Changes to Duo Backup Codes
Duo backup codes are being phased out as a multifactor authentication option at SUNY Plattsburgh.
Why are backup codes being removed?
Backup codes are no longer recommended as a secure authentication method because they:
- Are static and do not expire immediately
- Can be stored insecurely (e.g., screenshots, notes, email)
- May be reused or accessed by unauthorized individuals
To improve account security, we are transitioning users to stronger MFA methods.
What does this mean for you?
- New users
Backup codes are no longer available.
- Existing users who previously used backup codes
You still have temporary access, but this feature will be fully retired at the end of May 2026. Directions can still be found at the bottom of this article.
What should you do?
We strongly recommend setting up one of the following authentication methods:
- Duo Mobile (Recommended)
Push notifications and passcodes via the Duo app
- Hardware Token
May be available for current employees who cannot use a personal device. Other users would have to purchase a WebAuthn/FIDO2 security key from Yubico.
Need help?
If you need assistance setting up a new MFA method, please contact the ITS Helpdesk at helpdesk@plattsburgh or via phone at 518-564-4433.
How to generate backup codes
Duo backup codes can be generate on cas.plattsburgh.edu with the link Generate Duo Backup Codes after you have authenticated to your account. Because you will need to authenticate prior to generating your codes, this must be done before you will need the codes. Please keep in mind:
- Each code is one time use
- Expire after two weeks
- Any unused codes will be deleted from the system if more codes are generated.