This is restricted access content. Please don’t forget to logout if you are using public computer.
Duo Desktop + Passport FAQs
Overview
As part of Tufts ongoing commitment to improving user experience, along with enhancing security and regulatory compliance, Duo Desktop will be deployed to all Tufts-managed employee machines.
Duo Desktop with Duo Passport improves user experience by minimizing the number of MFA prompts. Duo desktop currently checks for supported operating systems, disk encryption, and antivirus software. Institutional policies and external requirements change over time, including HIPAA, NIST, and NIH guidance, and Tufts may update compliance checks as needed.
Duo Passport reduces authentication time by enabling a single, initial interactive multi-factor authentication (MFA) to grant access to multiple applications, eliminating repetitive prompts.
What is Duo Desktop?
Duo Desktop is a lightweight application that works alongside Duo Multifactor Authentication (MFA).
It verifies that your device (computer, laptop, etc.) meets Tufts’ baseline security policies (such as operating system updates, encryption, and system password requirements) before allowing access to MFA-protected services/systems.
What Is Duo Passport?
Duo Passport works with Duo Desktop to extend and share “remembered device” sessions.
With Passport enabled:
- Most users should only need to complete MFA once per workday per device
- Trusted sessions can roam across supported browsers, browser tabs, Duo-protected websites, and supported desktop applications on the same device
- You’ll see less MFA prompts
You may be MFA prompted again if:
- Browser cookies are cleared
- Your device or IP address changes
- Your device’s security posture changes
Who Is Affected?
Duo Desktop will be installed on all Tufts faculty and staff, university managed machines.
Without Duo Desktop installed, users will continue to receive standard Duo MFA prompts and browser-specific remembered device cookies — but those sessions are not shared across browsers or between web and desktop applications.
Important: Duo Passport does not apply to Virtual Private Network (VPN), VDI, or remote server authentication. Shared computers will not have Duo desktop installed.
What Do I Need to Do?
If you have a Tufts issued computer or laptop, Duo Desktop will be installed automatically. No additional setup is necessary. Duo Desktop is also available from the Tufts Self-Service portals on both macOS and Windows machines.
For personally owned or unmanaged devices, Duo Desktop is not required currently to access Tufts systems.
What does Duo Desktop Check?
Duo Desktop checks only for system compliance: operating system version, encryption status, and antivirus presence. It does NOT access your personal files, monitor activity, or collect browsing history.
NOTE: Mobile devices and tables are not subject to Duo Desktop. The tool only applies to desktop and laptop computers.
Will Duo Desktop Include Additional Security Checks in the Future?
Yes. Tufts TTS may expand Duo Desktop’s compliance criteria over time to align with evolving institutional security policies and regulatory frameworks (e.g., HIPAA, NIST, NIH guidance).
Users will be notified in advance of any new requirements, along with guidance on how to comply.
What can I do if I have questions about Duo Desktop?
If you have additional questions about Duo Desktop and Passport, please submit Service Request Form or email us it@tufts.edu