![]() ![]() Use what works. If you plan to travel with a basic, non-smart phone, you can authenticate using a phone call or passcodes sent by text message. If you purchase a phone for use abroad or take a loaner, you can enroll that device in Duo and use it for two-factor authentication when traveling.Įnroll the device ahead of time. To enroll a new device, you'll need to authenticate using whatever Duo option you already have enrolled, so it's best to do that before your trip. You will receive multiple passcodes in a single text message. Text message. You will still need a cell phone connection, but a text message will often get through even when you have spotty data coverage. Hardware tokens are available at the Helpdesk. Hardware token. You can use a Duo hardware token to generate a passcode. The app can generate passcodes even when you do not have a cellular or Wi-Fi connection. There are three different ways to get an offline passcode:ĭuo Mobile app. Use the Duo Mobile app to generate passcodes on a smartphone or tablet. If you won't have a reliable cellular or Wi-Fi connection, or even access to a phone while traveling, plan to use passcodes. These small tokens can be inserted into a computer, or even tapped on a cellular device to be used to complete the Duo login challenge. Hardware security keys such as Yubikey, Google Titan Security Keys, or Feitian security keys are state-of-the-art authentication tools which provide strong security guarantees without requiring mobile network access. Plan options. Before your trip, plan which Duo 2FA options you will use and enroll in them if needed.Įnroll additional devices. If possible, enroll two devices in case your primary device is unavailable (lost, stolen, not available, dead battery, or malfunctioning). You may be able to use your regular option if you need to sign in to a protected system while traveling, or you may need to use alternative options depending on your travel plans. It's free, it works with all OATH TOTP-compatible servers (Google, Dropbox, AWS, etc.), it is well supported, and it does so much more (such as Duo Push, if and when you need it).Duo Two-Factor Authentication (2FA) offers multiple options to meet your needs when traveling. Google Authenticator does come with a PAM module but it is not enterprise grade by any means.īottom line: If you want to install an app on your mobile device that supports OATH TOTP, choose Duo Mobile. Google offers no service analogous to the Duo cloud service, nor is there a server-side app you can run on-premise (but check out an open-source OATH TOTP server developed by Chris Hyzer at Penn). Google Authenticator supports OATH TOTP as well but the similarity with Duo Mobile ends there. ![]() The two work together to provide a standard, offline, one-time password authentication protocol. One copy of the symmetric key is protected by the Duo Mobile app while another copy is protected by the Duo cloud service. In addition to Duo Push, the Duo Mobile app supports standard OATH TOTP, which requires a symmetric key. The latter is used to secure the active, online, Duo Push authentication protocol. Duo Mobile protects two secrets: a symmetric key and a 2048-bit public/private key pair. Duo Push is a capability of Duo Mobile on certain devices (iOS, Android, etc.). If I can't use Duo Push, then I may as well use Google Authenticator.ĭuo Mobile is a native mobile app.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |