I was wondering if there is any update on using Duo for Windows without an internet connection?
2FA failing to work without an internet connection is a major weakness and defeats one of the major reasons to use the product.
Can you please explain in more detail the scenario you are referring to, so that I may be able to offer assistance.
Presently, if a laptop is taken to a remote location, say an airport that its never been to, when the user powers on the machine, it doesn’t have internet access. The only options presently available in the Duo for Windows application is to “FailOpen,” which means 2FA is not used at all, or “FailClosed,” making the laptop not usable.
Ahh I see, currently we are not using DUO for windows, just all remote access… I wonder if SMS codes would work for your users?
SMS codes don’t apparently work from the logon screen.
Unfortunately at this time the only options for your use case are to “Fail Open” when no network is available or if you use Smart Cards to provide MFA outside of Duo. I know there is a feature request being worked for this scenario,
SMS codes absolutely work with Duo for Windows Logon. Click the “Enter a Passcode” button and you can then type in a passcode you already received via SMS or request new codes.
You are correct that our binary fail open/closed behavior doesn’t account for offline MFA. We will have some news about this in the near future, but in the interim if you allow your users to configure networks from the login screen you should enable fail closed.
When your users are away from their normal location they can use the Networks UI from the icon in the bottom right to connect to an available network, allowing them to complete Duo MFA at login.
I think the SMS was related to being while offline. I hadn’t thought about allowing users to configure networks prior to login unfortunately our users are often in locations without any internet connectivity.
SMS + offline laptop does not work. The laptop has to be online.
I don’t believe you can log into a network from the Windows logon screen that requires a portal login, like at a hotel or airport, since you can’t bring up a browser window while on the logon screen.