Skip to main content

Getting help with two-step login with Duo

Frequently Asked Questions

Please see our two-step login FAQ page for a list of frequently asked questions and answers.

I forgot to bring my mobile device or token to work. What do I need to do?

If you have an alternate authentication method (such as your desk landline or hardware token), please use that, otherwise, please contact the OIT Help Desk for a temporary bypass code.

Logging in with a two-step bypass code

After receiving a bypass code from the Help Desk for a lost device or international travel, please follow the steps below to use this code as your two-step login method.  You may use this token to enroll a new device if you have an available replacement.

Step 1:

Navigate to the service you are trying to login to, such as Rutgers Connect or the MyRutgers portal. Enter with your NetID and Password when prompted.

CAS.Rutgers.EDU NetID & Password prompt for login

Step 3:

Select the option for Passcode (Note: it may say Enter a Bypass Code or Enter a Passcode) and enter the provided bypass code you received.  Then, press enter or the login button.

DUO login prompt with arrow pointing to passcode option

DUO prompt with passcode selected and ready for text entry

Step 4:

You should be successfully logged into the desired service, you may also use the bypass code to enroll a new device and remove old devices.

My hardware token doesn’t work or needs to be resynced, what do I need to do?

If your token is not working it may need to be resynced, please follow the steps below to reenable your token.

Step 1:

Login to the Two-factor authentication set-up and management page.

Note: a popup may appear prompting you to authenticate with two-step, you can close this popup.

Step 2:

Click Resync Hardware Token at the bottom left of the left menu.

NetID Management two-step page, with an arrow pointing to Resync Hardware Token

Step 3:

Select the appropriate serial number of your token (if you have more than one), then enter 3 sequential codes and click Resync Hardware Token.

Note: There is a 10-30 second wait before a new pin can be generated, depending on your token model.

NetID management resync token page with text fields for 3 codes and serial number dropdown at the top.

Step 4:

You should receive the confirmation You have successfully synced your hardware token if successful.  If not please try step 3 again, and if you experience further issues please contact the OIT Help Desk.

Confirmation on resync of token

If my hardware token is lost or stolen, what do I need to do?

Please contact the OIT Help Desk to initiate a request for a replacement and request a bypass code if needed.  If you have an alternate device setup for two-step, please use that device to remove the hardware token from your account.

Can I use two-step login without internet/cell service?

The Duo mobile app can generate passcodes on Android and iOS without needing access to the internet, they can be entered on the two-step prompt as indicated below.  The hardware token will also function without issue.

DUO login prompt with arrow pointing to passcode option

Can I use two-step when traveling internationally?

You can use two-step while traveling abroad. All authentication methods are available internationally, though some require internet or cell service. When cellular service or internet access is not available, the mobile push, call, and SMS options will not be available to your device. In this case, you can still use the Duo mobile passcodes as indicated above, or hardware token if you have one. You can also request 10 one-time-use passcodes to be sent by text message before you travel.

What are some of the common support issues?

Automatic push issues

If you have two-step set to send a push notification to your device automatically and you are trying to use another authentication method or you are trying to add a new device, you must first click cancel in the bottom right corner before proceeding.

automatic duo push with cancel option visible and circled.

Remember-me issues

If you have automatic push setup, you will first need to cancel the automatic push, then press the remember me for 30 days option at the bottom left of the two-step prompt.  Please see the picture above on how to cancel an automatic Duo push.  Once canceled you may check the checkbox for “Remember me for 30 days” and then complete your authentication (i.e. sending another push to your device).

The Remember Me feature relies on cookies and when enabled correctly, you will not be asked to complete two-factor authentication the next time you are on the same browser. Please be aware of the following restrictions that can impact Remember Me feature and adjust your settings as necessary:

Chrome incognito does not provide support for Remember Me as cookies are cleared at the end of the session.

Internet Explorer has a “Delete browsing history on exit” in its General setting. If this is enabled, the Remember Me feature will not work.

Some browsers may have restricted security settings to only allow cookies from authorized sites. If so, please add add “duosecurity.com” as a trusted site.

Two-step integration form for non-web services

To integrate two-step (Duo) with a non-web service, please fill out the access request form.

Who do I need to contact if I need any help?

For any additional assistance, please contact the OIT Help Desk.