Duo Two-Factor Authentication: Frequently Asked Questions

Two-Factor Authentication (2FA) is a requirement for Mississippi State student and employee accounts. Due to the increasing prevalence of compromised account passwords, 2FA provides another layer of protection preventing those with malicious intent from gaining access to your account. Even if someone does manage to obtain your NetID/NetPassword credentials, with 2FA in place, since they won't have access to your "second factor", they should still not be able to log in to your account.


Please review the FAQ below for more information about 2FA, including some tips to make using it a little easier, such as checking the box to "Remember me for 24 hours" to reduce the number of authentications you have to approve.

Why does MSU require Two-Factor Authentication?

Cyber attacks and information breaches are becoming a major concern for higher education. Attempts to compromise user accounts through sophisticated phishing, social engineering, and brute-force password attacks have escalated and pose a significant threat to the security of online data.

The Office of the Provost has determined that a two-factor authentication requirement for user log ins is necessary in order to better protect the online identity and personal information of MSU students and employees as well as to secure the university's research, intellectual property, and institutional data.

What is Two-Factor Authentication (2FA)?

2FA adds another layer of security when logging in to MSU systems. The first factor required to log in is something you know, i.e. your NetID/NetPassword. The second factor is something you have, typically your smartphone or tablet. Therefore, even if an attacker is able to get your NetID/NetPassword, they should not be able to log in to your account, because they does not have your second factor.

MSU uses a product called Duo for two-factor authentication. For more information about Duo, please visit their website.

What are my authentication method options with 2FA/Duo?

There are two options for authenticating with 2FA/Duo. The recommended option is to receive a push notification to your mobile device. Note that is not a text/sms, but is generated via the Duo Mobile app. The second option is to enter a passcode. See the "What is a Duo passcode?" question below for information on how to get a passcode.

Am I required to use 2FA with every CAS login?

Once you choose the Duo authentication method, check the box next to "Remember me for 24 hours." You will not have to use 2FA for 24 hours in that browser on that computer.

What is a Duo passcode?

A passcode is generated by Duo for authentication. The passcode is used as the 2FA authentication method in specific situations such as:

  • You normally use the Duo Mobile app for a “Push” notification to your device but you don’t have your mobile device with you.

  • You don’t have a mobile device and need a hardware token (fob) to generate a passcode.

  • You are at a location where there is no cellular or wireless service to your device, so the “Push” notification will not work.

There are three methods available to obtain a passcode.

  1. Go to 2fa.msstate.edu and click “Generate a Two-Factor Authentication Passcode." This passcode is valid for 24 hours.

  2. Access the Duo mobile app on your device and tap the arrow icon next to Mississippi State University. This passcode is good for one-time use.

  3. Generate a passcode through a hardware token/fob. This passcode is also good for one-time use. Contact the ITS Service Desk to request a hardware token.

What is autopush?

If autopush is selected during your setup, you will receive a message on your device to approve your authentication attempt automatically during the Central Authentication System (CAS) login. This is not the recommended method of 2FA.

What happens if I do not have my mobile device to log in?

Go to 2fa.msstate.edu and click "Generate a Two-Factor Authentication Passcode." This passcode is good for 24 hours.

What if I get a new smartphone or device?

If your phone number has not changed, go to duo.msstate.edu and click Add/Manage Device. Click "Enter a Passcode." (See “What is a Duo Passcode?” in the FAQ above to learn how to generate one.)  Click “Device Options," then click “Reactivate Duo Mobile." This will display a QR code for you to scan with the Duo Mobile App on your new phone. Tap the “+” button, and scan the QR code.

If you have a new phone number or tablet. Go to duo.msstate.edu and click "Add/Manage Device." Click “Enter a Passcode." (See “What is a Duo Passcode?” in the FAQ above to learn how to generate one.) Click “Add another device," then follow steps 6 – 11 in our Enrolling in Two-Factor Authentication article to set up your new device. Alternatively, see our Managing Devices article for Duo instead.

Can I have the Duo Mobile app on more than one device?

When enrolling in Duo, you are able to add multiple devices.

Is Duo required for VPN or was.msstate.edu?

Duo is required for Employee, Departmental, and Student log ins to the VPN and for log in to was.msstate.edu.

I have a mobile device, but my camera is broken. Can I still use my device?

Yes. Instead of activating Duo Mobile by scanning the QR code, click the link for “Or, have an activation link emailed to you instead." You will receive an email that will allow you to set up your device. You can also call the Service Desk at 662-325-0631 and they can send an activation link to your device via text/SMS message.



Article ID: 1513
Mon 1/7/19 1:35 PM
Thu 9/21/23 3:06 PM