Windows Host MFA Protection

1. What is DUO MFA?

It is an MFA (Multi-Factor Authentication) service provider.

 

2. Do we provide DUO as an official product?

Not really. We have enforced MFA (Multi-Factor Authentication) for all new Windows Server / VPS signups since April 2019 to create an extra server login protection.

 

3. Which DUO plan should you register?

Duo Free. Please refer to https://duo.com/pricing/duo-free. It is handled by technical team during server provision process. Kindly contact our support team if want to upgrade DUO plan.

 

4. Who will administer your Windows Server / VPS DUO account?

Our internal team.

 

5. Our setup process.

We require the phone number of the Windows Server / VPS client to register a Duo mobile account.

 

6. User DUO mobile enrolment process.

During the deployment of MFA, an SMS that contains the system generated URL to download the app using a mobile phone (supported on both Android/iOS) will be sent to the user. The user is required to install the app based on the link provided in the SMS. 

 

7. After login the Windows Server / VPS, the user can choose any of the following for authentication:

  • Duo Push

Tap ‘Approve’ on the push notification received on the phone seconds later to securely access the server.

 

  • Call Me

The user will receive a one-time passcode via a call from the system operator.

 

  • Passcode

Duo will send a one-time passcode via SMS that can be typed into a 2FA prompt.


 

**Limitation on the usage of Call Me and Passcode**


Each free account will be given 500 credits. Each Call Me costs 10 credits; each Passcode costs 5 credits for MFA authentication. Once credits are depleted, the user can only choose Duo Push for authentication. 

 

8. Can I not enrol?
Yes. Kindly inform our technical agent and we will assist to uninstall the application. However, please understand that the Windows Server / VPS will no longer be protected by MFA, which provides extra login protection using authentication. Without the MFA protection, the server will be vulnerable to login brute force.



Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.