Multi-Factor Authentication at the IAS

What is Multi-Factor Authentication

Multi-Factor Authentication (aka MFA) combines something you know (your passphrase) with something that you have (your phone or device) in order to authenticate to computing services. Studies have shown that by utilizing MFA, institutions can see a drastic reduction in the amount of compromised accounts and breaches.

How do I sign up?

Our MFA solution, DuoSecurity, is popular among higher education institutions around the world. To enroll, simply click on the Configure button in the Multi-Factor Authentication card on UpdateMe to get started with the configuration of your mobile phone. The process takes less than 5 minutes to set up.

For details on setting up DuoSecurity, you can view the step-by-step setup guide or view the Getting Started video linked below.

What if I have issues using DuoSecurity?

In the unlikely event that you have issues using DuoSecurity, just contact the Computing Helpdesk.

Is Multi-Factor Authentication required?

The short answer is yes. Over time we will be rolling out MFA protection for many of our services. We will notify our users when those changes are going to go into effect so that you have plenty of time to prepare.

Other Frequently Asked Questions

• Typing in the pin code everytime I log in is a pain, is there an easier way?
  • Instead of typing in the pin code when you log into a service like OpenVPN, you can use Duo Push instead. If your Mobile Device is connected to the Internet, then just type the word "push" in when OpenVPN asks you for your Duo access code. Duo will send an alert to your Mobile Device, which you will then have to accept or deny. Once accepted, you'll be given access, without having to type in your pin code. Only accept Duo Pushes when you are expecting them, and deny them otherwise. If you keep getting unexpected Duo Push requests, please contact the Computing Helpdesk.
• What if my phone does not have network access, like if I'm traveling abroad, or my phone doesn't work on the US network?
  • The DuoSecurity application does not require network access to work. The next access code is generated on the phone itself and will work regardless if you have Internet access or not. The initial setup will need Wi-Fi or Mobile network connectivity to install the app. (Duo Push will not work without Internet, but is not required to log in.)
• What happens if I don't have or lost my phone?
  • In the case of a lost phone, please contact the Computing Helpdesk. They will be able to help you remotely until you have the ability to set up a new phone. You can also request a temporary one time code to get you the access you need immediately, or have some ready to go in a safe place as well.
• What happens if I get a new phone?
  • If you still have access to your old phone, you can use Duo Instant Restore to restore your Duo accounts to your new phone.  Take a look at the videos for Apple iPhone devices and Android devices for more information.  Duo Instant Restore can also restore third party one time passwords that you have set up with the Duo App.
  • If you don't have access to your old phone, please contact the Computing Helpdesk for instructions on how to recover your IAS account.  Because Duo Instant Restore was not used, all third party one time passwords will have to be reconfigured.
• What if I don't have a mobile phone?
  • If you have a Duo compatible secure key, you can enroll it by following our guide.
  • Contact the Computing Helpdesk for guidance.
• What if I'm running into an issue?
  • Contact the Computing Helpdesk for guidance.
• What is the difference between Two Factor Authentication and Multi-Factor Authentication?
  • Two Factor Authentication, or 2FA, is a type of Multi-Factor Authentication, or MFA. We chose to use the term Multi-Factor Authentication as it encompasses Two Factor Authentication.
• I have a HUAWEI phone running Android OS, but I can't find the Duo Mobile app in my app store.
  • The Duo Mobile app is not available for HUAWEI phones running Android OS. Here is Duo Security's information on compatibility. Contact the Computing Helpdesk for guidance.
• When I log into a website, I don't see the "Remember Me" button to allow for Single Sign On (SSO). How do I get this to work?
  • DuoSecurity has a great article on how to get this functionality to work in your web browser. Unforuntately, at the time of this writing, Apple's Safari and Microsoft's Edge Browsers do not support a secure way to utilize this feature and we do not recommend globally allowing all third-party cookies as specified in the article. Google's Chrome, Microsoft's Internet Explorer, and Firefox include ways to allow it for the duosecurity.com website.

References

• An Introduction to Duo Security
• Getting Started with Duo Security