NetID Account Management FAQ
NetID & Duo Account Management: Frequently Asked Questions
How do I find my NetID?
- Visit the Lookup NetID/Alt Email web page
- Enter the requested information (first name, last name, date of birth). The system will provide the requested information if the NetID exists. If no NetID is provided it is possible that the information was entered incorrectly or the account has not been created; if this happens, contact the Helpdesk at 518-564-4433 for further assistance.
How do I set or change my password?
- Visit the Set or Reset Password web page.
- Click on the link to “set or reset your password.”
- Enter the required NetID information in the form and click “search” to find the NetID and begin the password set or reset process. The process asks you to confirm an alternate email where a verification message will be sent.
- Upon receiving the email, click on the enclosed link to complete the set or reset process.
How do I choose a strong password?
Begin by considering the minimum requirements:
- Passwords must be at least eight characters long
- Passwords must contain characters from at least three of the following four categories:
- Uppercase characters (A-Z)
- Lowercase characters (a-z)
- Base 10 digits (0-9)
- Non-alphanumeric characters (For example, !, @, #, $, %, ^, &, *). It is recommended that passwords not start with a special character.
- The password cannot contain the username, even in leet speak.
Now improve your password strength:
- Create passphrases using leet speak, consisting of a number of words combined with characters and numbers. An example might be PlattsburghStrongSince1889!
How often should I change my password?
We strongly recommend that passwords be changed every six months at the very least. We also recommend that you change your password if an account compromise is suspected.
- What if I suspect my password has been compromised?
Can I share my password?
No. Passwords should be kept secret and should not be the same as any password used for any other account. If access to information is required for a parent or guardian, the student can set up a proxy view.
Duo Two-Factor Authentication Service
What is the login process and what does Duo do?
Login requires users to enter their NetID and password into our Central Authentication Service. This login process is protected by the Duo two-factor authentication service. Users will be required to authenticate with Duo to complete their login process.
- Go online to the MyPlattsburgh portal.
- Select Login to MyPlattsburgh.
- Enter your NetID and Password in the form to prompt the Duo login screen. You can
elect to complete your Duo authentication in one of three ways:
- by receiving a push through a smartphone using the Duo app;
- via a phone call;
- by entering a passcode from within the Duo app or by receiving a code from the Helpdesk.
How does Duo authentication work?
Duo two-factor authentication enables the campus to protect accounts that have access to sensitive information.
For example, in the case of a compromised password, an attacker would not be able to access an account because they don't have the “second factor,” which is usually a device that the account owner has with them or has access to.
Once your account is enrolled in the Duo process, you will be required to add a “device” to Duo that is your secondary means of authentication. When you login to the central authentication system, you will be required to take action on this device. Currently, we are supporting individuals enrolling the following devices
- Smartphones (via apps on iOS, Android, Windows Phone, Blackberry)
- Cellphones (using SMS or telephone call)
- Landlines (using telephone call)
- YubiKey U2F (specialty USB device, blue version, limited quantities or personal purchase)
We strongly recommend the Smartphone app. The app works as long as your cell phone has power, you don’t need cell coverage or even wifi connectivity for it to function. However, if necessary, SMS (text) messages and phone calls can be used to authenticate your login.
You can have one or multiple devices enrolled to your account. You can also have multiple accounts enrolled with the same device (for instance, a specialty account or vendor account you may have access to).
How do I enroll my device?
Download the Duo app for your smartphone. If you do not have smartphone, contact the Helpdesk at 518-564-4433 for assistance. You can find the app by searching “Duo Mobile” on your devices app store, like the Google Play store or Apple App store. Direct links for iOS and Android are below:
Authenticate to any SUNY Plattsburgh application as you normally would.
Click the “Start Setup” button to begin the enrollment process.
Choose the device you wish to add. A mobile phone is recommended. Scroll down to “More Information” to learn about other options.
Enter your mobile phone number. If you already have the Duo app installed for another organization, Duo moves on to verifying your identity. If not, Duo will send you a text with a link to download the app for your phone's platform. Scroll down to “More Information” below for direct links in the Apple App Store and Google Play Store.
Verify your identity by having Duo call or text you a special code.
Your device is added! Optionally, change your settings to have a push automatically sent to your phone when you authenticate. Then, click “Continue to Login.”
Finish logging in by testing your Two-Factor Authentication setup. One you complete this step, the “Bypass Duo for Now*” button goes away, and you will be required to authenticate with Duo each time you login to a SUNY Plattsburgh service. You can optionally click “Remember me for 8 hours” to not have to Duo authentication on your private devices for 8 hours.
Can I use the Duo app for more than just SUNY Plattsburgh two-factor authentication?
Yes! The Duo app is “Google Authenticator compatible”; this allows you to add third-party accounts. These accounts generally provide you with a barcode (a generated secret key) to synchronize your mobile device.
- Simply click the “+” button at the top of the screen when in the Duo app, and the app will open your mobile device’s camera to add an account.
- If a service provides you with a key to type in instead of a QR code, then simply choose the “No Barcode?” button below the camera scanner. Then choose the account you wish to add or “Other” if it is not listed. Type in the key when requested.
What if I do not have cell service or an internet connection and I need to authenticate?
When you install the Duo mobile app and setup your SUNY Plattsburgh two-factor authentication, you can also generate codes on demand. In the screenshot below you will notice a code for SUNY Plattsburgh; enter this code in the passcode area on the Duo authentication screen. It recycles after several seconds. The blue arrows icon allows you to recycle the code immediately. This feature requires no Internet connection.
For more information regarding Passcodes, see the Tokens and Passcodes page on the Duo documentation site.
What happens if I lose my mobile device or I've left it at home and need to authenticate?
Our Helpdesk staff can always help you to restore your Duo account. However, for self-help, Duo allows you to generate “backup codes” that you can write down and place in a safe place in the case of an emergency, such as when you have a broken or inaccessible mobile device.
To generate Duo backup codes, login to the SUNY Plattsburgh authentication portal.
When you go to this main login screen without logging into a specific service, you are taken to a portal with various account management links. One link is labeled “Generate Duo Backup Codes.” This link will generate five one-time use codes that are valid indefinitely.
Each time you request new codes, the old ones are recycled, and the new ones take their place. So, if you’re regenerating backup codes, don’t forget to throw away the old ones, as they are now invalid.
IMPORTANT: You must authenticate with a NetID and password as well as Duo to reach the portal. For security reasons we require re-authentication when retrieving backup codes. Therefore, generate your backup codes BEFORE there is a problem. Contact the Helpdesk at 518-564-4433 or [email protected] if you need assistance.
Duo indicates I'm locked out of my account what do I do?
Duo will lock your account for 30 minutes after 5 invalid attempts to DUO authenticate. You have 2 options to resolve this issue:
- Option one: Wait for the lock to expire and try again. DO NOT ATTEMPT to continue to login, as it will increase the time it takes for the lock to automatically expire. Stop login attempts after you receive the first lockout notice, then wait at least 30 minutes and try again. This is a self service option you can use after hours to login to your account.
- Option two: If lockout occurs during business hours, call or email the Helpdesk. A technician will verify your identity, unlock your account and, if necessary, provide a one-time-use bypass code to complete your login.
Can I manage my Duo-enrolled devices?
Yes. You have two options to manage your Duo enrolled devices. Both require that you authenticate.
- Option one: On any SUNY Plattsburgh Duo authentication screen, select the “My Settings & Devices” option.
- Option two: Go online to the SUNY Plattsburgh authentication portal. On the main login screen you will see various account management links. Select “Manage My Duo Devices” to be taken to the Duo settings.
In the account management screen you will be able to add new devices (e.g., an iPad or other tablet that has Duo Push capability), remove existing devices, and change settings (e.g., clicking “Device Options” next to your phone gives you the “Reactivate Duo Mobile” option; this is handy if you reset your phone to factory settings and need to re-enable Duo).
Where can I find general information about using Duo?
Duo’s “Guide to Two-Factor Authentication” is a great resource with information for all types of devices, including iPhone, Android, Windows Phone, and BlackBerry. The navigation on the left covers many common scenarios and devices.
How do I set a default device or add a new device with Duo?
To manage the devices configured with Duo, or to set a new default authentication device or option:
- Navigate to the SUNY Plattsburgh authentication portal.
- Authenticate with your SUNY Plattsburgh NetID and Password.
- Click "My Settings & Devices" and authenticate with Duo.
- You will see the My Settings & Devices page.
What is the recommended way to authenticate with Duo?
The Duo smartphone app is by far the best solution to use. It is available for all major smartphone and tablet systems, and it doesn't require a wireless connection if you simply use the generated code.
Duo Method: Mobile App* SMS Text Message Phone Call Hard Token Printed Codes How it works Duo app generates passcode Passcode sent via text message Duo calls your phone; you press 1 to login Hard token generates passcode. Be sure to prepare a token before you travel Generate printed codes at cas.plattsburgh.edu You need... Smartphone or tablet Phone with text messaging Any phone Duo hard token The codes (see above) Does it use data? No One text message One phone call No No Is a connection required? No Yes, cellular Yes, cellular or landline No No
*This is the recommended method.
- What do the push notifications look like on my device?
What data does Duo collect and who does Duo protect my privacy?
The Duo mobile app collects information from your device when you attempt to authenticate using that device. The data that is collected is not user-identifying, and is not used to track what you are doing.
Duo collects two types of information from you. The first type is used to provide information about your authentication attempts, such as your hardware model, operating system, unique user and device identifiers, connection information and IP address. The transmission of this information cannot be disabled.
The second type of information that the Duo Mobile app collects is analytical data such as how you use the Duo Mobile app, the screens you use within Duo Mobile, and the actions you perform. You can disable the collection of your Duo usage data. To do this, open the Duo Mobile app, go to Settings, and turn off Send usage data.
What about traveling internationally with Duo?
You still have access to all your Duo-protected applications when you're abroad. Before you travel internationally, if you're a faculty or staff member, refer to the SUNY Plattsburgh Travel Policy.
If I use my smartphone for Duo, will it use my cellular data? How much data does it
The mobile “Send me a Push” function uses the phone's Internet or cell connection, whichever is available. If you are on campus, you can connect through Eduroam for Wi-Fi, so Duo will not use your cell connection.
If you are not on Wi-Fi, the Duo pushes consume a tiny amount of data. Each push consumes less than 2KB of data, which means it would take 500 authentications a month to reach 1MB of consumption.
The “Enter a Passcode” function does not consume any data. If data consumption is a concern, we recommend using the passcode feature.
I can't login. Help!
If you have trouble logging in, first confirm the information being entered is correct.
- Make sure there are no spaces before or after a NetID.
- Check for correct capitalization in the password.
If possible, confirm that the issue affects multiple devices. If the issue persists, contact the Helpdesk at 518-564-4433 or by email at [email protected]. Our technicians will be happy to assist you.