Why is Duo Mandatory?

Passwords are no longer enough: we need Duo Two-Step Login to protect our financial data, our student data (including health records) and our research data, and also to protect the reputation of the University.  Each year, sophisticated “phishing” schemes and other tactics lead to hundreds of ONID accounts becoming “compromised” (accessible to unauthorized people), and that number continues to increase. Nationally, other universities have been adopting two-step login for several years, and it’s time for us to join them.  It’s our responsibility as good “digital citizens” to protect the data entrusted to our care.

The rate of compromised OSU accounts has dramatically increased both here and in higher education. Other universities across the country have responded to similar increases by requiring Duo, or similar two-step login processes, for all accounts. We are requiring all members of the OSU community to use two-step login as it is the best way to reduce the number of compromised accounts.

Duo helps us protect against attempts to steal information entrusted to our care, including: financial data, student and employee records, and sensitive medical and human subjects data.  With Duo, we can prevent:

  • Attempts to change your paycheck or financial aid direct deposit setting without your knowledge
  • Criminals attempting to commit identity fraud
  • Unauthorized access to read and send your email

Many of our peer institutions, including Arizona State University, Berkeley, Purdue, UC Davis and others have already implemented mandatory two-step login (sometimes referred to as multifactor authentication). 

Two-Step and Duo

Two-step login is a way to protect your account by requiring both something you know (password) with something you have (smartphone, tablet, or hardware token). You start by logging in with your username and password, then confirm that it's really you with your Duo device.

Watch this short video for an explanation.

Duo Mobile is the easiest way to perform two-step login on your account. Read more about Verified Duo Push!


Passwords are not enough. They can often be stolen, guessed, or hacked, and you may not even realize your password has been compromised. With Duo two-step login on your account, a compromised password doesn't have to mean a compromised account.

Yes. Online access to Direct Deposit, W2s, and 1098-T tax forms requires Duo access. Certain departmental systems may also require Duo for access.

Installing Duo

Go to duo.oregonstate.edu and click the “Sign up for Duo” button and follow the steps on screen. The Duo Guide provides instructions on enrollment and an overview of how Duo works.

The Duo Mobile app is available for Android and iOS. Duo also works with Touch ID, Face ID, Android Biometrics, Windows Hello, and security keys like Yubikey.

Yes you can! In fact, if you have more than one device, we strongly recommend it. It provides you with options if something unfortunate happens to one of your devices. 

No. Deleting the Duo Mobile app will not un-enroll you from Duo. Deleting the Duo Mobile app, without a secondary device registered, will lock you out of your ONID account. Reinstalling the Duo Mobile app will not grant access until it is re-registered to your account.  

If you deleted the app and need to reactivate it on your phone, use Device reactivation.

Android: Launch the Play Store app and search for “Duo Mobile”. Choose the Duo Mobile app from Duo Security, Inc., (not Google Duo). Download and install the application.

iOS: Launch the App Store app and search for “Duo Mobile”. Choose the Duo Mobile app from Duo Security, Inc. (not Google Duo.) Download and install the application.

Using Duo

If your phone does not have a network connection (cellular or wifi), you will not be able to use the Duo Mobile app.  If you have a security key or another Duo device, you can use it instead.

If you know in advance that you will not have a network connection, you can Generate a Temporary Code before you go.

Changing your SIM card will not impact your Duo Mobile use because the app is tied to the device's hardware security module (HSM). You will still be able to use your phone with Duo.

Open the Duo Mobile app and the push notification should be waiting there. Read more about troubleshooting push notification issues for iOS and Android

You should report all Duo push notifications that you did not generate. This may be a sign of someone attempting unauthorized access to your account, and your password may be compromised. Deny the push notification and then confirm that it’s a fraudulent attempt. You should change your ONID password if this occurs.

Yes. Using a device for two-step login comes with the obligation to take reasonable precaution to protect it. Such precautions normally include the use of a password or a PIN to unlock the phone, as well as maintaining current versions of your device's operating system and Duo Mobile.

If many authentication failures occur in a short period of time, your account to be locked for 30 minutes.

If you have a secondary device registered, such as a tablet or security key, you can still use that device to access your account. If you get a new phone with the same phone number, you can use Device Reactivation to activate it.

If you do not have a secondary device and do not have a new phone with the same phone number, you will need a bypass code to access your account.  

If your phone number is the same, you can use Device Reactivation to activate the new phone.

If your phone number has changed and you do not have a secondary device with which to Duo, you will need a bypass code to register the new phone. Please see this article for the procedure to activate your new phone. If you know you are getting a new phone with a different number, you can get a temporary Duo code to make the transition easier.

In order to receive a bypass code, you need to have your identity verified.  This is typically done with photo ID in person or via a video chat.  Your ID cannot be verified by email.

The Service Desk can generate a bypass code for any user.  You can contact the Service Desk by visiting them in Milne 201 or by calling 541-737-8787.  It is strongly recommended that you call or visit in person.  If you are unable to call or visit, you may also submit a ticket, but it may take longer to resolve your issue.

In addition, you can receive a bypass from a local IT support group if it is on the following list:

  • Athletics
  • Ag (Roots)
  • CASS
  • CGRB
  • Client Services
  • Business
  • Engineering
  • Forestry
  • HMSC
  • MU
  • OCSC
  • CoSINE (College of Science & Liberal Arts)
  • Student Health Services (SHS)
  • University Housing and Dining (UHDS)
  • VetMed
  • OSU Foundation