Duo Multifactor Authentication graphic

Your Digital Armor: Duo Multifactor Authentication

Article summary: Scammers are tricking UC Davis students, faculty and staff by sending fake Duo Push notifications—and some have lost thousands of dollars!  Stay safe by using Duo Multifactor Authentication the right way. UC Davis recommends secure, passwordless options like biometrics, security keys, or Duo Push—but never approve a Duo notification you didn’t start yourself. When used correctly, these methods can block more than 99% of account takeover attempts! Check out this article for step-by-step instructions and keep your account safe by approving only your own Duo login requests. 


With phishing and other scams on the rise and getting more sophisticated with the help of artificial intelligence, using multifactor authentication (MFA) can provide an extra layer of security. UC Davis uses Duo to protect student, faculty and staff computing accounts, university websites, and services. Remember, never approve a Duo authentication request, such as a Duo Push, that you did not initiate!

Instead of just using a password or passphrase to get into your account, the Information Security Office (ISO) recommends using biometrics like Touch ID, Face ID, Duo pushes, or hardware security keys to verify your identity. Even if AI-boosted scams trick you into giving up your password, it isn’t enough to breach your account if you have Duo enabled and use it securely.

Follow the directions below to take protection of your university or personal accounts to the next level with Duo. 

Get Started with Duo

To enroll in Duo, follow these steps.

  1. Go to computingaccounts.ucdavis.edu.
  2. Select Duo Multifactor Device Manager
  3. Authenticate with Duo
  4. Select Add a device. Most people use their smartphone, but you can also use a security key (a hardware security device that helps verify users' identities through multi-factor authentication.)
  5. Register a second device in Duo. You need a backup method in case your primary method isn't available or for when you upgrade your phone.
  6. Find additional information on getting started with Duo at: https://kb.ucdavis.edu/?id=02934 

Duo Passwordless Authentication Options 

How to use Duo Push

  1. Next time you are prompted to authenticate with Duo, if Check for a Duo Push doesn’t display, then tap more options.
  2. Tap Duo Push from the authentication options.
  3. Open the Duo Mobile App on your Duo-registered device to Approve the push notification. Be sure to always review the login request to make sure it is you trying to access your account. Do not authorize push notifications you are not expecting.

How to use hardware Security Keys 

(available for purchase at the UC Davis Bookstore)

  1. Log in to your service with your username and password.
  2. On the Duo prompt, select Other Options if security keys are not the default.
  3. Choose Security Key from the list of authentication devices.
  4. Insert your security key into your device’s USB port.
  5. Tap or press the button on your key when prompted.
  6. Verify the authentication request to gain access. 

How to set up Touch ID or Face ID on your mobile device

Please note, the steps may vary slightly depending on your device.  

  1. Once you have a mobile device added to Duo, visit to computingaccounts.ucdavis.edu on that mobile device.
  2. Select Duo Multifactor Device Manager
  3. Authenticate with Duo
  4. Select Add a device
  5. Select Face ID / Touch ID
  6. Tap Continue
  7. Ready to use the next time you need to verify your identity in Duo. 

For more information on passwordless authentication with Duo, visit: https://guide.duo.com/passwordless. 

Things to Remember

Duo, like a seatbelt in a car, if not used properly, it likely will not work as intended.  Duo, when used properly, it can protect you from bad actors. Remember to never validate an authentication request that you did not initiate or expect, even if it looks legitimate (any such unexpected requests should be reported to cybersecurity@ucdavis.edu). If you do receive such a request, change your UC Davis passphrase. Remember, receiving a Duo push that you did not initiate indicates that your password is compromised. 

Cybersecurity is the responsibility of everyone in the UC Davis community. By using Duo and moving to passwordless authentication options, you protect not just your data, but the entire UC Davis network.

Find Support

If you have questions about Duo or need assistance, contact IT Express in one of three ways: 

  1. Call 530-754-4357 during open hours 7am-6pm Monday through Friday; closed during university holidays. For after-hours. DUO help including weekends and holidays, please call 530-754-4357 and select option 2. Please note there could be a wait.
  2. Start a support ticket and track your ticket through the Service Hub.
  3. Email ithelp@ucdavis.edu or chat https://iet.ucdavis.edu/support

If you work for UC Davis Health, contact the UC Davis Health Technology Operations Center at (916) 734-4357.

Additional Resources