There are several options that you may use for two-factor authentication. Please note that you are not restricted to a single method. In fact, having multiple devices and methods for two-factor authentication helps to ensure that you are always ready to authenticate when needed.

Duo Push

To use Duo Push, you must install the Duo Mobile app (a free app) on your phone or tablet. When you send a Duo Push, the Duo authentication screen will give you a three-digit (or longer in the case of enhanced authentication) code to type into your Duo Mobile app on your device. Duo Push uses a very tiny amount of data. For example, authenticating 500 times in a month would only consume 1 megabyte (MB) of data.

• Pros: Easy to use once you set it up; the push notification will automatically launch the Duo app once you start the authentication process.
• Cons: You must install the app on your phone or tablet and register the app at 2fa.uchicago.edu. You must have either Wi-Fi or cellular access to use Duo Push. There is a (very nominal) cost associated with Duo Push.

Biometric Identifiers

When you authenticate using a biometric identifier, you will be asked either for Face ID (Apple and Android devices) or Touch ID (Mac) or Windows Hello (PC) for fingerprint ID. Both fingerprint and facial recognition tools that are available on most newer devices can be registered with Duo and used for authentication. You’ll need to register your biometric identifier from the Duo prompt itself—biometric registration is not available on 2fa.uchicago.edu.

• Pros: If you have a newer device or computer, biometric identifiers are likely already built in.
• Cons: If you are not currently using the biometric identifiers on your device, you’ll have to configure them before you can use them for Duo authentication. Biometric identifiers tend to be associated with only one browser, so you may need to go through the registration process again from each new browser. 

Security Keys

When you authenticate using a security key, you’ll simply insert the key into your computer or device when you’re asked to authenticate and then tap the button on the key to send the security code. Some of the smaller keys can just stay plugged in to your computer. The University sells Yubikey security keys at the ID & Privileges Office, but you can use any security keys that are FIDO2 or WebAuthn compatible that are available on the market.

• Pros: Security keys are simple and portable. Security keys can be used for services outside the University that require two factor authentication.
• Cons: There is a fee to purchase a security key.

One-time Passcodes

There are two options for one-time passcodes.

1. Duo Mobile Passcode. The Duo Mobile app generates passcodes that refresh every 30 seconds. 

• Pros: Completely free option.
• Cons: Duo Mobile passcodes are not sufficient for enhanced authentication. You will need to have another option registered to use if you are asked to perform an enhanced authentication (all the other methods listed here may be used for enhanced authentication.) You must install the Duo Mobile app on your device.

2. You may download a list of 10 one-time passcodes from 2fa.uchicago.edu and use one each time you authenticate.

• Pros: Completely free option.
• Cons: You must either write out your codes or print them and carry them with you. It’s essential to keep your codes secure, so you can’t leave them lying out where they can be seen or used by others. You must download a new set of passcodes before you run out and each passcode can only be used once, so you need to track your usage.