skip to main content
Caltech
Information Management Systems and Services
IMSS  /  Services  /  Information Security  /  Duo MFA  /  Duo without network access

Using Duo offline or without network access

Some of the Duo second-factor authentication methods require network connectivity in order to function, while others do not. There are several types of scenarios in which this may become relevant:

  1. The system you are completing primary authentication on (e.g. your computer) has a network connection, but your second-factor device (e.g. your phone) does not have a network connection. For example, you could be working on a computer attached to the wired network while in a basement lab with limited cellular and Wi-Fi signal.
  2. Neither the system you are completing primary authentication on (e.g. your computer), nor your second-factor device (e.g. your phone) have a network connection. For example, you could be on a flight without in-flight Wi-Fi internet access.

In the first example, you simply need to have a Duo second-factor option that supports offline use. Those are listed below. In the second example, the Duo integration must also support and be configured to allow offline authentication. This does not apply to all authentications using Duo. For example, logging in to a website protected by Duo will require internet connectivity. Some Duo integrations, such as Windows login, support offline access as a configurable option.

Second-factor options that can be used offline

  • Duo Mobile passcode
  • YubiKey passcode
  • Hardware token passcode

Second-factor options that require internet connectivity

  • Duo Mobile Verified Push
  • Platform authenticators (e.g. Touch ID, Windows Hello)
  • Roaming authenticators (e.g. YubiKey Security Key)