What is multi-factor authentication?
Multi-Factor authentication or MFA is an additional layer of user verification besides just a username and password when attempting to access a system such as email or payments. MFA involves something you know (password) plus something you have with you (i.e. Duo Mobile) such as your mobile phone. The additional verification can be done using the DUO Mobile app, a hardware token key, or a passcode provided by the UCM Technology Support Center. When using DUO MFA, you will still provide your username and password but, the second factor is an additional layer that works in conjunction with your user name and password. Duo Push, utilizing the DUO Mobile client, is the recommended method to use as MFA.
MFA is also known as two-factor authentication or 2FA. Most commonly, when implemented, there are two steps to go through for authentication, but, there are multiple means to support the second step.
MFA adds a layer of protection to your account in case your password becomes compromised. If a bad actor obtains your current password, they still won't be able to log into your services unless they also have your phone (SMS, Mobile App) or other device and thus won't be able to provide the second authentication.
What is Duo Security?
Duo Security is a company that provides a cloud-based software service that utilizes multi-factor authentication to ensure secure access to services and data. To learn more about how Duo Security works, check out this video.
Why do we need multi-factor authentication?
Login credentials are more valuable than ever and are increasingly easy to compromise. Over 90% of breaches today involve compromised user names and passwords.
Multi-factor authentication enhances the security of your account by using a secondary device to verify your identity. This prevents anyone but you from accessing your account, even if they know your password.
How will multi-factor authentication with Duo change my login experience?
When logging in to an application that is protected by Duo, you will still enter your user name and password. After inputting your login information, Duo requires you to complete a method of second-factor authentication.
Duo does not replace or require you to change your user name and password. Think of Duo as a layer of security added to your pre-existing login method.
Will adding DUO to my personal cell phone increase the chance that my phone will be compromised?
No, DUO is an added layer of protection for logging into systems. DUO is an application that allows verification of your identity.
What do I need to do if I already had DUO before enrolling with UCM's MFA?
You will need to contact the TSC to have your account activated with UCM.
What if I am an employee and also a student?
Each account requires enrollment, however, if you've already enrolled in DUO you can reach out to the TSC to have your second account linked to your initial account.
What if a user's account has been compromised?
Any user whose account has been compromised is strongly advised to enroll in Duo and complete the setup before their account is re-enabled.
What if my phone is not compatible with the Duo mobile app?
For the best experience, we highly recommend using a Duo-compatible phone. However, hardware keys are available for pickup from the TSC in Ward Edwards 0800 if needed.
What if I am in a place where I get internet access but not cell service?
We recommend installing and using the Duo mobile app, as it only requires an Internet connection for the authentication process.
What if my phone breaks, dies, or I forget it at home?
Please call the TSC at 660-543-4357 to request a temporary passcode.
Is there a dedicated individual who can help me with my Duo mobile app questions?
All of our TSC staff members are trained and can assist with any questions you have about the Duo mobile app.
The Duo app seems unpredictable on my phone, sometimes I get the three digit code and sometimes I receive a text. How can I make sure it is the same each time?
By default, the Duo app will prompt you for a three-digit code for verification. You should only receive an SMS text during the initial setup of your Duo mobile account. If you encounter anything different, please contact the TSC.
I already have a different MFA app on my phone. Can I just use that one?
No, Duo Mobile is the only app compatible with MFA authentication for your UCM account.
Additional information
For additional information about DUO MFA, please check out the documentation on their website.