Body
Frequently Asked Questions
How Do I Change Settings or Enroll a Backup Device, such as a tablet?
To change settings or enroll another device (such as a tablet), go to the OIT Password Management page and choose Manage Two-Factor Authentication. Log in with your NetID and password and authenticate with two-factor. Once you are in, you can Add, Modify, or Delete a Device and change your default preference.
My phone was lost/stolen. What do I do?
Report the issue to the OIT HelpDesk for us to remove the device from your Duo account. Once you have your new device, if you have the same phone number, you may reactivate duo by going to 2fa.utk.edu/restore. If the restore does not work, contact the HelpDesk to add your new device to Duo.
If I have signed up for 2FA, can I sign up for the non-expiring password policy?
Yes! After signing up for two-factor authentication, go to https://directory.utk.edu/change and change your NetID password to a new 12-16 character password and you will no longer be prompted to change it.
- NOTE: In the event of a security threat, OIT may require users to change their password. Even with the great protection 2FA provides, there are still systems across the many departments at the university that are not protected by 2FA.
What is the Duo lockout policy?
A Duo lockout occurs after 5 failed attempts and is locked out for 15 minutes from the last attempt. If you need immediate access, contact the OIT HelpDesk.
How much data does a Duo Push use?
Almost none. 500 pushes to your device will use 1 MB of data in total. This is roughly equivalent to loading one webpage on your smartphone.
Does installing the Duo Mobile app collect data or give up control of my phone?
No. Duo Mobile has no access to change settings on your phone. Duo Mobile cannot read your emails, cannot see your browser history, and requires your permission to send notifications. Lastly, Duo Mobile cannot remotely wipe your phone.
The only information Duo Mobile collects is to verify the security of your device. Collected data include your OS version, device encryption status, and screen lock. Duo uses this information to help recommend security improvements to your device, and you are always in control of whether or not you take action on these recommendations.
Why does the Duo Mobile app need to access my camera?
Duo Mobile only accesses your camera when scanning a QR code during activation.
What if I don’t have a Wi-Fi connection or cellular reception?
No problem. Tap the icon in the Duo Mobile app to generate an authentication passcode. You do not need an Internet connection or a cellular signal to generate these passcodes. If you are not taking your phone while traveling, contact the OIT HelpDesk for a temporary code to take with you on your trip.
I am planning on traveling abroad, what should I do to prepare for my trip?
You are also encouraged to test your two-factor authentication before leaving the university. The Duo mobile app will generate an authentication passcode that does not require an internet connection or a cellular signal.
If you are not taking your phone with you, generate a 30-day bypass code for yourself or request a hardware token.
My webpage uses NetID and password to log in. How do I add two-factor authentication?
Contact the OIT HelpDesk to start the conversation.
I log into my computer with my NetID and password. Will it use two-factor?
Most computers will not use two-factor authentication.
I left my phone at home and can’t log in. What should I do?
If you leave your phone at home, you have two options: 1) Return home and get your phone or 2) contact the OIT HelpDesk at 865-974-9900 for a temporary bypass code.**
My bank uses text messages for two-factor. Why is that not an option?
Text messages and telephone calls are features within the system. However, they are an additional cost. Other universities using these features pay up to an additional $250,000/year. UT has elected to use the more secure Duo Mobile app instead of enabling text messaging and telephone calls.
Who will be required to use two-factor?
Anyone with a NetID and password or UT email account. This includes current students, faculty, & staff (including visiting scholars, contractors, and sponsored accounts), as well as Retirees and Alumni.
Why doesn't the "remember me for 7 days" work on lab computers?
Many campus computer labs use software (such as Deep Freeze) that clears all data from the user's profile and web browsing sessions upon reboot. This software will delete the cookie that stores the login session.
Can I borrow a hardware token?
No. View pricing and eligibility for hardware tokens on the online request form. Provided tokens are yours to keep and use as needed.
I lost my token and need a replacement. Where can I get one?
Replacement tokens are available for $10 at VolTech in the Student Union.
I have a HUAWEI phone running Android OS, but I can't find the Duo Mobile app in my app store.
The Duo Mobile app is not available for HUAWEI phones running Android OS. If you are an active student, staff, or faculty member with a HUAWEI phone, you must request a hardware token.
My push notification is not working because I don't have cellular or Wi-Fi service. How can I log in?
Your Duo Mobile app will generate a temporary passcode. This option does not require WiFi or data, so this is a great option if you’re traveling or if you have limited or no cell/internet service. Open your Duo mobile app, tap the key icon, and it will reveal a passcode. Log in to the application, choose the enter a passcode option, enter the code, and you’re in!
Is there a limit to the number of accounts my phone number can be attached to in Duo?
Yes. Your phone # can only be attached to 100 accounts. If you need more than 100, you will need to remove your phone number from another account that you do not use frequently.
Can I opt out of 2FA if I have a disability?
If you would like to request an exemption from two-factor because of a disability, staff/faculty can reach out to the Office of Equity and Diversity (OED), and students can reach out to Student Disability Services (SDS) to start the conversation. These organizations will discuss the need for accommodation, and if approved, they will contact OIT.