FAQ Spring 2025

Decorative
Switch to Duo Mobile app

Texts and phone callbacks to be discontinued 2/23

Learn more


Frequently Asked Questions - Spring 2025

The following FAQs provide additional information about the retirement of Duo text messages and callbacks to verify a user's identity. UC Davis recommends moving to the Duo Mobile app, which offers more secure login options, such as Duo Push.  Last updated: February 13, 2025

What changes are UC Davis implementing in spring 2025?

Text messages and phone callbacks will no longer be offered as login approval options for Duo effective Sunday, February 23, 2025. Duo is the two-step login tool in use at UC Davis and UC Davis Health.

  • If you are using the Duo Mobile app to verify your identity when logging in to UC Davis services, you do not need to take any action.
     
  • If you have not switched to the Duo Mobile app, you can enroll a smartphone or enroll a tablet today.
     
  • If you have the app but still use text messages or phone calls to complete your login, you can switch to Duo Push notifications.
     
  • If you do not have access to a smartphone, have accessibility needs, or your business processes require you to have an alternative to the app, you can use a security key, a Duo bypass code, request an accessibility-based accommodation or a cybersecurity exemption (more information available below).
     
  • If you are a faculty member on sabbatical or traveling outside of the U.S., please contact the appropriate support resource listed below. 

What is a security key?

A security key is a device that helps verify your identity as part of the two-step login process. Security keys are also known as hard tokens or Duo USB keys. Unlike the Duo Mobile app, which is free, security keys must be purchased (see below for more information). The Information Security Office (ISO) recommends FIDO2 compliant security keys in the following two models: the YubiKey 5C NFC and YubiKey 5 NFC models, available from the UCD Bookstore. 

What type of security key can I use with Duo at UC Davis?

The Information Security Office (ISO) recommends FIDO2 compliant security keys in the following two models:

YubiKey 5CNFCYubiKey 5 NFC
Photo of YubiKey 5C NFC
YubiKey 5 NFC
Works with newer devices that only have a USB-C port. It also works with USB-C ports on cellphones.Works with devices that require non-USB-C ports.

Where can I get a security key?

Students can purchase security keys from the UCD Bookstore.

Faculty and staff should contact the business office in their unit for guidance on next steps. Individual business offices may direct employees to the bookstore or order the security key via Aggie Enterprise CDW-G or Amazon Punchout. 

Be sure to purchase one the models identified above (YubiKey 5C NFC or YubiKey 5 NFC) as not all security keys will work in the UC Davis computing environment.

How do I use the security key with Duo?

You will need to register your device with Duo first. Once you complete this step, you can log in with your security key every time you are prompted to verify your identity. For step-by-step instructions, see: https://kb.ucdavis.edu/?id=03033

How often will I need to purchase a security key?

UC Davis follows recommendations from Duo, our multi-factor authentication provider.

You may need to replace your security key if there is a newly discovered security exploit, or if your key is lost, damaged, or stolen. New security threats may require you to replace your key with more secure models.

I already have a security key. Can I continue to use it?

It depends. Some models may continue to work but may pose a significant security risk. Older models (such as the Duo D-100) may be vulnerable to cybersecurity attacks. To protect your personal information, we recommend switching to one of the models indicated on this page (YubiKey 5C NFC or YubiKey 5 NFC).

I cannot purchase a security key before the deadline. What options do I have to continue accessing UC Davis services?

If you cannot use a security key, we recommend that you:

  • Use the Duo Mobile app. Learn how you can enroll a smartphone or enroll a tablet
  • Obtain single-use Duo bypass codes from the UInform website (uinform.ucdavis.edu) or IT Express.
    • Duo bypass codes are convenient when traveling, especially in areas with unreliable Wi-Fi connectivity, if you cannot purchase a security key, or when you may not have access to your smartphone.
    • Be sure to obtain these codes before February 23, 2025, as the UInform website requires Duo authentication. Duo bypass codes are valid for 90 days.  
    • Learn more about using Duo bypass codes from: https://kb.ucdavis.edu/?id=06213.

I am abroad or plan to be abroad/away from campus. What are my best options for identity verification?

We recommend that you:

  • Use the Duo Mobile app. Learn how you can enroll a smartphone or enroll a tablet.
  • Purchase a security key prior to your departure.
  • Obtain single-use Duo bypass codes from the UInform website (uinform.ucdavis.edu) or IT Express.
    • Duo bypass codes are convenient when traveling, especially in areas with unreliable Wi-Fi connectivity, if you cannot purchase a security key, or when you may not have access to your smartphone.
    • Be sure to obtain these codes before February 23, 2025, as the UInform website requires Duo authentication. Duo bypass codes are valid for 90 days.
    • Learn more about using Duo bypass codes from: https://kb.ucdavis.edu/?id=06213.

I am in a different time zone and need help with Duo. What are my next steps?

Support is available. For questions, contact:

Can I be granted an exception from using the Duo Mobile app and/or a security key?

Only in limited circumstances. For your privacy and university security, it is best to avoid exceptions. If you absolutely cannot use the Duo Mobile app, a security key, or the Duo bypass codes, you can request a cybersecurity exemption. If your department offers IT support, be sure to contact them first. If your department does not provide IT support, you can submit a request at: https://kb.ucdavis.edu/?id=03199. For accessibility-based exemptions, please see below for more information.  

My work requires me to use the phone callback feature for Duo. What can I do?

Faculty and staff: If you absolutely cannot use the Duo Mobile app, a security key, or the Duo bypass codes, and the phone callback option is the only viable option, contact your departmental IT support to complete a cybersecurity exemption request: https://kb.ucdavis.edu/?id=03199

Please see below for accessibility-based exceptions. 
 

I have accessibility-related needs. What are my options for using Duo?

UC Davis is committed to an inclusive and user-friendly login experience for all members of the campus community. If you cannot use the Duo Mobile app or a security key, we recommend that you follow the steps below.

Depending on your role at UC Davis: 

  • Faculty may consult with their academic personnel analyst for guidance on next steps. Academic personnel analysts or their designee should contact Disability Management Services for an accessibility-based exception.

I do not have a smartphone or I have other access concerns. What are my next steps?

  • For any student with financial need in purchasing a security key, please contact the Aggie Compass Basic Needs Center: compass@ucdavis.edu 
  • Faculty may consult with their academic personnel analyst and/or business team for guidance on next steps. 

  • Staff may contact their supervisor and/or business team for guidance on next steps.  

Can I still use my D-100 hard token?

As of February 23, 2025, D-100 hard token devices will continue to function, but are not recommended. UC Davis recommends that you move to the Duo Mobile app or use a security key

Can I still use one-time passcodes with Duo?

No. As of February 23, 2025, hash-based one-time passcodes (HOTP) are no longer displayed as an option in outdated versions of the Duo Mobile app (versions 4.49.0 and earlier). Check your version of the Duo Mobile app. If necessary, upgrade to the latest version of the app.