All FAQs

Duo is the University of Maryland's solution for multi-factor authentication.

What is Duo?

What is Duo and MFA?

Multi-factor authentication (MFA) requires something you know (your UMID password) and something you have (like a smartphone or tablet app, or a mobile phone or landline phone) as an added layer of security to prevent anyone else from accessing your account. Multi-factor authentication is one of the most effective methods to prevent phishing, helping to protect you and the UMB community. Duo is the multi-factor authentication solution at UMB.

Why are we using Duo and MFA?

Passwords are essential for security and privacy, but they are often not enough. They can often be stolen, guessed, and hacked — you might not even know who else has your password and is accessing your account. Multi-factor authentication adds a second layer of security to your account to make sure that it stays safe, even if someone else knows your password, by using your phone or other device to verify your identity. You will be alerted right away (on your phone — mobile or landline — or tablet) if someone tries to log in using your password. This prevents anyone but you from accessing your accounts.

Who uses Duo?

  • All faculty, staff, and students are required to use Duo to access MFA-protected applications. 
  • Affiliates who are highly-privileged users of eUMB, SIMS/Banner, and ImageNow are required to use Duo. 
  • All VPN groups are required to use Duo to login to the VPN.
  • All users who access from off-campus are required to use Duo.

How do I use Duo?

How do I set up Duo?

The Duo Mobile app is required. You can find details about the Duo enrollment process here:

How do I add a new phone?

For step by step instructions, view DUO – Registering a New Device.

What if I do not have a mobile phone?

You can use a landline or a tablet. Duo also lets you link multiple devices to your account, so you can use your mobile phone, a landline, and/or a tablet. We suggest that you enroll more than one device for redundancy in the event that a device is lost or unavailable.

If none of these options is available to you, you can be issued a hardware token, or "fob." Please coordinate with your local school or department IT team for approval:

  • Central Administration - IT Help Desk
  • HS/HSL — M.J. Tooey
  • School of Dentistry — Kent Buckingham
  • School of Law — Mike Green
  • School of Medicine — Scott Stefan
  • FPI — Tia Stokes
  • School of Nursing — IT Help Desk
  • School of Pharmacy — Tim Munn
  • School of Social Work — David Pitts

How do I use Duo with a web browser?

If your account has been enabled to use Duo as the second factor, you will log in to the system as you usually do.  You will then be prompted to enter the second factor.

You will be prompted to select which Device you wish to use (Android, token, etc.) and to choose an Authentication Method (Duo Push, Call Me, etc.) depending on the device and method:

  • Duo Push: Duo will send a notification to the Duo app on your mobile device. You will then select Approve and Confirm.
  • Call Me: Duo will call the phone number and ask you to confirm or deny your identity.
  • Passcode: For more information on passcodes, visit here:

Below the list of authentication methods is a check box labeled "Remember me for 7 days." Select the check box if you want that device to be remembered for 7 days.

Here is the Duo login as seen in a Shibboleth-protected system, like the myUMB Portal:

 Check box remember me for 7 days to avoid auto logging out.


Here is the Duo login in Office 365, via, for a user who has not yet set up Duo. 

Clicking on Start Setup will step you through the Enrollment process, described in greater detail here:



Here is the Duo login in Office 365 for a user who has already set up Duo:


How do I use DUO with the VPN client?

The VPN client will prompt all users for Group, Username, Password, and Second Password. Options for Second Password include:

  1. push
    • this sends a DUO confirmation request to the DUO Mobile app on your phone or tablet
  2. passcode
    • enter the passcode generated on the DUO Mobile app or hardware token
  3. visit for alternatives to the DUO Mobile app

A screenshot of the login screen for VPN Duo.

To change the device settings for your DUO account, or to set up your DUO account for the first time, log in to and click on Multi-Factor Authentication.


What if I get a new mobile phone or erase the application from my existing phone?

If you get a new phone, you will need to reactivate Duo Mobile. This can be done through our Account Management site. When accessing the portal, you will need to complete the two-factor authentication process. If you have a second device, you can use it to authorize. Otherwise, you will need to choose the option to have Duo call your phone before you can reactivate Duo mobile.

What if I lose my mobile phone or it is stolen?

Contact the Help Desk via email or call 410-706-4357 immediately if you lose your phone or suspect that it has been stolen. The device will be disabled for authentication and you will be assisted in enrolling another phone/device.

While it is important that you contact the Help Desk if you lose your phone, remember that your password will still protect your account.

Should I enroll more than one device in MFA?

It is important to enroll more than one device (such as a smartphone and desk phone) in MFA to avoid difficulties authenticating if you lose or don’t have your only enrolled device with you.

To add a backup device, follow the procedures listed here -

What if I only have one device registered and it's not available to access my account?

We recommend that you have two devices registered with Duo in case one device is unavailable. In the event that you can't access your account due to your device(s) being unavailable, please contact the IT Help Desk via email or at 410-706-4357 for a temporary bypass code to allow access to your accounts.

How many chances will I get to authenticate?

You will have six chances to authenticate a request. After the sixth chance, your multi-factor account will be locked and you will not be able to access the system you are attempting to log into.

I am getting a message that I am locked out. What do I do?

Your multi-factor account will automatically unlock after 10 minutes. If you continue to have issues, you will need to contact the Help Desk via email or 410-706-4357 for assistance with your account.

What should I do if I get an authentication message and I am not trying to log in?

Deny the request and report the incident to the Help Desk immediately via email or by calling 410-706-4357.

I frequently travel internationally. How does this affect two-step verification?

If you travel internationally and need access to resources protected by Duo, you may wish to use a passcode as your two-step verification method. Using the Duo Mobile app (available for smartphones or tablets), you can generate authentication codes even if you don't have an internet, Wi-Fi, or cellular connection.

To generate a passcode using the Duo Mobile app, simply launch the app, then click on the key icon next to University of Maryland, Baltimore.

Duo Mobile PasscodeThen enter the displayed code when prompted for Second Password, or Enter Passcode.

You can find additional information on Passcodes here:

Please note that if you're traveling internationally (or have an international phone number) and are using SMS, or text messages, as your method of two-step verification, you may be subject to your carrier's roaming charges for SMS messages. Use of SMS is not recommended for international travelers.

Additional Information?

Which systems utilize Duo multi-factor authentication?

All MFA-protected applications, including myUMB Portal, Quantum, SIMS/Banner, ImageNow, and VPN require Duo.

Can I opt out of Duo?

No. Two-factor authentication adds a second layer of security to our online accounts. In an effort to keep your personal account information secure, we are requiring two-factor authentication on selected services.

Will Duo ask for my password?

Duo will never ask for your user ID and password. If you receive such a request, do not respond.