Multi-factor Authentication (MFA) workarounds for China
The primary method we recommend using for Duo MFA is the Duo Mobile app for iOS and Android. However, it's important to know that there are some limitations using the app (or even just using your cell phone) in China due to specific rules and regulations there.
Here's a list of the issues and our suggested workarounds:
- The Google Play store is not available in China, making it more difficult to install the Duo app on an android device.
- Download the app APK (android package file) directly from Duo's website
- This shouldn't be a problem on iOS devices
- Your android device may not have Google Play services installed since the store does not work in China. If that's the case, the Duo push functionality will not work.
- Use Duo "fetch" instead (choose Duo push from the menu when you're logging in and manually open the Duo app and swipe down to "fetch", then tap approve)
- Phone callback may not function correctly
- Use a different method for your second factor (Duo push or fetch, texted passcode, or in-app passcode)
If you are traveling to China, make sure you have the app downloaded and installed first and it will avoid many issues. It's also a good idea to stop by the Solutions Center in Tutt Library to pick up a keychain fob "token" that can be attached to your account and used while you travel. The token does not depend on internet or cellular access at all, so it's a good option to use in China. Note that if you have the Duo app, the passcode the app generates every 60 seconds is actually the exact same thing as the token, and will also work without internet / cellular.
As a last resort, you may generate a temporary Duo MFA bypass code through the single sign-in page (see the top of the page for the link) to get around having to use Duo while you're in China.
See Duo's webpage on this issue for more detailed information.
For reference, see Apple's page on which iPhone models work with various mobile networks in China.