Let's say you have a safe to keep your important documents. There's a combination lock you have to use to open it. You're probably the only one who knows the combination, so its pretty secure... but if someone was really determined they could keep trying different combinations until they found the right one.
You think your documents are pretty personal, so you want to make sure no one but you can get at them. You buy a better safe. It still has a combination lock, but it also has a strong key-based lock. You're still "probably" the only one who knows the combination, but now you also need to have the key to open the safe door... and if someone steals the key from you, they still can't open the door without the combination. This is the essence of two factor authentication - it combines something you know (the combination or password) and something you have (the key, token, or other "second factor").
Duo is the two factor authentication solution for Penn State Health and College of Medicine. Duo is an additional layer of security that protects your login by turning your mobile phone or landline into a key ("something you have") for accessing the information and information systems of PSH and COM. You still access the applications the same way you always have from a computer; but when you're logging in, you need to have the device or phone you associated with your user account nearby so you can approve the login attempt. Once you log in, the phone or mobile device isn't needed any more for that session.
Duo allows for multiple options. If you own a smartphone, the best option is to install and use the Duo Mobile app. Duo also supports entering a code that can be sent to your mobile phone via SMS, or by calling a mobile or landline phone.
This video provides a quick overview of how the everyday authentication process works: