ITS FAQs are moving to the new myFSU Service Center!

Request a service, report a problem or search hundreds of self-help articles, all in one place. Watch the Video

Two-factor authentication (2FA) adds an extra layer of protection to certain University pages and applications that contain sensitive information. While the two-factor authentication process can be completed through phone calls, text messages, and hardware tokens, using the Duo Mobile app is recommended. For more information on two-factor authentication, visit the 2FA for FSU page.


All 2FA FAQs


Two-factor authentication (2FA) is an extra layer of security designed to prevent unauthorized access to your personal information. It requires you to verify your identity twice—once with your password and once with your phone, mobile device, tablet or token—before you can access sensitive information within select FSU systems.  

Get Started

Why do I need 2FA on my employee email and Office 365 account?

By implementing two-factor authentication (2FA) on FSU employee Office 365 accounts and services, ITS has added an additional layer of protection that can help prevent unauthorized access to your email and files. Completing 2FA will simply be an additional step taken by employees when accessing Office 365 through their internet browsers, programs, or mobile applications.

How do I complete the 2FA process? 

When you try to access a page that has been protected with two-factor authentication (2FA), such as your My Profile page in myFSU, you will be asked to verify your identity and may see up to three authentication methods:

  • DUO Push (recommended) - get a pop-up notification on your mobile device using the Duo Mobile app
  • Call Me- answer an automated phone call to your mobile device or landline
  • Enter a Passcode - use the Duo Mobile app or a Duo Token to generate a passcode, or receive an SMS text message with a passcode

If you have more than one device registered, you will also see a drop-down menu with a list of devices. Make sure you choose a device that is near you and select your preferred authentication method.

Choose auth method

Verify using Duo Push

Duo Push is only available on registered devices with the Duo Mobile app installed. See How do I use the Duo Mobile app?

Verification using Duo Push is the recommended and quickest way to complete the two-factor authentication process.

  1. Click Send me a Push
    Click Send me a Push

  2. Your device will receive a push notification with a login request from Duo
  3. Click Approve
  4. If you are unable to tap approve from the push notification, open the Duo Mobile app and tap Approve

Verify using Call Me

  1. Click Call Me
    Click call me

  2. Your phone will receive an automated call
  3. Follow the instructions given in the automated message

Verify using Enter a Passcode

  1. Click Enter a Passcode
  2. Enter the passcode in the box and click Log in
    Enter your passcode and click log in

How do I make Duo remember my device or browser?

To speed up the two-factor authentication (2FA) process, you can set up a trusted device in Duo. When you try to access a page that has been protected with 2FA, before you choose a device to verify with, simply check the box next to Remember me for 30 days (highlighted in the image below).

MSV2.png

Checking this option will allow you to bypass 2FA for up to 30 days when you access protected pages or systems using the same device and web browser or application. If you do not check this option when you complete two-factor authentication, you will receive a prompt each time you access that protected page or system using the using the same device and web browser or application. 

NOTES:

  • The Remember me for 30 days option is not only specific to how you're accessing protected pages and systems (i.e., which web browsers or applications you're using), but also which protected pages and systems you're attempting to access.
    • For example, selecting this option when accessing your employee email account in Google Chrome will not prevent you from having to complete 2FA when accessing your Personal Details in OMNI HR using the same web browser.  
  • The use of Remember me for 30 days in a web browser relies on the use of cookies. If you clear your browser's cache, or if your browser is configured to delete your stored cookies automatically or on a scheduled basis, Duo will not be able to remember your browser and you will be prompted to complete two-factor authentication when you use your browser to access a protected page.
  • If you have your Duo configured to automatically call your default device or send a push to your Duo Mobile app, you will not be able to check the Remember me for 30 days option prior to authenticating. To access the Remember me for 30 days option when completing 2FA, you will need to disable to automatic call/push option. For additional information, see How do I manage the automatic Call Me or Duo Push option?

Can I Turn Off 2FA? 

Two-factor authentication (2FA) is necessary to help protect your personal information and cannot be disabled.

DUO App for Cell Phone or Tablet

Why should I use the Duo Mobile app?

Using the Duo Mobile app on your smartphone or tablet is the recommended, as well as quickest and easiest method of completing two-factor authentication (2FA). By installing the app on your smartphone or tablet, you can use Duo Mobile to complete 2FA by having a Duo Push notification sent your device or by generating a passcode. As an additional benefit, you don't need access to a wireless or cellular network to generate a passcode with the Duo Mobile app. Even if you're in an area without phone service, the Duo Mobile app can create a passcode that will let you complete 2FA so that you can access protected pages and applications. For more information, see How do I use the Duo Mobile app?

How do I use the Duo Mobile app?

The quickest and easiest method of verification is via a smartphone or tablet with the Duo Mobile app installed. By adding the Duo Mobile app to you two-factor authentication (2FA) account, you can choose to have a Duo Push sent to your smart device, which the app will allow you to approve or deny. The Duo Mobile app can also be used to generate a temporary passcode that you can use to complete the two-factor authentication process.

For more information on how to add a phone or tablet with the Duo Mobile app to your two-factor authentication visit here

Using the Duo Push option to complete 2FA

Verification using Duo Push is the recommended and quickest way to complete the two-factor authentication (2FA) process.

  1. Access any protected page, such as your My Profile page in myFSU
  2. Click Send me a Push
     
  3. Your device will receive a push notification with a login request from Duo
  4. Click Approve
  5. If you are unable to tap approve from the push notification, open the Duo Mobile app and tap Approve

Back to top

Using the Duo Mobile app to generate a passcode for 2FA

The Duo Mobile app can be used to generate a temporary passcode for two-factor authentication (2FA). You do not need access to a wireless or cellular network on your phone or tablet for this feature to work.

  1. Access any protected page, such as your My Profile page in myFSU
  2. Click Enter a Passcode


     

  3. Open the Duo Mobile app on your phone or tablet and choose your Duo-Protected Florida State University
    account to reveal a temporary passcode

  4. Enter the passcode in the box and click Log in


     

  5. If it will not accept your temporary passcode, then its time limit may have run out. To generate a new temporary passcode, click the refresh icon. 

What versions of Android are supported by Duo?

Effective 12/1/2020 the Duo App will only be supported on Android version 8 or higher and iOS version 12 or higher. Existing installations on Android version 7 and iOS version 11 will continue to function. New installation on those versions will be blocked by the Duo mobile app.

If I change phones but keep the same number, will 2FA and the Duo app still work?

If your phone number is the same, you can still complete two-factor authentication (2FA) via a phone call or text message. However, to use the Duo Push option, you will need to reactivate the Duo Mobile app on your phone (even if your new phone was restored from a backup or cloud storage service).

How do I reactivate Duo Mobile on a device?

If you remove Duo Mobile from your phone/tablet, or get a new phone but keep the same number, click the appropriate link below for instructions to reactivate Duo Mobile on your device.

Reactivate Duo Mobile on a mobile phone

  1. Sign in to my.fsu.edu
  2. Under myFSU Links, click myFSU Identity Management and select Manage 2FA Devices
  3. Click My Settings & Devices
    Click my settings and devices

  4. Verify using an existing device and method
    verify
  5. Scroll down and find the device you are reactivating and click Device Options
    Select a device

  6. Click Reactivate Duo Mobile
    Click reactivate

  7. Select the type of device you have and click Continue
    NOTE - Choosing Other will complete the setup and will not reactivate Duo Mobile
    Device type
  8. Open your phone's app store (Apple App Store or Google Play Store) and download and install the Duo Mobile app
  9. Click I have Duo Mobile installed
    (Screenshot is for Android only - your page will correspond to the device type you chose in step 6)
    Click I have duo mobile installed
  10. A barcode and set of instructions will appear. Open the Duo Mobile app and follow the instructions to activate Duo Mobile. If you are able to scan the barcode, you will be able to click Continue to finish activating Duo Mobile. If your phone does not have a camera or you are unable to scan the barcode, continue to the next step.
    Scan the barcode
  11. If you could not scan the barcode, click the link that says Or, have an activation link emailed to you instead
    click send an activation link

  12. Enter your email address and click Send email
    click send email

  13. On the phone you are activating, check your email for a message from Duo Security and open the link in the email. If your phone asks which app to use to open the link, select Duo Mobile.
  14. Duo Mobile will be activated
  15. Click Continue to finish adding your device
    Click continue to finish

Back to top

Reactivate Duo Mobile on a tablet

  1. Sign in to my.fsu.edu
  2. Under myFSU Links, click myFSU Identity Management and select Manage 2FA Devices
  3. Click My Settings & Devices
    Click my settings and devices

  4. Verify using an existing device and method
    verify
  5. Scroll down and find the device you are trying to reactivate and click Device Options
    Select a device

  6. Click Reactivate Duo Mobile
    Click reactivate

  7. Open your tablet's app store (Apple App Store or Google Play Store) and download and install the Duo Mobile app
  8. Click I have Duo Mobile installed
    (Screenshot is for Android only - your page will correspond to the tablet type you chose in step 4)
    Click I have duo mobile installed
  9. A barcode and set of instructions will appear. Open the Duo Mobile app and follow the instructions to activate Duo Mobile. If you are able to scan the barcode, you will be able to click Continue to finish activating Duo Mobile. If your tablet does not have a camera or you are unable to scan the barcode, continue to the next step.
    Scan the barcode
  10. If you could not scan the barcode, click the link that says Or, have an activation link emailed to you instead
    click send an activation link

  11. Enter your email address and click Send email
    click send email

  12. On the tablet you are reactivating, check your email for a message from Duo Security and open the link in the email. If your tablet asks which app to use to open the link, select Duo Mobile.
  13. Duo Mobile will be activated
  14. Click Continue to finish adding your device
    Click continue to finish

How do I complete 2FA without network or phone service?

If your smartphone or tablet is unable to receive a two-factor authentication (2FA) phone calltext message, or Duo Push notification because you aren't receiving phone service and/or your device is not connected to wireless or cellular network, you can still use your Duo Mobile app to generate a passcode. The Duo Mobile app does not need phone service or access to a network to generate a passcode. Another way to complete 2FA without network or phone service is to purchase a Duo Token, which is a small hardware device that allows you to generate a passcode with the press of a button

Having Trouble?

How do I add a device to 2FA and activate the Duo Mobile app?

Two-factor authentication (2FA) through Duo supports landlines, hardware tokens, tablets and mobile phones. Choose the type of device you wish to add from the list below.


You can manage devices connected to 2FA in two ways: from the myFSU Portal or the Identity Self-Service Portal.

From the myFSU portal:

  1. Sign in to my.fsu.edu
  2. Under myFSU Links, click myFSU Identity Management
  3. Click Manage 2FA Devices

From the Identity Portal:

  1. From any page using CAS authentication, click on Manage FSUID/Password
  2. Click Proceed
  3. Enter your FSUID or EMPLID, then click Continue
  4. Enter your date of birth and Continue
  5. If you have already activated your FSUID, then at the next menu, select Update Two Factor Authentication

  6. Next, you will need to sign in with your FSUID and Password to continue


Add a new Device

  1. You will be prompted to authenticate through 2FA before being managing stored devices. Select Call MeEnter a Passcode or Send Me a Push to authenticate. 
    (Send Me a Push is recommended for mobile devices)

  2. Once you have authenticated, select Add Another Device
  3. Select what type of device you want to add. (Mobile phone is recommended)
  4. Enter the device information, check the box to confirm, then click Continue
  5. Your new device has been added

To add an iPhone: 

  1. To add an iPhone, select iPhone from the list of available devices and click Continue.
  2. If you have not already installed the DUO app, you can download it from the Apple Store.
  3. Click I have DUO Mobile Installed.

  4. Open the DUO app on your device and tap the + button then scan the barcode

  5. You will now receive a success screen. Click Continue and your new device will be added


To add an Android:

  1. To add an Android, select Android from the list and Continue.
  2. If you have not already installed the DUO app, you can download it from the Google Play Store.
  3. Click I have DUO Mobile Installed
  4. Open the DUO app on your device and tap the + button, then scan the barcode
  5. You will receive a success screen. Click Continue and your new device will be added

    Note: Effective 12/1/2020 the Duo App will only be supported on Android version 8 or higher and iOS version 12 or higher. Existing installations on Android version 7 and iOS version 11 will continue to function. New installation on those versions will be blocked by the Duo mobile app.


To add a Tablet 

  1. Sign in to my.fsu.edu
  2. Under myFSU Links, click myFSU Identity Management 
  3. Select Manage 2FA Devices
  4. Click Add a new device
  5. Select Tablet and Continue 
  6. Select the type of device: iOS or Android
  7. Go to the App Store on your device and install the Duo Mobile App, then select I have DUO Mobile installed.
  8. Scan the presented barcode from your device
  9. You will receive a success screen. Click Continue and your new device will be added

To add a Landline

  1. Sign in to my.fsu.edu
  2. Under myFSU Links, click myFSU Identity Management and select Manage 2FA Devices
  3. Click Add a new device
  4. Click Landline and Continue.
  5. Enter a phone number and check the box, then click Continue and your new device will be added.

Add a Duo Token

Duo Token is a small hardware device that can generate a 2FA passcode with the press of a button. To purchase a hardware token and have it added to your two-factor authentication account:

  1. Visit or contact the FSU Bookstore (850-644-2072) for Duo Token availability and pricing information
  2. After purchasing a Duo Token, contact the ITS Service Desk at 850-644-HELP (4357) to activate it and sync the hardware token with your 2FA account.

What do I do if I run out of texted Duo passcodes? 

One way to complete two-factor authentication (2FA) is to have Duo send you a few passcodes via a text message, the process for which is detailed here. However, each passcode you receive via text message can only be used once. To receive a new set of passcodes sent to your phone, choose Text me new codes when completing 2FA using the Enter a Passcode option. 

If you've run out of passcodes while traveling abroad or when you have limited-to-no access to network, cellular or phone service, you may be unable to receive a text message from Duo. To avoid this problem, it is recommended that you install the Duo Mobile app on your smart phone or tablet. The Duo Mobile app has a function that can generate a passcode, even when your device does not have internet or phone service, allowing you to generate a new passcode as many times as you need.

Another way to generate a passcode, without the use of a phone or the Duo Mobile app, is by using a Duo Token. A Duo Token is a small hardware device that lets you generate a passcode for 2FA with the press of a button

What is a Duo token for two-factor authentication? 

Duo Tokens, also known as security or hardware tokens, are small hardware devices that can be used as an alternative to using your phone, tablet or the Duo Mobile app when going through two-factor authentication (2FA). These portable devices will generate a passcode that you can enter when you need to complete the two-factor authentication process to access a protected FSU site or service.


How to obtain a Duo hardware token

For Duo Token availability and pricing information, contact the FSU Bookstore (850-644-2072).


How to activate a Duo hardware token

To activate a purchased Duo Token and sync it with your two-factor authentication (2FA) account, contact the ITS Service Desk at 850-644-HELP (4357) or help.fsu.edu


How to complete two-factor authentication with a hardware token

To complete two-factor authentication using the device:

  1. Access any protected page or application, such as your My Profile page in myFSU
  2. Click Enter a Passcode
  3. Press the button on your hardware token to generate a new temporary passcode which will appear on its screen
  4. Enter the passcode from your hardware token into the box and click Log in

Troubleshooting a hardware token

Your Duo Token can get "out of sync" if the button is pressed too many times in a row without the generated passcodes being used. If your token stops working or you are not able to complete two-factor authentication with the passcode it gives you, submit a support request or contact the ITS Service Desk at 850-644-HELP (4357) or help.fsu.edu.

Office Issue?

How do I enable 2FA on my Office 2013?

To use a version of Microsoft Office which comes equipped with modern authentication, and already functions with two-factor authentication (2FA), it is recommended that you upgrade to Microsoft Office 365 ProPlus

Enabling two-factor authentication functionality on Office 2013 requires changes to your Windows registry. Incorrect changes to a Windows registry can result in a number of issues which can cause your computer to cease working altogether. Per Microsoft:

WARNING - Serious problems might occur if you modify your Windows registry incorrectly. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

To proceed with enabling modern authentication for Office 2013, contact your departmental IT professional and provide them with the following information so that they can update your Windows registry accordingly:

Modern Authentication requires minimum of Office 2013 client version 15.0.4753.1001 installed on end user machine.
Registry key Type Value
HKCU\SOFTWARE\Microsoft\Office\15.0\Common\Identity\EnableADAL REG_DWORD 1
HKCU\SOFTWARE\Microsoft\Office\15.0\Common\Identity\Version REG_DWORD 1
Microsoft Support Article: Enable Modern Authentication for Office 2013 on Windows devices

If your departmental IT professional experiences issues or has questions about this process, please submit a support request for additional assistance.

Which email programs or apps are compatible with 2FA?

Only programs and applications equipped with the modern authentication methodology will function with two-factor authentication (2FA). The following is a list of programs and apps currently known to be compatible with two-factor authentication:

Two-factor authentication is incompatible with email programs, applications and clients configured to use the following, less secure connection methods: ActiveSync, IMAP, POP3, and SMTP. In addition, apps and clients configured to use IMAP, POP3, and SMTP will not be able to access your email account while using a non-FSU IP address. For more information, see the following FAQ: Why am I sometimes unable to access my employee email?

What if I don't have access to the phone configured for two-factor authentication? 

We recommend registering more than one device with Duo. That way, if you forget your cellphone at home one day, you can select to have your verification message sent to a different device or landline. If you do not have access to any of the devices you have registered with Duo, submit a support request or contact the ITS Service Desk at 644-HELP (850-644-4357) for immediate assistance.

Why am I sometimes unable to access my employee email?

If you're off campus and attempting to access your employee email with an email client or app that is configured to use POP3, SMTP or IMAP (e.g., Thunderbird), that may be one reason that you're sometimes unable to access your account. 

The mail protocols POP3, SMTP and IMAP provide a less secure connection method. Furthermore, email clients and apps that use these protocols or ActiveSync will not be able to utilize two-factor authentication (2FA) to further protect the messages and files in your Office 365 account. For these reasons, ITS has limited where you can use POP3, SMTP and IMAP to access your FSU employee email.

To ensure that you're always able to access your employee email anywhere, access your account via https://outlook.com/fsu.edu or by using the recommended settings of a more secure email app listed here

However, to continue accessing your employee email using IMAP, POP3, and SMTP, you will need to do one of the following first:

 

Use the FSU network on campus

While you are on campus, connect to the Internet using the FSU wired or wireless (FSUSecure) networks, and you will be able to access your employee email account using the email client or app configured with IMAP, POP3, and SMTP. 

Back to top

 

Connect to the FSU VPN secure profile off campus

While you are off campus, connect to the FSU VPN (Virtual Private Network) profile detailed in the access instructions below. Connecting to this VPN profile will allow you to use an FSU IP address while you're on the Internet, which will allow your email client or app configured with IMAP, POP3, or SMTP to access employee email account. 

Important Notice
While connected to the FSU VPN secure profile (vpn.fsu.edu/secure), you will be using an FSU IP address for all network activity on your computer or device. It is it is highly recommended that you disconnect from the FSU VPN when you no longer need to access your employee email account. By signing in, you agree to abide by Florida State University's Information Security Policy. When you sign in to an FSU Internet connection, you are leaving a digital footprint that can be traced back to you. 

To access the FSU VPN secure profile:

  1. Go to vpn.fsu.edu/secure
  2. Sign in with your FSUID and password
  3. Go to the AnyConnect section and click Start AnyConnect
  4. On the next page, click the Download for... button (this will typically reflect your operating system, e.g., "Download for Windows" etc.) to download the Cisco AnyConnect Secure Mobility Client
    • For step-by-step installation instructions, click + Instructions to the right of the Download button
    • To install programs on an FSU-owned computer, please consult with your departmental IT support professional
  5. Once installed, a Cisco AnyConnect Secure Mobility Client window will come up and indicate that the VPN is "Ready to connect". In this window, enter vpn.fsu.edu/secure and click the Connect button
  6. Enter your FSUID and password in the Username and Password fields, then click OK
  7. Read and accept the Cisco AnyConnect banner statement to continue
  8. You are now connected to the network using the VPN service. 
  9. To sign out of the FSU VPN service, click the Disconnect button in the Cisco AnyConnect Secure Mobility Client

    NOTE - You can only access one FSU VPN profile at a time. If you need to access a departmental or group-specific VPN profile, you will need to first disconnect from vpn.fsu.edu/secure, change the VPN address to the profile to which you want to connect (e.g., vpn.fsu.edu/erp, etc.), and then click Connect. 

Back to top

If you're experiencing other issues with accessing your FSU employee email account, please contact the ITS Service Desk at 850-644-HELP (4357) or help.fsu.edu

Tokens

What is a Duo hardware token for two-factor authentication?

Duo Tokens, also known as security or hardware tokens, are small hardware devices that can be used as an alternative to using your phone, tablet or the Duo Mobile app when going through two-factor authentication (2FA). These portable devices will generate a passcode that you can enter when you need to complete the two-factor authentication process to access a protected FSU site or service.


How to obtain a Duo hardware token

For Duo Token availability and pricing information, contact the FSU Bookstore (850-644-2072).

Back to top


How to activate a Duo hardware token

To activate a purchased Duo Token and sync it with your two-factor authentication (2FA) account, contact the ITS Service Desk at 850-644-HELP (4357) or help.fsu.edu

Back to top


How to complete two-factor authentication with a hardware token

To complete two-factor authentication using the device:

  1. Access any protected page or application, such as your My Profile page in myFSU
  2. Click Enter a Passcode
  3. Press the button on your hardware token to generate a new temporary passcode which will appear on its screen
  4. Enter the passcode from your hardware token into the box and click Log in

Back to top


Troubleshooting a hardware token

Your Duo Token can get "out of sync" if the button is pressed too many times in a row without the generated passcodes being used. If your token stops working or you are not able to complete two-factor authentication with the passcode it gives you, submit a support request or contact the ITS Service Desk at 850-644-HELP (4357) or help.fsu.edu.

Back to top
 

How do I complete 2FA without network or phone service? 

If your smartphone or tablet is unable to receive a two-factor authentication (2FA) phone calltext message, or Duo Push notification because you aren't receiving phone service and/or your device is not connected to wireless or cellular network, you can still use your Duo Mobile app to generate a passcode. The Duo Mobile app does not need phone service or access to a network to generate a passcode. Another way to complete 2FA without network or phone service is to purchase a Duo Token, which is a small hardware device that allows you to generate a passcode with the press of a button.