Duo Security MFA

As part of the South Texas College information security strategy, we are enforcing multi-factor authentication to protect remote access to sensitive systems. Duo Security MFA will be used to ask individuals for a second confirmation of their identity at login using a physical device in their possession, such as a smartphone.

Watch Video: What is Two-Factor Authentication?

Enroll or manage Duo devices:

Device Management Portal
(STC Network Only)

Duo user guides:

NOTE: A few of the features shown in the guides have been modified to align with the college’s information resources security policies.

  1. Enrollment
  2. Authentication
  3. Add New Device
  4. Settings & Devices
  5. Using Append Mode (not supported by all services)
  6. Duo Push Demonstration
  7. Troubleshooting Common Issues

Enabling Push Notifications: For faster authorization of your protected login request, verify that the Duo Mobile app push notifications are enabled: iPhone | Android.

FAQs

  • What if I change or reset my mobile phone but keep the SAME number?

    You may log into the device management portal (STC Network Only) and add your new device. You will have to elect to receive a phone call or SMS code. Do not forget to remove your old device.

  • What if I change my mobile phone number?

    If you change your mobile number, you will not be able to use your phone as a verification method until it is re-registered with Duo Security MFA. You will need to email isphelp@southtexascollege.edu for assistance in registering your new number. It is important that you notify us if your phone was lost or stolen.

  • What if my mobile device is not a smartphone?

    The use of the Duo Mobile app on a smartphone is the recommended method, the easiest to use, and the most cost-effective for the College. On non-smartphone devices, Duo Security MFA can be set up to call your registered mobile phone number for confirmation of your identity. Duo Security MFA can also send a unique SMS text code to your registered mobile phone number to be used for confirmation of your identity. If you own a non-smartphone device, select the “Other” option during the Duo Security MFA enrollment process when prompted to verify the type of phone associated with your number.

  • What if I do not have my mobile phone with me?

    If your mobile phone is set up as the only verification method, then you will not be able to verify your identity. You can set up an alternate authentication phone number using the device management portal (STC Network Only) if you plan to be without your mobile phone for an extended time period. Follow the add a new device guide for instructions on how to set up an alternate authentication phone number.

  • What if I need to travel outside of the country or to an area that will not have cellular service?

    You may request a temporary security token that can be used offline.

  • Does using SMS passcodes pose a security risk?

    Current digital authentication guidelines no longer support SMS messages as a second factor for authentication. This is due to the risk that SMS messages may be intercepted or redirected by a threat actor. Notice will be provided if the recommendation is made to mitigate this security risk and disable this option.

  • What if I am locked out of my Duo Security MFA account?

    Excessive failed attempts at authenticating with Duo Security MFA will cause your account to be locked out. An email alert will be automatically sent out to the STC information security staff. Your account will remain locked for 15 minutes or until STC information security staff can verify your identity and unlock your account.

  • What if I do not receive the Duo Mobile app push notification?

    The Duo Mobile app requires an internet connection to receive the push notification. Verify that your mobile device has internet activity, or if your mobile device is connected to a WiFi network, disconnect from the WiFi network in case there are connectivity issues. For faster authorization of your protected login request, verify that the Duo Mobile app push notifications are enabled: iPhone | Android.

  • What if I receive an unsolicited Duo Mobile app push notification?

    You should only receive a Duo Mobile push notification when you are attempting to log into a protected STC information system resource. An unsolicited Duo Mobile app push notification could be an indicator of compromise of your STC account (username/password). Please report all unsolicited Duo Mobile app push notifications to isphelp@southtexascollege.edu.

back to top