At Charles Sturt we are using multi-factor authentication (MFA) with Duo Security to provide extra security when accessing sensitive IT services.
MFA strengthens access security by requiring two or more methods – also referred to as factors – to verify your identity. There are a number of authentication options available – Duo Push, passcode, SMS, phone call, and hardware token.
Duo Push is an authentication request you receive as a notification on your mobile device. We recommend using this method for accessing the Virtual Private Network (VPN), Virtual Desktop Infrastructure (VDI), Web Outlook (OWA), and any other service for which MFA is applied.
Why use Duo Push
Duo Push is as simple as approving a notification on your mobile device.
- It removes the risk of entering a passcode incorrectly.
- It is quicker than a text or phone call.
- Authenticating with a text message requires waiting to receive the text, reading a passcode, and then typing it in.
- Phone calls require actually answering the phone, listening to the recording, and using the dial pad to approve the login.
- It is more secure.
- Duo Push uses cutting-edge end-to-end encryption that SMS and phone calls can’t.
- The Duo Push screen displays detailed information about the application and source device that initiated the authentication request.
How to use Duo Push
To use Duo Push, you need to have the Duo Mobile app installed and activated on your mobile device.
- Enable notifications for the Duo Mobile app on your device.
- When you log into an IT service requiring MFA enter your university username and password then enter the word “push” in the Duo passcode/next code field.
- You will receive a Login request notification on your device – press Approve.
If you have not enabled notifications for the Duo Mobile app, you can open the app on your device. You will see the message Request Waiting – Tap to respond….at the next screen press Approve.