Overview

Multi-factor authentication (MFA) is an information security best practice that adds an extra measure of protection beyond user name and password. To address this important practice and further safeguard the university’s valuable electronic resources (personal information, account deposits, research data, etc.), JMU Information Technology is implementing a particular form of MFA known as two-factor authentication (2FA). Two-factor authentication uses something a user physically possesses (e.g. a cell phone, tablet, or hardware token) to submit an additional verification of identity at login. This second step helps foil criminals who may try using a guessed, stolen or inadvertently shared password to access a JMU account. A cloud-based service called Duo is being used to enable JMU’s 2FA.

Who can use this Service?

JMU students, graduates, faculty, staff and affiliates

How can I get this Service?

All new students, faculty and staff users will be required to enroll in Duo as part of establishing their eID.  Affilliates who require access to JMU’s electronic services will also be required to enroll in Duo.  For information about the enrollment process see Enrollment Guide (basic information) or the User Guide for more comprehensive information on specific Duo options.

Where can I get Help/Support?

Information Technology Help Desk at (540) 568-3555 or helpdesk@jmu.edu

Enrollment Guide

User Guide

eLearning - What is Duo?

eLearning - Duo Enrollment

FAQs

Does JMU provide any 2FA devices?
We encourage you to enroll one or more of your personal mobile devices (cell phone or tablet) so that you have the most seamless and user-friendly experience using Duo. However, faculty and staff can go to the IT Help Desk, located at the 4th floor of the Student Success Center to get a JMU-owned hardware token to use with Duo. The employee must bring a valid photo ID, which can be a JACard, Driver’s License, Passport, or other government-issued photo ID. Hardware tokens are also available to students through the JMU Bookstore.

What is a hardware token?
Hardware tokens are small, physical devices that generate passcodes when a button or sensor is pressed. When enrolled to your Duo account, these passcodes can be used to authenticate to Duo.

Is Duo different than the black realm?
Yes, Duo is different from the black realm and will be used for more than just SSL VPN access. Eventually, the Duo realm will replace the black realm. Existing SafeNet tokens and MobilePass apps will not allow you to authenticate with Duo, so it is important that you prepare to use different devices with Duo.

Why do I need to use 2FA?
Usernames are generally available and passwords can be stolen or cracked.  But hackers generally don’t have access to the devices used for secondary identity verification. So 2FA provides an additional security barrier against phishers, hackers and social engineers hoping to gain access to JMU resources including those that contain sensitive personal data, work files and intellectual property.

Am I required to use 2FA?
Yes, unless you are a student applicant.  Everyone else with an active JMU eID is required to use Duo.

What if I travel and don’t have cell phone coverage?
You can still use your Duo Mobile app to provide one-time passcodes that can serve as your 2FA login. The app will provide a new passcode every time you need to log in.

How Can I Authenticate Without Internet, network, or cellular service?
It is possible to authenticate without Internet or cellular connectivity, but it requires that you set up certain features beforehand:

  • The Duo Mobile app can generate passcodes without any sort of connectivity once it has been installed. It will also work if your device is in airplane mode.
  • Save or write down a batch of 10 SMS passcodes you receive while in an area of Internet or cellular connectivity. These passcodes will remain valid for 5 days.
  • Use a hardware token that is already enrolled to your account.


Does Duo see my password?
 
No. Your eID and password are verified with JMU’s internal systems only. Duo only interacts with your second factor to verify your identity.

What devices can I use?
Use any of the devices and related methods of 2FA authentication listed in the table below. JMU IT encourages registering at least two devices, one of which is a smartphone.

Device Authentication Types

For a list of supported device, see: Duo Guide

How do I add a new device or manage an existing one?
Go to the MyAccounts tab in MyMadison, and select Duo on the lower right. 

How many devices can I add?
There is no limit to the number of devices you can add. JMU IT recommends that you enroll at least two devices—a primary one (usually your smartphone) and a secondary device to be used if your primary device is unavailable. To decide how many/which devices to enroll with Duo 2FA, think about your day-to-day usage patterns as well as less-frequent or emergency cases such as travel, loss of your primary device, etc.

Do I need to have a smartphone to use Duo 2FA?
Using the Duo Mobile app on a smartphone to receive “push” notifications or generate passcodes is the most flexible and convenient option for most people. However, there are other options (SMS text message or hardware token) that do not require use of a smartphone.

What if I forget my smartphone at home?
You will need to use a secondary device to provide a 2FA response. The Information Technology Help Desk can provide assistance on using a secondary device, but without access to an enrolled 2FA device, you will not be able to log in.

What happens if I lose my phone?
You can use a secondary device to log in to MyMadison. Go to the MyAccounts tab and use the Duo “My Settings & Devices” panel to delete your lost phone. If you aren't able to log in using Duo, visit/contact the Information Technology Help Desk to remove the missing phone and help you log in using another method.

What if I get a new phone?

  • You will need to add the new phone to your Duo account and remove your old phone (if applicable). You can access your Duo account settings in MyMadison by:  entering your eID and password, confirming your identity when prompted and then selecting either “Add a new device” or “My Settings & Devices” from the links displayed on the left side of the window.
  • Duo requires that you confirm your identity by authenticating before you can make any changes to your Duo account. Depending on your situation, one of the following avenues may be available to you:
    • If you have more than one device currently enrolled with Duo, use an alternative device to authenticate to Duo
    • If your new phone has the same phone number as your old phone, request a batch of SMS passcodes be texted to you and use one to authenticate to Duo
    • If you still have your old phone with the Duo Mobile app installed and can generate a passcode, use a passcode to authenticate to Duo
    • If none of these situations apply, contact the JMU IT Help Desk for assistance

Does it cost me money to authenticate with my phone?
Usually not, but it depends on the method of authentication you are using and the specifics of your phone plan. Individuals are responsible for any charges for text or data on their individual phones.

Will I be reimbursed for Duo-related charges?
It is possible to accrue charges from using Duo in the following methods:

  • "Push" notifications with the Duo Mobile app uses a few KB of Internet data traffic.
  • SMS text messages are billed by your carrier according to your normal service plan.
  • International fees are billed by your carrier according to your normal service plan.

JMU is not responsible for the reimbursement of any expense incurred through use of Duo. If you will incur significant expenses using Duo with a device, it is recommended that you enroll a different device that will not incur such expenses.

What if I don’t have a data plan on my phone?
Enroll your phone to receive SMS text messages that do not require a data plan. Keep in mind that your carrier may charge you for receiving SMS text messages.

Why can’t I set a token as my default authentication factor?
The option to set a device as the default for Duo is only available for devices that can receive an automatic authentication prompt (Duo Push).

Back to Top