skip to main content
Caltech
Information Management Systems and Services
IMSS  /  Services  /  Information Security  /  Duo Multi-factor Authentication  /  Authentication Methods

Duo Authentication Methods

All users must set up at least one Duo authentication method. If you are unsure about which method to use, IMSS recommends Duo Mobile Verified Push, which is secure, broadly compatible, and free to use with modern iOS or Android devices. Below are Duo authentication methods supported at Caltech, starting with the most secure at the top of the list.

Duo Mobile Verified Push

Duo displays a 3-digit code and sends a login request to the Duo Mobile app on your iOS or Android device. You review the request and enter the code to approve login. The Verified Push method is free but requires a compatible smartphone or tablet.

Platform Authenticators

Platform authenticators are built-in device authentication methods that must be used on the same device accessing a Duo-protected system. If your device supports this, set it up via the Duo Device Management Portal.

Platform authenticators are only supported in browser-based applications. They can not be used in command-line or Windows login authentications.

Roaming Authenticators (e.g. YubiKey)

Roaming authenticators can be used across multiple systems. If purchasing one of these devices, ensure it supports the WebAuthn standard. If you own a compatible device, set it up via the Duo Device Management Portal.

YubiKey

A YubiKey is a hardware device for Duo two-factor authentication. Models vary in capabilities—some function only as security keys, while others also generate passcodes. This is an alternate option for those who do not have or prefer not to use their smartphone or tablet device with Duo. While there is a cost to purchase a YubiKey, using it with Duo at Caltech is free.

Duo Mobile Passcode

Duo Mobile passcode is a secondary authentication option in the Duo Mobile app that generates passcodes for manual entry when prompted. While less convenient than Duo Mobile Verified Push, it works without an internet connection, making it useful when mobile data or Wi-Fi is unavailable.

These second-factor options are no longer considered secure and are not supported or recommended by IMSS.

  • Phone call
  • SMS
  • Duo Mobile Push without a verification code (exception: Duo for Windows login, where the verification code is not supported yet)
  • Hardware Token Passcode