Duo Enrollment Options Which option is best for me?
Duo’s MFA product combines multiple factors of authentication to provide robust security that is flexible for you, but rigid against threats.
KBR strongly recommends the “Software Token” Duo Mobile app for all employees. This is a software application that can be installed on a personal mobile device. Additionally, using the Duo Mobile app allows you to set up an offline token in the event you find yourself unable to connect to the network or the internet or network, but still need to access your computer. You do not have to request access to the Duo Mobile app. Additionally, Duo Mobile makes authenticating fast and friendly by using a "Push" functionality.
Installing the Duo Mobile app does not give KBR access to your personal mobile device. Duo Mobile is not a KBR application.
If installing the mobile app is not for you, don't worry, we have other options! Check them out below!
Option 1: [Recommended] Duo Mobile App “Software Token" Supports Offline Login
Option 2: Phone Number (SMS Text or Phone Call) Does Not Support Offline Login
Option 3: One-Time Passcode [OTP] “Hardware Token" (Physical Key Fob) Does Not Support Offline Login
Option 4: Fast Identity Online [FIDO] Security Key Supports Offline Login
Here's how Duo Security works with KBR:
1. User initiates login: When a user tries to log in to a KBR computer or an application, they enter their username and password as usual.
2. MFA request: After entering their credentials, the user is prompted to provide an additional authentication factor. This can be done through various methods, such as receiving a push notification on their smartphone, entering a one-time passcode sent via SMS or phone call, or using a hardware token.
3. Verification: Once the user provides the additional authentication factor, Duo Security verifies its validity. This ensures that the user is who they claim to be and adds an extra layer of security to prevent unauthorized access.
Send Push: This method will only work if Duo Mobile was enrolled. This is the fastest and most convenient way to authorize login attempts, however, if you are in a work environment that does not allow for mobile devices, this method may not be best for you.
Call Me: This method will work if you enrolled Duo Mobile or if you only enrolled phone number during the enrollment steps. The call me option only (no Duo Mobile) does not allow for offline login if you are without internet or network connection.
Enter a Passcode: This method will work with both the OTP and FIDO Security keys. These have to ordered separately via a Duo Token DASH Request and are registered by an IT admin prior to handing it over to you. For OTP, enter the rotating 6-digit code that appears on the physical device. For FIDO, it should be entered into your USB port and touched on the touch point. OTP does not allow for offline login if you are without internet or network, but FIDO does.
Remember me for 12 hours: Select this if you want to be asked for authorization less, each time you log into the computer. If you move to another network or reboot your computer, you will be prompted again.
4. Access granted: If the authentication factors are successfully verified, the user is granted access to the KBR system or application. Otherwise, access is denied. By implementing Duo Security, KBR can significantly reduce the risk of unauthorized access to its systems and protect sensitive data from potential threats.