Overview

Multi-factor authentication (MFA) is an information security best practice that adds an extra measure of protection beyond user name and password. To address this important practice and further safeguard the university’s valuable electronic resources (personal information, account deposits, research data, etc.), JMU Information Technology is implementing a particular form of MFA known as two-factor authentication (2FA). Two-factor authentication uses something a user physically possesses (e.g. a cell phone, tablet, or hardware token) to submit an additional verification of identity at login. This second step helps foil criminals who may try using a guessed, stolen or inadvertently shared password to access a JMU account. A cloud-based service called Duo is being used to enable JMU’s 2FA.

Implementation has begun with a user enrollment process and enablement of Duo for a priority set of systems beginning with MyMadison and the SSL VPN. As the enrollment cycle completes, the existing one-time password (OTP) feature of MyMadison will be replaced with Duo and retired. Over time additional services will be enabled with Duo until virtually all JMU systems are shielded by two-factor authentication.

Who can use this Service?

JMU students, graduates, faculty, staff and affiliates

How can I get this Service?

To start using JMU’s Duo 2FA service, log in to MyMadison, go to the MyAccounts tab, choose Duo from the lower right, and follow the instructions to enroll. See the Enrollment Guide for additional detail. It is recommended that you enroll at least two devices in case the one you use most often is unavailable. 

Once you download and install the Duo Mobile app to your smartphone, enrolling it should take less than 10 minutes. It will take equal or less time for other types of devices, and you should enroll at least two devices initially.

Where can I get Help/Support?

Information Technology Help Desk at (540) 568-3555 or helpdesk@jmu.edu

Enrollment Guide

User Guide

eLearning - What is Duo?

eLearning - Duo Enrollment

FAQs

Does JMU provide any 2FA devices?
We encourage you to enroll your personal devices so that you have a more seamless transition into using Duo. However, faculty and staff can request a JMU-owned hardware token from the IT Help Desk, located at the 4th floor of the Student Success Center. The employee must bring a valid photo ID, which can be a JACard, Driver’s License, Passport, or other government-issued photo ID.

What is a hardware token?
Hardware tokens are small, physical devices that generate passcodes when a button or sensor is pressed. When enrolled to your Duo account, these passcodes can be used to authenticate to Duo.

Is Duo different than the black realm?
Yes, Duo is different from the black realm and will be used for more than just SSL VPN access. Eventually, the Duo realm will replace the black realm. Existing SafeNet tokens and MobilePass apps will not allow you to authenticate with Duo, so it is important that you prepare to use different devices with Duo.

Why do I need to use 2FA?
Usernames are generally available and passwords can be stolen or cracked.  But hackers generally don’t have access to the devices used for secondary identity verification. So 2FA provides an additional security barrier against phishers, hackers and social engineers hoping to gain access to JMU resources including those that contain sensitive personal data, work files and intellectual property.

Am I required to use 2FA?
Yes, unless you are a student applicant.  Everyone else with an active JMU e-ID is required to use Duo.

What if I travel and don’t have cell phone coverage?
You can still use your Duo Mobile app to provide one-time passcodes that can serve as your 2FA login. The app will provide a new passcode every time you need to log in.

How Can I Authenticate Without Internet, network, or cellular service?
It is possible to authenticate without Internet or cellular connectivity, but it requires that you set up certain features beforehand:

  • The Duo Mobile app can generate passcodes without any sort of connectivity once it has been installed. It will also work if your device is in airplane mode.
  • Save or write down a batch of 10 SMS passcodes you receive while in an area of Internet or cellular connectivity. These passcodes will remain valid for 5 days.
  • Use a hardware token that is already enrolled to your account.


Does Duo see my password?
 
No. Your e-ID and password are verified with JMU’s internal systems only. Duo only interacts with your second factor to verify your identity.

What devices can I use?
Use any of the devices and related methods of 2FA authentication listed in the table below. JMU IT encourages registering at least two devices, one of which is a smartphone.

Device Authentication Types

For a list of supported device, see: Duo Guide

How do I add a new device or manage an existing one?
Go to the MyAccounts tab in MyMadison, and select Duo on the lower right. 

How many devices can I add?
There is no limit to the number of devices you can add. JMU IT recommends that you enroll at least two devices—a primary one (usually your smartphone) and a secondary device to be used if your primary device is unavailable. To decide how many/which devices to enroll with Duo 2FA, think about your day-to-day usage patterns as well as less-frequent or emergency cases such as travel, loss of your primary device, etc.

Do I need to have a smartphone to use Duo 2FA?
Using the Duo Mobile app on a smartphone to receive “push” notifications or generate passcodes is the most flexible and convenient option for most people. However, there are other options (SMS text message or hardware token) that do not require use of a smartphone.

What if I forget my smartphone at home?
You will need to use a secondary device to provide a 2FA response. The Information Technology Help Desk can provide assistance on using a secondary device, but without access to an enrolled 2FA device, you will not be able to log in.

What happens if I lose my phone?
You can use a secondary device to log in to MyMadison. Go to the MyAccounts tab and use the Duo “My Settings & Devices” panel to delete your lost phone. If you aren't able to log in using Duo, visit/contact the Information Technology Help Desk to remove the missing phone and help you log in using another method.

What if I get a new phone?
If you get a new phone with the same phone number:

  • If you only want to receive SMS text message passcodes, you don’t have to do anything.
  • If you want to use the Duo Mobile app (which includes Duo Push), you need to reactivate the app for your new phone. Go to your app store and install the Duo Mobile app on your new phone. After Duo Mobile is installed, go to the Duo “My Settings & Devices” panel available from the MyAccounts tab in MyMadison. Click “Device Options”, then click the “Reactivate Duo Mobile” and follow the instructions to enable Duo Push on your new phone.


If you get a new phone with a different phone number:

  • Go to the Duo “My Settings & Devices” panel available from the MyAccounts tab in MyMadison. Add your new phone as a new device.
  • Click “Device Options” then click the trashcan icon to remove your old phone.


Does it cost me money to authenticate with my phone?
Usually not, but it depends on the method of authentication you are using and the specifics of your phone plan. Individuals are responsible for any charges for text or data on their individual phones.

Will I be reimbursed for Duo-related charges?
It is possible to accrue charges from using Duo in the following methods:

  • "Push" notifications with the Duo Mobile app uses a few KB of Internet data traffic.
  • SMS text messages are billed by your carrier according to your normal service plan.
  • International fees are billed by your carrier according to your normal service plan.

JMU is not responsible for the reimbursement of any expense incurred through use of Duo. If you will incur significant expenses using Duo with a device, it is recommended that you enroll a different device that will not incur such expenses.

What if I don’t have a data plan on my phone?
Enroll your phone to receive SMS text messages that do not require a data plan. Keep in mind that your carrier may charge you for receiving SMS text messages.

Why can’t I set a token as my default authentication factor?
The option to set a device as the default for Duo is only available for devices that can receive an automatic authentication prompt (Duo Push).

Back to Top