Duo

UMass Lowell uses Duo as its Multi-Factor Authentication service. Duo verifies your identity using a secondary device and confirmation.
Most services on campus are protected with MFA, including Blackboard, HR Direct, VPN, vLabs, and Microsoft 365. 

Duo Updates 

In our effort to continually provide the most secure access to all of your accounts, we are moving to a Verified Push model of Duo security.

With this new model, you will be asked to enter a code that will need to be entered* on the device that you have set up to receive previous push notifications.

Once you have entered the code, you will click on Verify and you will be logged in as usual.
*If you cannot find the place to enter the code on your device, please try scrolling down. Some devices will format the entry boxes lower than others. 

 If for any reason you cannot enter the code, you can click the blue Other Options button under the code, and you will see a new screen appear where you can choose a different verification mode.

If you choose to sign in with another option, that will remain the default for the next time you log in, and you will just have to choose Other Options next time to return to the Duo Push option. 

Starting June 1, 2023
We will be removing the Duo phone call (“Call Me”) option to authenticate when logging into all UMass Lowell systems protected by Duo.
Currently 83% of our campus community use the Duo verified push via the Duo mobile application. It is the most convenient and secure option for the second factor. Please visit your settings management page to manage your settings and configure your device for Duo verified push.  If you need additional assistance, please contact Tech Services at 978-934-HELP.

Enrollment Instructions

1. To set up Duo for the first time, visit the Multi-Factor Authentication website and select "Enroll".
   1. It is highly recommended that you do this from a computer, and not the mobile device that you will be enrolling with Duo.
2. Log in using your UMass Lowell email address and password. Click Login to continue.
   
   
3. You can now start the enrollment process by clicking the Start setup button.
   
   
4. You will be prompted to provide the type of device you want to enroll for MFA: mobile phone, tablet, or landline. Mobile phone (recommended) is checked off.
   It is HIGHLY recommended that you use a mobile phone, as this option best supports the features offered by Duo.
   
   
   
5.  On the next page, you will need to enter your phone number, confirm that it is correct, and confirm that you own the device by receiving a call or text message.
   
6. Enter the code from the text message.Screenshot showing a question asking what type of phone the entered number is: iPhone, Android, Windows Phone, Other (and cell phones)
   
   
   
7. Next, you will need to select the type of device you have. If you are using a phone that is not a smartphone, select ‘other’ and the setup will complete. If you have a smartphone, continue to the next step.
   
   
   
8. Install the Duo Mobile App. Duo Mobile is an app that runs on your smartphone and helps you authenticate quickly and easily. Without it you'll still be able to log in using a phone call or text message, but for the best experience we recommend that you use Duo Mobile. Follow the platform-specific instructions on the screen to install Duo Mobile.
   
   After installing our app return to the enrollment window and click I have Duo Mobile installed. 
   
   
   
9. Activate Duo Mobile. Activating the app links it to your account so you can use it for authentication. On iPhone, Android, and Windows Phone activate Duo Mobile by scanning the barcode with the app's built-in barcode scanner. Follow the platform specific instructions for your device.
   
   
   
10. Once you have scanned the bar code on your device, you should see the screen saying Activate Duo Mobile with a big green checkmark over the QR code, indicating success.
    
    
    
    
11. You have now finished enrolling your smartphone.
    
    
    
12. When adding devices, always select, “Ask me to choose an authentication method” from the dropdown. This will give you the option of receiving a “push” notification (recommended), receiving a call, or a passcode.

Frequently Asked Questions

Do I have to have Duo?

Yes. Duo is the university selected multi-factor authentication software that keeps all of our accounts safe. Duo is required to log in to most university applications and software. 

What if I don’t have a smartphone?

Although not as secure as using the verified push notifications through the app, you can still use SMS (text message) as your second factor. We also have a limited supply of Duo hardware tokens or security keys as a second authentication factor. If you lose your hardware token or forget it at home or the office, you can still contact Tech Services for a One-Time Passcode (OTP). For faculty and staff, please contact Tech Services if you need a hardware token.

Does it cost money to download the Duo app? 

No. There is not cost to download and enroll in Duo. If you are not using the smartphone app, text messages are sent only when you are attempting to log in, and they are billed by your carrier that any other text message would be. 

Does Duo store my data? 

The only data that Duo stores is your primary username (UML email address) and information about your second factor, such as your phone number or the serial number of your hardware token (if using a token for authentication). 

Can I use Duo internationally?

 Yes. If you have mobile data or a wi-fi connection, you can use whichever authentication type you normally use. All options will work overseas, and you can even add an international number as one of your devices for authentication. 
If you are unable to connect to mobile data or wi-fi,  choose the Enter a Passcode option on the device you are trying to log in to. Open the mobile app on your phone, and tap the button with the key symbol, and it will generate a code you can enter onto the original device. 

What if I get a new device?

You can manage your device settings at any time, including enrolling a new device on your account by accessing the Duo Management page. 

What is a hardware token?

 A hardware token is an external device that you can carry with you (on your keys, on your desk, etc.) that can verify your identity by displaying a code that you will enter into the prompt window on the device you are trying to log in to. If you are interested in obtaining a hardware token, please contact TechServices. 

Should I enroll more than just one device?

Yes. Although it is only required to have one device registered in order to access Duo MFA, we recommend enrolling a second device (like your work computer or your ipad) to avoid an difficulties should you get a new device, lose a device, or otherwise not be able to use the device. 

Do I have to use Duo every time I log in?

Not necessarily, no. If you are logging in to a device that you use regularly, like your work computer or your cell phone, your device will remember you and you won't have to verify your identity again, unless you log out or it has been over 30 days since you have last logged in. 
Some applications though, will not have the ability to remember you, and you will have to Duo in each time. A good example of this is using a vLabs computer on campus.