Reading the documentation for Auth API (Auth API | Duo Security) I see that the supported second factor protocols are auto, push, passcode, sms and phone. The passcode option is defined as coming from Duo Mobile, SMS, hardware token, or bypass code, ...