WashU 2FA Frequently Asked Questions

Duo—an industry leader in easy-to-use, world-class security platforms—developed Duo 2FA, a two-factor authentication service that utilizes a secondary device such as a phone or tablet to confirm your identity when you access sensitive information, such as that contained in the university HRMS application. This service provides enhanced security and protects you in the event that someone manages to obtain your login credentials.

Two-factor authentication commonly works by asking for something you know (your password) in combination with something you have (your mobile phone) to confirm your identity across a variety of account activities–such as accessing your accounts from new devices, verifying transactions, or recovering your accounts.

Use of WashU 2FA is required: when accessing WUSTL Key Single Sign-on (SSO) from any non-trusted network and when accessing the WashU CFU User VPN login portal from any network.

The WashU 2FA service is for current WashU employees, students, and anyone (parents, university partners, vendors, visitors and/or contractors) who may access the services listed above.

No, enrollment for access to identified systems is mandatory.

Yes! You can enroll your mobile phone, your landline phone, and your tablet.

Yes. Open the Duo app on your smartphone or tablet and select the Duo key icon in the upper right-hand corner of the screen to generate a passcode. Generating passcodes does not send any kind of message or use data and you can generate passcodes even when you are not connected to a network. Using Duo to generate passcodes will not incur any data or text messaging costs.

Yes. In the Duo mobile app, simply click the key on the upper right-hand side of the screen or select the Generate Passcode button on Microsoft OS devices to generate a numeric passcode that you can use without a network connection. Alternatively, you can use the Duo text passcodes feature to generate a list of single-use passcodes that you can use if you won’t have access to your phone at all.

The second factor of authentication is separate and independent from your username and password. Duo never sees your password.

Yes. Duo accepts international phone numbers.

Duo 2FA devices cannot be registered to more than one person. If you are trying to add a device (such as a home phone) that is shared with someone else, and that device has already been registered to another person, you will receive an error message.

WashU 2FA Duo registrations are refreshed every 24 hours.

Lost or stolen mobile computing devices must be reported to the Privacy Office or the Information Security Office immediately. This shall occur before the user of the device cancels the service with the provider. You can review the Mobile Device Security Policy here. You must also log in to the WashU 2FA service and unenroll the device.

Please call the WashU IT Service Desk 314-933-3333 to verify information and have the old device removed.

  1. Visit the enrollment wizard to access the enrollment wizard.
  2. Scroll down and select manage enrollment.
  3. Choose an authentication method other than Send Me a Push
    1. Option 1:
      1. Select Call Me and then follow the instructions from the automated call.
    2. Option 2:
      1. Select Enter a Passcode.
      2. Select Text me new codes.
      3. Once you have received the code(s) via text, enter one of the codes into the field and then select Log In.
  4. Select add another device and then Continue.
  5. Select your device type and then Continue.
  6. Enter your phone number.
  7. Select the checkbox next to: (XXX) XXX-XXXX This number already exists, replace it?
  8. Select Continue.
  9. Choose your device type and then Continue.
  10. The next screen will prompt you to download the Duo app to your new phone.
  • If you have not installed the app, install it on your new phone and then select I have Duo mobile installed.
  • If you have already installed the app, immediately select I have Duo mobile installed.
  • After you select I have Duo Mobile installed, you will have to activate Duo on your new phone by scanning the barcode on your computer screen.
    1. Open the Duo Mobile app on your phone.
    2. Tap the “+” button.
    3. Hold your phone up to the computer screen to scan the barcode.
    4. Once scanned, a green checkmark will appear across the barcode. Select Continue.
    5. You will be redirected back to the My Settings & Devices screen.

  • Your new mobile device connection is complete.


While the app transfers from device to device, the configuration of each device are specific and will need to be reactivated on new devices.

Due to recent telephony restrictions by the Chinese government, effective April 11, 2019, Duo is no longer able to deliver automated phone calls for authentication to users with +86 numbers. All other authentication methods, including phone-based options such as Duo Push and SMS passcodes, are not affected.

Users with +86 phone numbers will receive an alert regarding the issue each time they access an application that displays the web-based Duo Prompt. Here is the message they will see:
Here is the link in the above image: “Click here for more information

Should you need immediate assistance, please contact the Service Desk at 314-933-3333.


In the DuoMobile App, there is a key next to WashU2FA- clicking this key has a hidden code. You can request to be texted codes (list of 10) prior to leaving cell service and they can be used in order. You can also call the WashU IT Service Desk and request a one-time use one-hour expiring bypass code.

Mobile Push Mobile Passcode Phone Code SMS Text Message Temporary Passcode
Enroll a smartphone (recommended) X X X X
Enroll a tablet X X
Enroll a basic cell phone X X
Enroll a landline phone X
Call the WashU IT Service Desk (314) 933-3333 X

Call the WashU IT Service Desk and request a Duo passcode. Log in as normal, when you get to the Duo Authentication screen (if your default method is a push allow 60 seconds for it to expire) enter the provided code and select Log In. (see Method 3 under Duo Authentication Manual Request Methods for more information)