Post banner
DevSecOps 4 Min Read

How Your End Users Can Enable Their Mobile Phones to Act as 2FA Devices, Part 3

This is the third and final post in our series on using 2-Factor Authentication (2FA). In the first, we talked about why you need to replace SMS as a means of achieving 2FA, and introduced Duo Security as an effective way of doing this. In the second, we gave guidelines for setting up Duo Security at your organization.

But until you’ve made it easy for your end users to activate 2FA, your job isn’t complete, and your organization’s online assets aren’t as secure as they should be.

With that in mind, this post is really a mini guide that your end users can use to learn a little bit about what 2FA is, why it’s important, and how to set up their mobile phones to act as 2FA devices. The guide has just enough information on 2FA so they’ll understand how it protects their online data, and then it walks them through the process of activating Duo Security on their mobiles. Along the way, we’ve included a few tips on setup options that will make the process easy to follow.

Note: This is the third in a series on 2FA. The following are Parts 1 and 2:

End-User Guide:
How to Install & Activate Duo Security on Your Mobile Phone

Note: Feel free to use this guide in your company, personalizing and branding it as you see fit. For starters, where we have used the generic term, “Our Company”, you can insert your company’s name.

 

Our company has implemented a program that will make your online information more secure. It uses a software application called Duo Security to achieve something known as a 2-Factor Authentication (2FA) system. The purpose of this guide is to tell you how to set up a Duo Security account on your mobile phone. This will ensure that you, and only you, will be able to access your online files.

Did someone just say: “What is 2FA and why should I care?”

Given that passwords by themselves are often inadequate for protecting sensitive information (they’re leaked or stolen or too weak), 2FA provides an added layer of protection. It verifies a user’s identity by using a combination of two separate components (typically, something you know and something you possess).

Let’s take an example that you’re already familiar with. Every time you use an ATM, you use a form of 2FA:

  • Factor 1: Something you possess (your bank card)
  • Factor 2: Something you know (your PIN number)

No one else has this exact combination (unless you’ve shared your PIN which, of course, you’d never do!!).

At our company, you’ll use your mobile phone to do the same thing that your bank card does, and Duo Security will do the rest. When Duo Security is installed on your phone, the system will know your identify and will only allow you to access your online files.

Now let’s get Duo Security installed on your phone.

Setting up Your Duo Security Account

You should have received an email similar to the one below inviting you to create your Duo Security account.

image02.png

 

  1. Click on the enrollment link. The welcome screen appears (see below), and you’ll be guided through the process of registering your mobile phone.
  2. Click Start setup to begin the process. You’re presented with a list of devices you can enroll (see below). We recommend Mobile phone because it is likely to be with you at all times.
  3. Select Mobile phone, and click Continue.
  4. Select your type of phone, and click Continue.image11.png
  5. Enter your phone number. Note: Do not use parentheses, dashes, or spaces.
  6. Confirm that the number is correct in the checkbox. (This step makes sure that you catch any mistakes that would cause the setup to fail later.)
  7. Click Continue.image01.png
  8. You are directed to install the Duo Mobile app for your device. The mobile app is free and can be found in the Apple App Store or Google Play.
  9. Install the app, and then click I have Duo Mobile installed.
  10. Register your device: On your phone, open Duo Mobile, click the “+”, and view the QR code (blurred out below) via the phone. The phone will register automatically. Click Continue.image09.png
  11. After registering the device, enable automatically sending Duo Push notifications. When authentication is needed, your phone will automatically prompt you to authenticate.
  12. Click Save.
  13. Finish the enrollment process by scrolling inside the enrollment window to click Done. Note: This is a known UI issue, and Duo will fix it as they roll out updates to their self-service portal.image12.png
  14. Once the confetti rains, you are finished! You have enabled your mobile phone to act as a 2FA device.

Responding to a Duo Authentication Request

  1. When Duo authentication is needed, your phone will be notified. When you get a notification, make sure that you initiated the request. If you’re not sure why you were notified, deny the request.
    image00.jpg
  2. To approve a request, open the app and tap Approve. (Some services, though not all, allow you to approve from your phone’s lock screen.) Swipe left, tap Approve, and authenticate to your phone via passcode or thumbprint if that is enabled.