Download the Duo Mobile app to your phone. Find it by searching for "Duo Mobile" in the Apple App Store or Google Play, or use the links below. 

• Duo Mobile for iPhone and iPad (App Store)
• Duo Mobile for Android (Google Play Store)

Make sure you are downloading and installing the app on your phone, not on your laptop or other device.

1. On a computer, go to start.nyu.edu and select Log In. Log in with your NYU NetID followed by @nyu.edu (e.g., abc123@nyu.edu) as your username and then enter your password on the next screen.
2. Read the "Welcome" screen text, and then select Next to move through each card.
3. For Preferred authentication method, select Duo Mobile.
4. Enter your smartphone number, select Add, then Confirm.
5. You will see instructions guiding you through downloading the Duo Mobile app. These steps should be completed using your phone, but keep the computer screen open—you'll need the QR code that will be displayed there. Watch the video below to see what the process looks like.
   • After you have downloaded and installed the Duo Mobile App on your phone, open it, select + Add, then select Use QR code.
   • Use your phone to scan the QR code on screen displayed on the computer. This confirms the enrollment.
6. On the computer, you should see a link to Add Another Device. Select that link and proceed to step 3.

Adding more than one device that you can use to complete NYU MFA is important. If you don't have your primary device with you, you'll be able to use this other method and avoid being locked out.

Follow the on-screen instructions to set up the second device of your choice.

Your second device can be anything you'll have in your possession most or all of the time. This second device could be a tablet, a second smartphone, a smartwatch, a purchased security token/key, or a laptop equipped with fingerprint authentication (Apple TouchID, Windows Hello, or Android Secure Login).

Don't have another device?
If you don't have another device you can set up for MFA, there are additional options, though they may involve additional cost.

Once you've finished setting up your phone with Duo Mobile and an additional device, test the process and make sure it works the way you're expecting. The easiest way to do this is by logging in to NYUHome.

If you run into an issue and can't complete the login and MFA, see the tips below for some possible solutions.

If you don't have a smartphone, you can set up MFA to use a device such as a computer equipped with fingerprint authentication, a tablet, or a security token/key.

Remember that whatever you choose you'll need to have with you at all times, otherwise you won't be able to complete the MFA authentication process.

• If your need to authenticate is not urgent, please wait until you're back with your MFA device and complete authentication then.
• If you urgently need to complete MFA and can't do so because you don't have your device with you, contact the NYU IT Service Desk to request a one-time Bypass Code.

You should always have at least one MFA device with you at all times in order to avoid being unable to complete authentication.

You can add a second method (and more) at any time.

If you set up MFA with the Duo Mobile app on your phone
Follow the instructions for adding an additional device.

If you set up MFA with fingerprint (Apple TouchID, Windows Hello, or Android Secure Login)
As long as you have the device with you, you can complete MFA then follow the instructions for adding an additional device. Don't have your device nearby? You can update your MFA settings when you do have it.

If you don't have your fingerprint device with you and need to complete MFA immediately, contact the NYU IT Service Desk to obtain a one-time use Bypass Code.

If you purchase a new phone and service or a new SIM card, your phone number will not be the same as the number for your home country. Make sure you set up MFA to use the phone number you will have while at NYU and that you always have it with you.

If you already enrolled a phone with an international number, don't have it or can't use it in the United States, and you didn't set up a second device, you can use the Duo Mobile passcode within the Duo Mobile app.

If you're unable to generate a Duo Mobile passcode, contact the NYU IT Service Desk to request a one-time use Bypass Code.

Instructions for setting up MFA with fingerprint authentication (Apple TouchID, Windows Hello, or Android Secure Login) can be found below.

However, you should set up Duo Mobile on your phone as well (and before setting up fingerprint). One of the most common MFA issues is setting it up only with fingerprint, and then not having that device with you when you need to authenticate.

Set up MFA on at least two devices and make sure you have one of them (most likely your phone) with you.

To add your phone and Duo Mobile to your MFA options, follow the instructions for adding a device. Please note that you will need to have your fingerprint-enabled MFA device available so you can complete the process.

To avoid potential issues with MFA, it's important to set up at least two devices and make sure you have one of them with you at all times.

To manage a device, you will need:

• A device you have already set up for MFA
• The device you want to add
• An internet connection

Instructions

1. Go to the NYU Start Page in a private or incognito window and select Log In. This ensures you will be prompted for MFA. 
   • Chrome: from the top menu select File > New Incognito Window
   • Safari, Firefox: from the top menu select File > New Private Window
2. Log in with your NYU NetID followed by @nyu.edu (e.g., abc123@nyu.edu) as your username and then enter your password on the next screen.
3. Duo will prompt your default MFA method, but select Other Options instead of authenticating.
4. Select Manage devices.
5. Verify your identity with an existing MFA option.
6. To add a new device:
   • Select Add a device and then follow the instructions for setting up the device you want to add.
7. To rename or delete a device:
   • Select Edit to the right of the device you wish to change, then choose an option from the menu that opens.

To use your Apple Watch as an NYU MFA device, you have to have already set up your iPhone with Duo Mobile.

Once your iPhone has been set up:

1. Open the phone’s Watch app to enable Apple Watch notifications for Duo Mobile.
2. Tap My Watch and scroll down until you see an entry for Duo.
3. Turn the Duo setting on by tapping Show App on Apple Watch.

Once connected, login request approval from an Apple Watch will be available.

Note: Duo notifications will only be sent to your Apple Watch when your phone is locked. Notifications will not go to your Apple Watch when your phone is unlocked. Apple Watch support requires Duo Mobile 3.8 or later. To see which version of Duo Mobile you have installed, go to the Settings menu of your device, scroll down to Duo Mobile, and tap System Info.

1. Go to the NYU Start Page in a private or incognito window and select Log In. This ensures you will be prompted for MFA. 
   • Chrome: from the top menu select File > New Incognito Window
   • Safari, Firefox: from the top menu select File > New Private Window
2. Log in with your NYU NetID followed by @nyu.edu (e.g., abc123@nyu.edu) as your username and then enter your password on the next screen.
3. Duo will prompt your default MFA method, but click Other Options instead of authenticating.
4. Select Manage devices.
5. Verify your identity with an existing MFA option.
6. Click Device Options next to your registered mobile device. From there you can update your number.

To use your fingerprint via Apple TouchID, Windows Hello, or Android Secure Login, follow the on-screen instructions. Make sure you have the following:

• Your phone with Duo Mobile already set up for NYU MFA.
• a device with Apple TouchID, Windows Hello, or Android Secure Login. Note that you need to have already registered your fingerprint with the appropriate service provider.

Follow the instructions above for adding a new device/method. After setting up the appropriate fingerprint option, you'll be able to use the fingerprint sensor on your device when prompted to sign in.

A Duo Mobile Passcode works similarly to Push notification in Duo Mobile but the app generates a code you then type in. Duo Mobile Passcodes are good for a single use. To complete an additional authentication, you will need to generate a new passcode. Note that these passcodes also expire after 30 seconds, at which point the app automatically generates a new passcode. 

• Instructions: Using a Duo Mobile Passcode

NOTE: A Duo Mobile Passcode is not the same thing as either:

• A Bypass Code, which is a single-use code issued by the IT Service Desk for emergency purposes only, such as when you find yourself locked out of your account because you don't have your MFA device with you.
• A Text Message Passcode, which, as described in the FAQ below, is sent via SMS text. This type of passcode is the least secure method of completing NYU MFA. If any other option is available to you, you are strongly encouraged to use it instead.

You can purchase a security key or hardware token for use with NYU MFA. NYU IT does not provide hardware tokens or security keys to NYU community members. However, you may work with your schools or administrative unit to acquire one or purchase one yourself.

For additional information, including recommended brands, see the knowledge article, Purchasing and activating a security key or hardware token for NYU Multi-Factor Authentication (MFA).

Follow the instructions below if you want to complete NYU MFA with a single-use passcode sent to you via text (SMS). Before you can use this method, you have to set up your phone number in NYU MFA.

Sending a passcode via text (SMS) is the least secure method of completing NYU MFA. If any other option is available to you, you are strongly encouraged to use it instead.

1. When visiting any NYU MFA-protected site or service (such as NYUHome), log in with your NYU NetID followed by @nyu.edu (e.g., abc123@nyu.edu) as your username, then enter your password, then select Approve with MFA (Duo).
2. If you are prompted to complete MFA using any method besides a text message passcode, select Cancel, then on the MFA authentication page, select Other options.
3. In the list of available options, select Text message passcode.
4. You will receive a text message with the MFA code. Enter it in the authentication field.
   
   Note: Each text message passcode can only be used once. If you need to authenticate again, you will need to repeat these instructions to text yourself a new passcode. 

Most phones from other countries will not work in the United States unless you have an international plan. This means if you're coming to New York from abroad, or if you are traveling abroad from New York, you'll need to make arrangements for a compatible phone. There are a few options:

1. Set up your phone with the Duo Mobile app and use the Duo Mobile Passcode option to authenticate while connected to a Wi-Fi service (such as NYU Wi-Fi).
2. Purchase a new phone and data plan. This could be a full account or a pay-per-use phone.
3. If you have the option, you can purchase and install a US-compatible SIM card (not possible with iPhones; possible with certain models of Android).

For options two and three, you'll get a new US phone number. Make sure you set up MFA to use that phone and number.

If you purchase a new phone and service or a new SIM card, your phone number will not be the same as the number for your home country. Make sure you set up MFA to use the phone number you will have while at NYU and that you always have it with you.

If you already enrolled a phone with an international number, don't have it or can't use it in the United States, and you didn't set up a second device, you can use the Duo Mobile passcode option with the Duo Mobile app.

If you're unable to generate a Passcode, contact the NYU IT Service Desk for assistance.

To make sure you can still complete NYU MFA even if you don't have your primary device with you or you discover your international phone doesn't work, set up MFA on at least one other device, such as your laptop, Apple Watch, or tablet.

Yes, devices with no US data plan can still be used for NYU MFA. To do so, set up your phone and Duo Mobile (see instructions above if you have not already done so), and select Duo Mobile Passcode as your authentication method.

Tip: NYU Wi-Fi is available at all NYU locations

NYU MFA is the lock on your NYU account, and your MFA device is the key. You wouldn't leave home without your keys, so make sure you always have at least one of your MFA devices with you at all times. 

If you are traveling to NYU Shanghai and China, you will need a different version of Duo Mobile for Android. See Duo support for more information.

1. If you haven't already done so, follow the instructions above to install and set up the Duo Mobile app, then return to this FAQ.
2. When you are presented with the NYU Login screen for an online NYU service such as NYUHome, log in with your NYU NetID followed by @nyu.edu (e.g., abc123@nyu.edu) as your username, then enter your password, then select Approve with MFA (Duo), if prompted to verify your identity. 
   • Using Duo Push
     • If you have previousy used the Duo Mobile app and Duo Push to authenticate, a Duo Push may automatically be sent to the app on your phone or tablet as soon as you select Log In. If not, select the "Other Options" link on the MFA Authentication screen, then select Duo Push. 
     • If your phone or tablet is set to display Duo Mobile notifications, you will see an alert as a pop-up or in your device activity bar. Open it and tap Approve.
     • If you have notifications turned off, open the Duo Mobile app. You will see a pop-up alert that asks if you are logging in. Tap Approve. 
   •  Using a Duo Mobile Passcode
     • Once you select the Passcode option on the Duo MFA Authentication screen, you will see a prompt  to enter a passcode. 
     • Open the Duo Mobile app on your phone or tablet then select New York University. A 6-digit passcode will display.
     • Enter that passcode on the MFA authentication screen then select Log In.
3. You will then be logged into your service.

• If your need to authenticate is not urgent, please wait until you're back with your device and complete MFA then.
• If you urgently need to complete MFA and can't do so because you don't have your device, contact the NYU IT Service Desk to request a one-time Bypass Code.

You should have at least one MFA device with you at all times in order to avoid being unable to complete authentication.

If you're unable to install Duo Mobile on your phone or use any of the standard methods for MFA authentication, you can purchase a security key or hardware token for use with NYU MFA.

NYU IT does not provide hardware tokens or security keys to NYU community members. However, you may work with your schools or administrative unit to acquire one or purchase one yourself.

For additional information, including recommended brands, see the knowledge article, Purchasing and activating a security key or hardware token for NYU Multi-Factor Authentication (MFA).

For most NYU services, your MFA authentication lasts for seven days. However, some services and systems require additional security, meaning that you may need to complete MFA again even if you recently completed it.

If you ever need to use an MFA method other than your primary or default setting, select Other Options on the MFA authentication screen A list of alternative options available to you will appear in a browser window. 

• If your need to authenticate is not urgent, please wait until you're back with the device you set up and complete MFA then.
• If you urgently need to complete MFA and can't do so because you don't have your device with you, contact the NYU IT Service Desk to request a one-time Bypass Code.

You should always have at least one MFA device with you at all times in order to avoid being unable to complete authentication.

A Duo Mobile Passcode is a standard option for NYU MFA generated in the Duo Mobile app. It can be used to complete MFA at any time and is especially useful if you have unstable or no internet connection.

• Note: Duo Mobile Passcodes are different from and more secure than Text Message (SMS) Passcodes, which aren't recommended.

A Bypass Code is issued by the NYU IT Service Desk upon request. It's for use only in emergencies when you don't have your MFA device and urgently need to authenticate. If your need is not urgent, please wait until you have your MFA device with you and authenticate then, rather than contacting the NYU IT Service Desk for a Bypass Code.

Both Duo Mobile Passcodes and Bypass Codes can only be used once. For Duo Mobile Passcodes, you will have to generate a new one using Duo Mobile every time you need to authenticate. For Bypass Codes, you should not need to use it more than one time, but if you do, you will have to contact the NYU IT Service Desk to request a new one.

A Bypass Code is issued by the NYU IT Service Desk for emergency situations in which you don't have a way to complete MFA authentication. It will only work one time. You can't reuse it for multiple authentication requests (for example, if you also have to log into a secure service) or after your MFA session expires.

If you still need a Bypass Code, you will have to contact the NYU IT Service Desk to get a new one.