Student logging into laptop with mobile phone

Duo MFA for Students

Students who don't already use Duo will receive an email between Jan. 29 and Feb. 12 with instructions and a deadline for setting up Duo.

Data breaches make headlines almost daily. The most common point of entry for attackers is stolen user names and passwords. Multifactor authentication (MFA) strengthens protections by requiring an additional layer of security beyond username and password when accessing systems.

KU has partnered with Duo to provide multifactor authentication on the Lawrence/Edwards campus. Logging into multifactor authentication requires something you know (i.e., your KU Online ID and password) and something you have (i.e., Duo app or text codes on your mobile phone).

Duo for Students

In spring 2024, we will start requiring all students to use Duo when logging into KU systems. KU faculty, staff, graduate research assistants, graduate teaching assistants and graduate assistants, individuals using sponsored temporary accounts and undergraduate student employees at the request of their department have been using Duo since 2019.

Duo for students represents an important step in providing consistent and equitable protection across our Jayhawk community. When everyone participates in multifactor authentication, it strengthens security campuswide.

When Will I Have to Start Using Duo?

Beginning on Jan. 29 and continuing throughout the semester, we will activate Duo for groups of students each day. Our process is based on the successful enrollment process Kansas State University used with their students last year.

When it's your turn, you will receive an email giving you a week to download the Duo app and enroll your mobile device in Duo. If you don’t enroll in before the activation deadline, the first time you log in to a protected KU system after the deadline

You don't have to wait! You can sign up and start using Duo MFA right away by downloading the Duo app now to your Apple or Android mobile device and following the instructions at duosetup.ku.edu to activate Duo on your KU account.

How Does Duo Work?

Once you are enrolled and have set up Duo, log in to any KU system via single sign-on (SSO) as usual. After entering your KU Online ID and password, you will be prompted to verify your identity using Duo. Confirm your identity through the Duo app, and you will be logged in. It’s that simple! Using the Duo app on your smartphone is the easiest and most convenient way to confirm your identity. If the mobile app is not an option for you, please contact your IT Support Staff or the IT Customer Service Center to discuss your options.

Why is KU Using Duo MFA?

Collectively as an institution and as individuals we have a legal and ethical obligation to protect private, confidential and sensitive data to the best of our ability. In an increasingly complex digital world, username and password alone are not enough to stop hackers and data thieves. Multi-factor authentication using Duo gives KU an affordable and simple way to ensure all faculty and staff can do their part to protect their own data, as well as that of colleagues, students and other stakeholders.

Can I Use Duo on My Personal Accounts?

Absolutely! We encourage you to use multifactor authentication on any personal accounts (e.g., banks, credit cards, social media, etc.) that provide the option. And, in most cases, you can use Duo to access those accounts. Duo provides information for using the app with other online services and accounts.

More Info from Duo

Duo's website provides additional information and a self-enrollment video guide to help you register your phone or tablet and activate the Duo Mobile application.
Illustration of table with notebook, laptop and coffee cup with "Duo Self Enrollment"

Frequently Asked Questions

The following groups who are part of the Lawrence and/or Edwards campuses have been required to use Duo multifactor authentication since 2019:

  • Faculty and staff
  • Graduate research assistants, graduate teaching assistants and graduate assistants
  • Individuals who use sponsored temporary accounts (STA)
  • Undergraduate student employees at the request of their department

Passwords are easily compromised. They’re no longer enough to protect personal, sensitive or financial information. KU’s data includes YOUR data—academic information, health information, etc. A large security breach could affect the University’s finances and reputation, as well as the personal, financial and academic information of students, faculty, staff and other stakeholders.

When you authenticate with Duo, there will be an option to select "Remember Me." If you select Remember Me, then you will not be required to use Duo for the next 30 days as long as you are logging in from the same device using the same browser (see note below). Please be aware that the 30 day time-frame may change in the future depending upon KU’s security needs.

Note: There are two cases where you will have use Duo every time you log in. First, the KU Anywhere VPN will require you to use Duo each time you authenticate. There is no “Remember Me” option for the VPN. Second, you will be required to use Duo every time you log in to a classroom computer, even if you’ve logged in to that machine before.

We strongly recommended that you use the Duo app because it will make your life easier. Most of us keep our mobile devices with us at all times. If you don't have a mobile phone capable of downloading apps, contact the IT Customer Service Center at itcsc@ku.edu to discuss alternative options.

Yes, you will be required to use Duo every time you log in to computers in classrooms and campus computer labs. Please note that the “Remember Me” option will not work because classroom and campus computer lab computers are reset when you log off.

If you need Duo multifactor authentication reissued on a new device or you had to reinstall the Duo app on an existing device, contact the IT Customer Service Center at itcsc@ku.edu or 785-864-8080.

You will need to answer the following:

  • Is the phone number of the new device the same as the previous device?
  • What is the OS of the new device?

The IT CSC will then reissue the DUO multifactor authentication.

 

According to Duo, “its authentication and self-enrollment features are compatible with screen readers such as NVDA and VoiceOver on PCs and Macs. Additionally, Duo Mobile app is accessible to voiceover functionality on Apple and Android devices. Duo has also made all the authentication and self-enrollment features accessible by keyboard for people with limited motor skills.”

If you have questions or concerns about accessibility, or need an accommodation, please contact the IT Customer Service Center at 785-864-8080 or itcsc@ku.edu.

No. The Duo app does not give the University access to your mobile device and does not provide any control over the mobile device. During the multifactor authentication process, the only information provided to the University is that the authentication was completed. For more information, see Duo’s privacy policy.

Most enterprise applications at KU will require multifactor authentication, including HR/Pay, Enroll & Pay, myKU, myIdentity, myTalent, Canvas, and others.