Background

Why Does Penn State Health Require Two Factor Authentication?
With increasing security attacks across higher education and healthcare institutions, passwords alone are not a sufficient way to protect resources. Two-factor authentication decreases the risk of compromises and data breaches because a hacker would need to acquire the thing you "have" as well as the thing you "know."
When will I need to use the Duo Two Factor Authentication service?
Duo is required to access many Penn State Health applications and to do identity verification with the IS Service Desk:
  • Spam Quarantine
  • Remote Access Portal
  • Outlook Web Mail
  • AnyConnect Virtual Private Network
  • Harrell Health Sciences Library Resources
  • IS Service Desk Password Reset
What data is stored by Duo?
The only data that Duo stores for a user is the subscriber's Penn State Health userid and information about your second factor, such as a phone number (if using a phone for the service) or the serial number of your hardware token (if not using a phone for the service). Duo does NOT know your PSH password.
Does it cost me anything to use the service via my phone? If so, will I be reimbursed by Penn State Health?
There is no cost to download or use the Duo Mobile smartphone app. If not using the Smartphone App, text messages and voice calls are sent only when you request them, and they would be billed by your carrier in the same way that any other text message or call would. Penn State Health will not reimburse you for these charges. If the charges when using Duo exceed a level that you're comfortable with, consider switching to a landline rather than a cell phone for the service (understanding the limitations of a stationary phone).

Enrolling in Duo

Do I need a smartphone to use Duo Two-Factor Authentication?
A smartphone is the best choice since it provides the greatest level of security and allows you to use the Duo Mobile App. The app generates passcodes for login and can receive push notifications for easy, one-tap authentication.
I don't have a smartphone. Will I be able to use Duo Two-Factor Authentication on my regular cell phone?
Yes, any cell phone or even a landline will work, but it will not include the advantages of the app (passcodes, prompts, etc.) and may result in regular cell phone charges in order to call back and authenticate (depending on the user's phone service).
Can I enroll more than one mobile device to receive the Duo Second-Factor Authentication call?
Yes, in fact you are encouraged to do so. You may register more than one mobile device and/or land line during the enrollment process.

Sign up »

Using Duo

Can I keep using my computer to access the Remote Access Portal or Outlook Web Access once I enroll?
Absolutely! You will continue to access these services like you do today. You will simply need your smartphone or other registered factor with you during the login process. Once you acknowledge the 2FA prompt, your smartphone is no longer needed.
Can I use my Duo-enrolled smartphone or tablet to access these services?
Yes. You would need to manually switch back and forth between the device's web browser and the Duo Mobile app to complete the authentication process, then return to the web browser. You will have a better experience with these apps by enrolling in the Penn State Health Mobile Device Management solution for continued access.
How does the mobile device receive the call for approval of the authentication attempt?
After you enter your username and password from your computer's web browser, you will see a screen asking which of your enrolled methods you want to use for the second factor.

duo prompt with explination
  1. Select which enrolled device you want to use for authentication.
  2. Select which method you want to use
  3. Method Description
    Duo Push Pushes a login request to your phone (if you have Duo Mobile installed and activated on your iPhone, Android, or BlackBerry device). Just review the request and tap "Approve" to log in.
    Call Me The Duo service will call your phone and ask that you acknowledge the login attempt by pressing a key.
    Enter a Passcode

    Log in using a passcode, either generated with Duo Mobile, sent via SMS, generated by your hardware token, or provided by an administrator.

    Click "Send SMS passcodes" to get a new batch of passcodes.

I used the Duo Push option and did not receive an alert on my device.
First, try opening the Duo Mobile application on your smartphone and selecting "Duo Push" in the lower left corner of the screen. If that doesn't work, call the IS Service Desk at 833-577-HELP (4357) and request that they delete your enrollment information. This will allow you to perform the enrollment process again.
I'm often in a location where I have poor cell coverage; how can I use the service?
In cases where cell coverage is not available, use the Duo Mobile App to generate a passcode by selecting the "Show" link in the "Penn State" account in the list. Use the passcode as your second factor. If you're not using a smartphone (and therefore do not have access to the app), generate passcodes in advance.
Where can I get more information?
End user documentation is available at http://guide.duosecurity.com.