Duo two-factor authentication is a required security step when logging in to a Princeton University application. This additional layer of security prevents anyone but you from logging in, even if they know your password. 

Getting started - Duo supported devices

Log-in options vary based on your devices. There are four log-in types with the following options:

1. Duo Mobile (recommended): Install the Duo Mobile app on your smartphone or tablet to sign-in with the following:

• • Duo Push – Receive a push notification from the app
  • Duo Mobile passcode – A six-digit code generated by the app

2. Passkey: Log in with a PIN, fingerprint, or facial recognition.

1. • Windows Hello – PIN, fingerprint scan, or facial recognition on Windows devices
   • Touch ID – fingerprint sensor on Apple devices
   • Face ID – face scanning feature on an iPhone or iPad
   • Device verification – Facial recognition or fingerprint sign-in on Android devices

3. Security key: a physical device that connects to your computer, like a USB drive.
4. Bypass code: When all other options are unavailable, a temporary code can be provided by the IT Service Desk after your identity has been confirmed.

Set up Duo for the first time

A computer is recommended for the initial Duo setup. A step-by-step video guide is also available here. 

1. Access the Duo Portal by visiting princeton.edu/duoportal from a computer.
2. Log in with your Princeton University (netID@princeton.edu) and password.
3. On the Welcome to Duo Security prompt, select Get Started.
4. When asked to set up your first device, select Duo Mobile to begin setting up Duo on your Apple or Android device. If you do not have a smartphone, you can select Windows Hello or Touch ID to enroll your University computer using this step-by-step guide. If you do not have a supported device, contact the IT Service Desk for assistance.
5. Enter the phone number of the smartphone where you’ll access the Duo Mobile app. If you’re enrolling a tablet, select I have a tablet instead.
6. On your phone or tablet, download the Duo Mobile app.
7. Open the app and scan the QR code from your computer screen. You may need to allow camera access or select the +Add button in the app if you have existing accounts. If you can’t scan the QR code, you can choose to Get an activation link instead.
8. After setup is complete, you’ll have the option to Add one more device. It’s recommended to add a passkey option such as Windows Hello or Touch ID, if available. To add mobile device passkeys, you’ll need to log in to the Duo Portal from the mobile device you’d like to enroll.
9. When you receive the Setup completed! message, select Log in with Duo to test your setup and view your enrolled devices in the portal.

Set up Duo on a service account

Follow the enrollment steps by logging in with the service account credentials.

1. Access the Duo Portal by visiting princeton.edu/duoportal from a computer.
2. Log in with your service account (netID@princeton.edu) and password.
3. On the Welcome to Duo Security prompt, select Get Started.
4. When asked to set up your first device, select Duo Mobile to begin setting up Duo on your Apple or Android device. If you do not have a smartphone, you can also select Windows Hello or Touch ID to enroll your University computer using this step-by-step guide.
5. To enroll a phone or a tablet, select I have a tablet. Do not enter the phone number even if that's where you’ll access the Duo Mobile app. 
6. If the Duo Mobile app is not already installed, download it on your phone or tablet.
7. Open the app and scan the QR code from your computer screen. You may need to allow camera access or select the +Add button in the app if you have existing accounts. If you can’t scan the QR code, you can choose to Get an activation link instead.
8. When adding the account to the Duo Mobile app, rename the new account from the default of Princeton University to distinguish it from other accounts.
9. After setup is complete, you’ll have the option to Add one more device. It’s recommended to add a passkey option such as Windows Hello or Touch ID, if available. To add mobile device passkeys, you’ll need to log in to the Duo Portal from the mobile device you’d like to enroll.
10. When you receive the Setup completed! message, select Log in with Duo to test your setup and view your enrolled devices in the portal.
11.  If the account is shared, select Edit to Rename the device and identify it as yours.

For shared service accounts, after the first user enrolls in Duo, all users with the account password will be able to Add or change Duo enrolled devices through the Duo Portal.

If multiple users are logging in to the same account and Duo is automatically attempting the last method used, contact the IT Service Desk to update your account settings and allow each user to choose their own option at log in. Never provide a Duo passcode or accept a Duo push on behalf of another user.