Duke is enhancing its online security measures to protect users and their data. As a result, several changes will be implemented across Duke University, Duke Health, and Duke Kunshan in the next several months featuring three key cyber security tools: Duo Mobile, Duke Unlock, and 1Password.

Duo logo
Duo Mobile provides a quick and secure method to verify your identity.
DukeUnlock logo
Duke Unlock is a key part of our MFA approach, offering a fast, secure, and password-free way to log in.
1 Password logo
1Password is a tool used to safely store and manage passwords available at no cost to all Duke faculty, staff, and students.

 

woman holding cell phone

For those who use SMS/Text or Phone Calls to Authenticate

Those using SMS/text and phone calls to access Duke resources are encouraged to register eligible devices with Duo or purchase a YubiKey by March 31, 2025

Duo is a service you can use for multi-factor authentication. By downloading the Duo Mobile application and registering your mobile device with Duo, you can authenticate by:

  • Choosing to receive a Duo Push notification to your mobile device,
  • Generating a passcode with Duo Mobile, or
  • Generating a passcode with a YubiKey--a hardware token that plugs into your computer’s USB port. 

 Watch this short video on how to register: T/K

 

Other Security Enhancements

  • Extended “Remember Me” Period: You only need to re-authenticate every five days instead of three (72 hours).
     
  • MFA On- and Off-Campus: Starting March 31, 2025, every one with a Duke NetID will need to use multi-factor authentication regardless of location.
     
  • Enhanced Password Checks: New or updated passwords are automatically checked against a database of known compromised passwords. If a password isn’t secure, you’ll be prompted to choose a safer one.

Glossary

A password management service that allows users to create, manage, and store credentials and other secrets as well as check for compromised accounts using 1Password’s built in Watchtower tool.

The process of verifying a user’s identity for access to a device, account, or system.

Bio (life) - Metrics (to measure) is used as a way of authenticating users based on a user’s unique fingerprint or iris.

An application that allows users to access web-based content. 

An authenticator that is built-into an operating system without the need of having to download an additional authenticator application.

Or CRV, is a series of security questions such as “What is your favorite place of travel?” to verify a user. 

A passkey-based browser authentication service developed at Duke that offers an alternative to Duo for multi-factor authentication.

An authentication service that verifies users via push notifications or passcodes.  

An application developed by Duo to provide authentication services on Android and iOS devices.

A method of authentication where the user receives a notification to either Approve or Deny access.

Often called two-factor authentication (2FA), enhances security by requiring users to provide multiple authentication factors, such as a passkey, token, or biometric.  

Known as Open Authorization is an authorization protocol commonly used with cloud and application services to grant sign in.

A series of digits a user must enter on their screen to confirm their identity.

Allows users to log into apps, services, and websites without using a username and password combination. Instead, passkeys use cryptographic keys (public and private keys) that are stored locally on your device or in the cloud e.g., iCloud. 

A string of unrelated words usually comprised of letters and sometimes numbers and symbols. Passphrases are meant to be easier to remember and type than a standard password.

A verification of a password against known compromised passwords and security requirements (password length and complexity).

A tool used to store and manage passwords. Duke recommends 1Password. 

Also known as text messaging. 

Also known as a security token is used to verify a user. Tokens can be physically connected to a system such as a YubiKey, physically disconnected from a system such as the Duo App, or contactless using wireless/RFID/Bluetooth connectivity (DukeCard readers).

A hardware security token (physical media) used to authenticate a user by connecting to a laptop or other physical devices that contain USB ports that a user owns.

Get Help