Proper (and Improper) Use of DUO 2 Factor Authentication



What is Duo?

  • Duo is the application Queens uses for 2 Factor Authentication (a.k.a. 2FA or MFA). 
  • Duo protects Queens’ applications by using a second source of validation, most commonly a phone, to verify user identity before granting access.
  • Register new device for Duo Security


Why do we use Duo?

  • Username and Password credentials can be compromised (become known by bad actors) by a variety of methods.  The assumption is that if the person attempting a login knows both username/password and has that person’s cell phone, then they are almost assuredly the account owner.  If a bad actor has acquired the username and password of the account owner and tries to login with it, the owner will receive a notification with a prompt that asks whether the login attempt should be allowed or denied, the account owner will deny the request. 


Rules for Using Duo

  • Have you phone near you when you login to Queens systems so you can respond if prompted.
  • If you receive a Duo prompt on your phone for a login attempt, you are in the act of performing it is safe to click “Yes” or “Allow”.
  • If you receive a Duo prompt on your phone and you are not attempting a login of any kind, then:
    • Click “No” or “Deny”.   Receiving a Duo prompt when you are not trying to login indicates that someone, somewhere is trying to login to your account with your credentials
    • Change your password immediately.   It has likely been compromised
    • Notify IT Services at 704-337-2323 of the event.
  • Do not treat repeated Duo prompts as an annoyance and click “Yes” or “Allow” so that the Duo prompts stop coming.  Treat repeated and unexpected Duo prompts with suspicion and awareness that an attempt to hack your account may be taking place in real time.


Duo Multifactor Authentication prompts exist to help protect your account from being compromised by a bad actor.  When your account is compromised it is not only bad for you but makes it more likely that the bad actor will take advantage of the access they’ve gained to your account in order to try to exploit the accounts of other Queens users.   The human element to information security is critical to its success.   As a community, we need to stay aware of the threats around us and strive to protect our login credentials and the systems and data to which we’ve been given access.


Have more questions? Submit a request