Duo Multi-Factor Authentication: Introduction and Enrollment

Summary

Secure your account.

Body

The enrollment process:
  • Enroll a device
  • Install the Duo Mobile app
  • Activate Duo Mobile (scan the barcode)
  • Configure your device (optional)
  • Repeat to install another device (a good idea)

Enroll your device(s).


Some background information...

What is multi-factor authentication (MFA)?

  • Essentially, MFA add layers of security to your account. At UWRF, besides logging in with something you know (your password), you also log in using something you have (e.g., a phone). And if your phone is secured (e.g., with a PIN or fingerprint), security is even better! So even if someone gets a hold of your password, they still can't log into your account.
  • For a little more detail, check out this quick explanation or a more entertaining 2 minute video from Duo.

Why does UWRF employ MFA?

  • It is included in a University of Wisconsin System Information Security policy (1030) with its accompanying procedure (1030.A).
  • In this era of social engineering, it is just a good idea. Adding a second layer of security helps prevent anyone but you from logging in even if they know your password.
  • "Based on our studies, your account is more than 99.9 percent less likely to be compromised if you use MFA," said Alex Weinert, Microsoft’s Group Program Manager for Identity Security and Protection.

When to enroll in MFA?

  • Employees enroll immediately after your Falcon Account is activated.
  • Students enroll following your initial registration for classes. Duo is not required for email or eSIS access as an admitted student.

What are my MFA options?

Employees

Preferred Method

Most people use the Duo Mobile app. It is very easy to use and even if you are in an area where you don't have cellular data or Wi-Fi coverage, your smart device still lets you in by using the authentication passcode feature.

In general, you'll want to enroll more than one device just in case your preferred device is unavailable when you need it most. For example, you can install the Duo Mobile app on your smart phone AND your tablet (devices that are around you when you log into things) and then enroll those two devices.

Method How It Works Device Data Usage / Cost Requires Connection?
Duo Mobile App Duo's free mobile application displays a login request notification on your smartphone or tablet. Tap Approve to authenticate. If cell data and Wi-Fi are unavailable at the time, the app can generate a passcode in order to continue. Mobile Phone or Tablet Each notification is only 2KB of data. Yes for notfications: Cellular data or Wi-Fi. No for passcodes.

Alternate Methods

Alternate methods which cost the university money and therefore are not preferred:
Method How It Works Device Data Usage / Cost Requires Connection?
Hardware Token Press a button on the token to generate passcodes for you to complete your login. Key Fob The first one is a $27 charge to the employee's department. A replacement without a fob being returned is a $27 cost to the employee. Fobs can be acquired at the UWRF Carding Office. No
Text Passcodes Duo sends a text message with an authentication code. Phone with Text Messaging A single text message. Yes: Cellular
Phone Callback Duo calls your phone. Just press the appropriate number response to authenticate. All Phones A single phone call. Yes: Cellular or Landline
Enroll your device(s).
Students

Preferred Method

Most people use the Duo Mobile app. It is very easy to use and even if you are in an area where you don't have cellular data or Wi-Fi coverage, your smart device still lets you in by using the authentication passcode feature.

In general, you'll want to enroll more than one device just in case your preferred device is unavailable when you need it most. For example, you can install the Duo Mobile app on your smart phone AND your tablet (devices that are around you when you log into things) and then enroll those two devices.

Method How It Works Device Data Usage / Cost Requires Connection?
Duo Mobile App Duo's free mobile application displays a login request notification on your smartphone or tablet. Tap Approve to authenticate. If cell data and Wi-Fi are unavailable at the time, the app can generate a passcode in order to continue. Mobile Phone or Tablet Each notification is only 2KB of data. Yes for notifications: Cellular data or Wi-Fi. No for passcodes.

Alternate Method

An alternate method, which costs the university money and therefore is not preferred, is a hardware token (fob).
Method How It Works Device Data Usage / Cost Requires Connection?
Hardware Token Press a button on the token to generate passcodes for you to complete your login. Key Fob The first one is covered by the Student Technology Fee. A replacement without a fob being returned is $27. Fobs can be acquired at the UWRF Carding Office. No
Enroll your device(s).
Emeriti and Honored Retirees

Accessibility and Duo

Details

Details

Article ID: 49124
Created
Mon 2/26/18 11:56 AM
Modified
Mon 5/13/24 12:33 PM