How "Remember me" works in Duo multi-factor authentication

The Remember me feature of Duo Mobile works for most people most of the time. However, it is not 100% reliable because the feature relies on web cookies of a particular type, and the web browser you are using must accept this type of cookie. These are common situations in which you may need to authenticate with Duo MFA each time you log in.

Web browser issues

  • Allowing cookies
    Most web browsers have security and privacy settings that allow you to accept or reject cookies entirely. You must allow cookies to be set by *.northwestern.edu and *.duosecurity.com.

  • Tracking or 3rd party cookies
    Cookies are often sent back only to the site that initially gave you the cookie. But many web sites also use what are called 3rd party cookies. These are also known as tracking or cross-site cookies, because they allow one web site (e.g., www.cnn.com), to track your visits to another site (e.g., www.facebook.com). Duo's Remember me cookie, although it is not used for tracking or advertising purposes, is indistinguishable from these cookies. More and more browsers are not allowing these cookies by default, though most let you adjust these settings.

  • Multiple browsers
    If you authenticate with Duo MFA using one browser (e.g., Chrome), then later login via another browser (e.g., Firefox), you will be prompted to authenticate with Duo MFA again. Web browsers do not share cookies with each other.

  • Clearing cache/cookies
    If you delete Duo's Remember me cookie by manually clearing your browser's cookies/cache, you will have to authenticate with Duo MFA again the next time you log in. Some web browsers can also be configured to clear cookies and/or cache each time they are launched.

  • Private or Incognito mode
    Most browsers have a private or incognito mode. When you use this, cookies are not saved, website addresses aren’t cached, and several other features are modified. You will always have to authenticate with Duo MFA when using incognito/private mode.

Non-browser issues

Remember me can fail when a non-browser application needs to open a browser-type window to perform SSO and/or Duo MFA operations. These application vendors typically use either a web toolkit provided by the operating system (Windows, macOS), or implement their own browser-like window. Examples of these types of applications include Global Protect VPN, WebEx, and Microsoft Teams.

These pop-up windows must provide the same cookie support and settings noted above. If they do not, Duo's Remember me will not work for these applications. Even if Duo's Remember me does work, note that this Remember me cookie will not be shared with the web browser you use for normal tasks (e.g., Chrome, Firefox, Safari).

Your experience with non-browser issues can vary widely based on your device's operating system version, the patches/updates that have been applied, and the vendor-provided client application.

For additional assistance please contact the IT Support Center at 847-491-4357 (1-HELP) option 2, or consultant@northwestern.edu.




Keywords:mfa multi-factor authentication 2fa mobile   Doc ID:62301
Owner:IT Support Center .Group:Northwestern
Created:2016-03-28 15:23 CDTUpdated:2020-07-29 12:06 CDT
Sites:Northwestern
Feedback:  44   1