staff, please refer to the FAQ - Setting up Duo mobile app for MFA for the detailed procedures.)
1. System requirements
- Make sure your mobile device meets the requirements below before you install the Duo Mobile app.
iOS: ‐ iOS 12.0 or above Android OS: ‐ Android 8 or above
(Which versions of Android does Duo Mobile support?)
Note: If you don't have a compatible device to install the Duo app, please refer to the user guide "How to Enrol Duo without the Duo app".
2. Install and configure Duo Mobile App
Install the Duo Mobile app and allow notification for this app:
For android devices without Google Play store, please download the APK file here.
3. Register your mobile device for Duo
Register your mobile device for Duo via the self-service portal at https://selfservice.eduhk.hk/duo_ss/. (For new staff, please refer to the FAQ - Setting up Duo mobile app for MFA for the detailed procedures.)
Register your mobile device for Duo: (Click to expand)
You can follow the video below: (If you cannot view the video, please click here to open the video.)
- Open a web browser and visit https://selfservice.eduhk.hk/duo_ss/.
- Log in with your EdUHK username, password and Date of Birth (mm-dd) and click "SUBMIT".
- Click "Set Active User".
- Click "Manage Your Duo settings".
- Click "Start setup".
- Choose “Mobile phone” as the primary verification device. Then click "Continue".
- Choose Hong Kong for country code and enter your mobile phone number. Tick the check box to confirm the phone number is correct. Then click "Continue".
- Choose the type of your phone (e.g. iPhone) and click "Continue".
- Click "I have Duo Mobile installed". (Note: Make sure you have the Duo mobile app installed on your device. If not, please install it before you proceed to the next step. Please visit Install Duo Mobile app for details.)
- When you see the following screen, open the Duo Mobile app on your mobile.
- Click “+” to add an account on your mobile device.
- Scan the QR code you get from step 10.
- A six-digit passcode will be shown and your account is added successfully.
- Then switch back to your computer and click “Continue”.
- Choose "Ask me to choose an authentication method" and click "Continue to Login".
- Click "Send Me a Push" to trigger the login approval process.
- You will then receive a notification on your mobile. Tap on the notification
- Click “Approve” on the app as the second step of verification.
- Congratulations. Your device will be ready to approve authentication requests within 5-10 minutes and you can click "logout" or close your web browser. (Note: Please do not un-install the Duo Mobile App on your mobile device as you will need to use it for login approvals.)
Applications currently covered by Duo
Currently, most of the critical information systems and cloud services (e.g Qualtrics, Zoom) are covered by MFA on Duo. VPN and Moodle will be enabled in the next phase.
Do I need to approve every time I log in?
You will be prompted to approve every time when you log in a system covered by Duo like The Portal. You can also tick the option "Remember me for 30 days" to trust the browser and computer you are using. Then, you will not be prompted for approval for 30 days accessing the same system on the same browser on the same computer.
However, this "trust" feature is applied on the browser only. If you access the system with another browser, Duo will prompt for approval again.
- What if I do not have my mobile with me during log in?
If your registered device is not with you, you can apply for a "Bypass Code" on the Duo Security Self-Service Portal. The code is valid for 60 minutes only. For details, please visit FAQ: : How can I verify my identity when I do not have my registered device with me?
- Can I register more than one device for Duo?
Yes, you can register multiple devices on the Duo Security Self-Service Portal". For details, please visit FAQ: How should I reconfigure Duo when I have my mobile device replaced?.