What is Two-Factor Authentication (2FA)?
Two-factor authentication (2FA) strengthens access security by requiring two methods (also referred to as factors) to verify your identity. These factors can include something you know – like a username and password, plus something you have – like a smartphone app to approve authentication requests.
2FA protects against phishing, social engineering, and brute-force password attacks. It also secures your logins from attackers who exploit weak or stolen credentials.
Duo integrates with Microsoft Windows client and server operating systems to add two-factor authentication to Remote Desktop and local logons.
Note that we are not affiliated with Duo and this is a third-party program provided by Cisco. This guide is purely informative and is meant to provide an extra layer of security and it is under no circumstances necessary to enjoy the service we provide.
How To Setup Duo
Start by accessing the DUO’s website and sign up. Follow the instructions and set your 2FA mobile (recommended) to ensure you’re never locked out.
Once you’re registered (it’s free for up to 10 accounts, so you’ll get a Trial and then revert back to a free account without inserting a payment method), you can start by adding the Application (RDP) to the website.
- Click the Protect an Application button:
- Search for RDP and locate Microsoft RDP in the applications list. Click Protect this Application:
- On the next page, get your integration key, secret key, and API hostname. You will need this information to install the Duo application. Treat your secret key like a password—the security of your Duo application is tied to the security of your secret key (skey).
- On the VPS, download the Duo Authentication for Windows Logon installer package:https://dl.duosecurity.com/duo-win-login-latest.exe
- Run the Duo Authentication for Windows Logon installer with administrative privileges.
- When prompted, enter your API Hostname from the Duo Admin Panel and click Next. The installer verifies that your Windows system has connectivity to the Duo service before proceeding.
- If the connectivity check fails, ensure that your Windows system is able to communicate with your Duo API hostname over HTTPS (port 443).
- Enter your integration key and secret key from the Duo Admin Panel and click Next again.
- Finish the installer and continue to the next step:
It is recommended to enable the Only prompt for Duo authentication when logging in via RDP to ensure Autostart script works for MT4/5s, otherwise, it won’t work. We recommend enabling all three options.
Add User
From the left panel, choose Users and then click the Add User button on the right:
Add the username for your VPS – this must match:
On the next page, complete the form to finish setting up the account.
Test your installation:
To test your setup, attempt to log in to your newly configured system as a user enrolled in Duo. It is important to not log out from your VPS until your user/devices are enrolled, otherwise, you won’t be able to access it anymore.
To enroll it, simply use the “Send Enrollment Email” button inside the user:
If installed and configured correctly, you should see something like this:
Duo Push: Send a request to your mobile device. To use Duo Push, install the Duo client on your Android or iOS device. Follow the instructions provided during the installation at Play Store or App Store. Log in to your mobile client using your Duo account credentials.
Call Me: Perform phone callback authentication.
Passcode: Log in using a passcode generated with Duo Mobile, received via SMS, generated by your hardware token, or provided by an administrator. To have a new batch of SMS passcodes sent to you, click the Send me new codes button. You can then authenticate with one of the newly delivered passcodes.
