Two-Factor Authentication (Duo)

Multifactor authentication is a process of authenticating using two unique items of identification. An example of this practice is your Stockton GoPortal password and a DUO push notification to your mobile device. Multifactor authentication is the most powerful tool to prevent attackers from accessing your account and stealing your information. As such, 2-Factor Authentication is required for all Stockton accounts per our acceptable usage standards to ensure that our information systems remain as secure as possible. Stockton University is leveraging the Duo Security platform to enable easy and non-intrusive 2-Factor Authentication across secure services such as Banner Admin Pages and E-mail.

First-time Setup

To begin, download the Duo Mobile App for your smart phone - Android Play Store or Apple App Store. Although the Duo Security platform has multiple ways to provide a second authentication factor, we recommend using the Duo Mobile app for IOS and Android for the best experience.


New phone? Call the Help Desk and we can assist you with re-activating DUO on your new phone.

  • After logging into the GoPortal you will be prompted by Duo to enroll in 2-Factor Authentication, click on the “Start Setup” button and choose the setup option “Mobile phone”.
  • Enter the phone number of the device you’re enrolling in 2-Factor Authentication, make sure to check the confirmation box that your phone number is correct.
  • Launch the Duo Mobile app, approve any requests for notifications permissions, then tap on the “Add Account” button to open up your camera and scan the QR code on your computer screen.

When using “Send me a Push” Duo Mobile will send a notification on your phone each time there is an attempt to log into a secure service.

A duo push notification

Prevent Fraudulent Access

When you receive a Duo push notification, the location of the login attempt will be listed in the app. This can be a good indicator of a fraudulent attempt to access your account, especially if the request is coming from a foreign ip address. If you receive a login request that you did not initiate, do not approve the request. With great power comes great responsibility - it is important to reach out to the Help Desk and notify us of any fraudulent login attempts.

a screenshot of Duo Mobile with a login attempt coming from Sao Paulo in Brazil.

If you do not wish to install the Duo mobile app on your smartphone, there are several alternative options:

  1. Text message (SMS): A text message with a one-time use code is sent to your phone.
    A screenshot of the Duo "text message" option
     
  1. Voice call: A call will be made to the number on file.  Press 1 to accept, press # to report a fraudulent authentication attempt.
    A screenshot of the Duo "voice call" option

 

  1. Hard token: A small physical device that you carry around.  Press the button and it generates a one-time use code. A screenshot of the Duo "hard token" option

 

If you previously enrolled your phone with the Duo app and would prefer to use only the voice/text options, simply uninstall the app from your device and choose the desired option (SMS or voice) next time you’re prompted for a second factor. 

 

If you would like to obtain a hard token or wish to adjust your enrollment method, please contact information.security@stockton.edu via email or by phone (609-652-4779).