Frequently Asked Questions

The following links are for frequently asked questions related to IslandID Two-Factor Authentication, powered by Duo Security. 

Duo Requirement Timeline

October 10, 2017 - Duo is enabled on Cisco AnyConnect (VPN). 

January 31, 2017 - Duo is enabled on all IslandID authenticated systems for the University Test Group. 

March 1, 2017 - Optional enrollment is turned on for campus faculty and staff. 

April 3, 2017 - Two-factor authentication becomes mandatory for all faculty and staff. 

November 16, 2017 - Two-factor authentication is live on RD Gateway.

March 26, 2018 - Two-factor authentication is live on TAMU-CC faculty and staff email. 

October 24, 2018 - Duo will be implemented on student IslandID accounts with last names beginning with A-F.

November 7, 2018Duo will be implemented on student IslandID accounts with last names beginning with G-M.

November 14, 2018 - Duo will be implemented on student IslandID accounts with last names beginning with N-Z.

General Questions

A. It is the use of two independent means of evidence (factors) to assert the identity of a user requesting access to some application or service to the organization that provides the application or service. The objective of 2-Factor authentication, as a method of electronic computer authentication, is to decrease the probability that the requestor is not who he/she claims to be.

Any person who has used an ATM machine to withdraw cash for a bank account has used 2-Factor authentication - you had to provide something you had (a card) and had to provide something you know (a PIN) in order to complete the transaction.

A. Duo two-factor authentication is required for most applications that use the IslandID and password. E.g. Blackboard, S.A.I.L., Banner, Argos, DegreePlanner etc.
A. Privacy, and the threat of identity theft, is increasingly a concern as more of personal information finds its way to online applications. In addition, passwords alone can frequently be easily guessed or compromised through phishing or hacking, consequently, no longer providing adequate protection for mission-critical information system and applications containing Personally Identifiable Information.
A. Any TAMU-CC faculty, staff, student, or designated affiliate who needs to have access to a system or service that is protected by Duo two-factor authentication will eventually need to use the service.
A. Once a user is enrolled in Duo, the user will need to answer a second-factor credential challenge to authenticate into any application or server that has been configured for the Duo Second-Factor Authentication service.
A. With increasing security attacks across higher education institutions, passwords alone are not a sufficient way to protect resources. Two-factor authentication decreases the risk of compromise because a hacker would need to acquire the thing you "have", as well as the thing you "know".
The only data that Duo stores for a user is the subscriber's IslandID (Duo does NOT know your IslandID password) and information about your second factor, such as a phone number (if using a phone for the service) or the serial number of your hardware token (if not using a phone for the service).
A. Contact the IT Service Desk immediately if your phone is lost or stolen. The Service Desk will disable it for authentication and assist you to logging into your account using a secondary device.

 

Remember: Your IslandID and password (first-level authentication) will continue to protect your account even if your phone is lost.

A. We recommend never using the "Remember me for 7 days" feature on a shared computer. You may use it on computers you are the sole user of as long as you take responsibility for the security of access to that machine.

Using Duo with Your Phone

A. A smartphone is the best choice since it provides the greatest level of security and allows you to use the Duo Mobile App. The app generates passcodes for login and can receive push notifications for easy, one-tap authentication.

Having said that, a smartphone is not required to use the service.  

A. Yes, any cell phone will work, but it will not include the advantages of the app (passcodes, prompts, etc.) and may result in regular cell phone charges in order to call back and authenticate (depending on the client's phone service).
A. You may use a landline instead of a mobile device; however,

You need to take into consideration the stationary nature of a landline. Even if you work almost exclusively at your desk in your office where the landline is located, you might on rare occasions need to have access to your Duo protected services from home or from a remote location.

A. First, using Duo on your phone is perfectly safe, and a smartphone is the preferable device to use for a number of reasons (app being available, calling prompts, one fewer "thing" to carry around and keep track of, etc.) In other words, a phone (especially a smartphone) is the preferred method.

Having said that, a hardware token is available for use instead of a phone.

A. You can set up Duo 2-Factor Authentication on multiple mobile devices (phones, tablets, etc.).

A. Text messages and voice calls are sent only when you request them, and they would be billed by your carrier in the same way that any other text message or call would. TAMU-CC will not reimburse you for these charges. If the charges when using Duo exceed a level that you're comfortable with, then consider switching to a hardware token rather than a cell phone for the service.
A. Yes, you can change to a different phone with a different number. You will need to reactivate Duo on the new device, and if it's a different type of device (for example, if you're going from Android to iPhone), then you will need to make sure that you select the new phone type before reactivating.
A. The app requests access to the camera. This is to scan the QR code during the activation process. It does not access your other apps or other data on your phone; it uses some base functionality of the phone and a certificate that identifies your phone to ensure accurate identification.

Hardware Tokens

A. A physical device that can usually fit on a key ring, which generates a security code for use with networks or software applications.
A. The only hardware token permitted for use with TAMU-CC’s Duo is the YubiKey FIDO U2F token.
A. It is your responsibility to purchase the hardware token(s) for use with Duo, either through your own menas or through your department.  IT does not purchase Duo tokens for clients at this time.

Troubleshooting

A. Whenever you're using a cell phone that's not a smartphone, select "Other" as type.
A. If this is the first time that you've used the service on this particular phone, then make sure that the enrollment process has been completed and then try again.

If you've used the service on this phone before and cannot login, then make sure that phone is not locked. If it is unlocked, then you may need to restart the mobile device and try again.

Make sure that you're using the correct mobile device. If you're using a new device (even if you have the same phone number), then reactivate Duo Mobile for the new device. (If you're changing types of phone, such as going from an Android to an iPhone, then select the new type of phone before reactivating.)

If the service is still not working, then contact the IT Service Desk.

A. If you are using a hardware token and it's not working, then try to re-sync the token. Call IT Service Desk for assistance with this process.
A. If you have stopped receiving push notifications, then check the network connection on your device. It may help to take your phone into and out of airplane mode. Try turning Wi-Fi off and resending yourself a push message. If these steps do not resolve the issue, contact the IT Service Desk.
For further assistance or to provide feedback, please contact the IT Service Desk at 361.825.2692 or ITHelp@tamucc.edu.