multi-factor authentication hero image

What is multi-factor authentication?   

Multi-factor authentication or MFA adds an extra layer of security to our university accounts to protect you, your data, and university systems from unauthorized access and phishing attacks. Verifying your identity using a second factor such as your phone or mobile device prevents others from accessing your accounts, even if they know your password.  

How does it work?  

The university has selected Duo Security as our MFA provider.  Duo is the current market leader and the most widely used product in the higher education space for MFA.    

To log in to the VPN using Duo:

  1. Self-enrol by registering your phone or mobile device in Duo. You only have to enrol once.
  2. Use Pulse Security to connect to the VPN and enter your username and password.
  3. Use your phone or mobile device to verify your identity using Duo Push.
  4. You’re securely logged in!

Try it yourself with this Interactive step-by-step demo of Duo's multi-factor authentication!

    Set up multi-factor authentication in Duo

    Setting up multi-factor authentication with Duo is easy, and you only need to enrol once. 

    FAQs Multi-factor authentication and Duo

    Getting started

    Is Duo accessible for people with disabilities?

    According to Duo:

    "We test for accessibility in a number of ways. For our visually impaired users, we test our software manually by using both magnification and screen readers, specifically Nonvisual Access’ NVDA screen reader and Apple’s VoiceOver. We also ensure users can successfully authenticate only using a keyboard by testing font colors and backgrounds against contrast checkers and improving contrast for keyboard focus."

    From: https://duo.com/docs/accessibility#what-standards-does-duo-use-to-measure-accessibility?

    If you have questions or concerns about accessibility or need an accommodation, please contact the IST Service Desk at 204-474-8600.

    Read more about Duo's accessibility options:

    Why is push the best authentication method?

    It’s quicker than a text or a phone call

    • Authenticating with a text message requires waiting to receive the text, reading a passcode, and then typing it in.
    • Phone calls require actually answering the phone, listening to the recording, and using the dial pad to approve the login.
    • Duo Push is as simple as approving a notification on your smartphone.

    It’s more secure

    • Duo Push uses cutting-edge end-to-end encryption that SMS and phone calls can’t.
    • The Duo Push screen displays detailed information about the application and source device that initiated the authentication request.

    I can't use the mobile app. Are there other authentication options?

    Yes. Other authentication options include:

    Text message

    • You can choose to receive a passcode via text message to your mobile phone. This would require a texting plan on your device.

    Phone call to a number

    • You also have the option of using a landline for authenticating.  However, keep in mind that you would have to change your authentication number if you are away from your landline.  Using your work phone requires either being on campus, call forwarding or a soft phone setup like Jabber.

    Hardware token

    • Log in using a passcode that is generated by a hardware token. A hardware token is a thumb-drive sized fob that you must carry with you.  Please contact  the IST Service Desk to inquire about getting one.

    What are the mobile device requirements for using Duo?

    Android: the current version of Duo Mobile supports Android 7.0 and greater. Duo recommends upgrading to the most recent version of Android available for your device. We cannot ensure compatibility of Duo Mobile with custom variants or distributions of Android. 

    iPhone: The current version of Duo Mobile supports iOS 11.0 and greater.

     

    Duo on your mobile phone

    Is the Duo app free?

    Yes. It is available in the Apple App Store and Google Play.

    Why should I use my personal phone for this?

    Mobile phones are the most popular choice for multi-factor authentication because of the convenience. Most people seldom go anywhere without one. If using a mobile phone isn’t an option for you, please contact the IST Service Desk to discuss other options or read about the other options available in the "Getting started" section.

    General concerns about the use of a mobile phone for your job, should be discussed with your supervisor.

    Will multi-factor authentication work on my cell phone if I don't have cellular coverage or Wi-Fi access?

    Yes. You won't be able to receive push notifications so when you are logging in choose, "Enter a Passcode." Then open the Duo app and tap on the UM logo. It will give you a six-digit code to enter for authentication.You do not need an internet connection or a cellular signal to generate these passcodes.

    What happens if I change SIM cards in my phone?

    SIM card with same phone number:
    If the Duo app is already installed on your phone and the new SIM card uses the same phone number as the previous SIM card, Duo will work as normal.

    SIM card with different phone number:
    If you have the Duo app on your phone and change to a SIM card with a different phone number:

    1. Push notifications in the app — Changing SIM cards should not have any effect.
    2. Text (or call) notifications – You will need to register the phone number corresponding to the new SIM card, and then select which number to use when logging in.

    More information is available in this Duo help guide.

    If you encounter any difficulties when changing phones, please contact the IST Service Desk for advice.

    What happens if I lose my phone?

    If your phone is lost or stolen, contact the IST Service desk immediately for assistance.

    Devices can be added or removed in the Duo management portal.

    How much data does a Duo Push use?

    Almost none. 500 pushes to your device will use 1 MB of data in total. This is roughly equivalent to loading one webpage on your smartphone.

    What if my push alerts aren’t coming through?

    Try these easy troubleshooting steps for iOS, Android, Windows Phone, or BlackBerry.  Still not working? Reactivate Duo Mobile or contact the IST Service Desk.

     

    Alternate devices

    Can I have Duo on multiple devices?

    Yes, you can configure several devices on your Duo account from the Duo prompt by selecting Add a new device. As well, multiple devices of the same type can be added.

    For detailed instructions see: Adding a new device

    I’ve switched devices and/or need to reactivate Duo mobile.

    If you get a new phone, or if you’ve re-installed the Duo Mobile app, you'll need to re-activate Duo Mobile. You may enrol your new device yourself from the Duo prompt.

    You will need to log in using an MFA device already configured to your account. If the device you are replacing is your only MFA device and you no longer have access to it, contact the IST Service Desk at 204-474-8600. 

     

    Duo app security and privacy

    What should I do if I receive a push notification in Duo that I didn’t initiate?

    Assume that someone is trying to illegally access your account:

    • First, choose “Deny” in the Duo app to block the request, then
    • Call the IST Service Desk at 204-474-8600 and report the attempt!

    Does the Duo app on my phone give UM or Duo control or access to my phone?

    The Duo app does not give the university access to your mobile device and does not provide any control over the mobile device. During the multi-factor authentication process, the only information provided to the University is that the authentication was completed. For more information, see Duo’s privacy policy.

    Where can I find Duo’s privacy and security information?

    Please see Duo's Privacy Data Sheet.

    Contact the Service Desk

    • Fort Garry Campus

      123 Fletcher Argue
      Mon - Fri: 8:00 a.m. to 8:00 p.m.
      204-474-8600

    • Bannatyne Campus

      230 Neil John Maclean Library
      Mon - Fri: 8:00 a.m. to 4:30 p.m.
      204-474-8600

    • Contact us now!

      If your request is urgent, use the Chat tool in your browser for a faster response.

      Chat now