Multi-factor Authentication (MFA)
Also known as Two-factor Authentication (2FA), TFA, Duo and Two-Step Verification.
Opt-in to MFA required for VPN and VDIStarting Oct. 31, Duo MFA will be required for all accounts using the University Virtual Private Network (VPN) and Virtual Desktop Infrastructure (VDI) services. Follow the guide in the "Get Started" section below to opt-in to the service or Enable Duo MFA now.
By enrolling in MFA, you are taking an important additional step toward securing your online identity and personal information. You are also helping to protect University’s research, intellectual property, and institutional data.
MFA is a form of security that protects an account with two layers of authentication. The first layer is a PIN number or password, something that you know. The second factor is something that you physically have, such as a device. For example, a bank account uses MFA for security by requiring both a PIN and a debit card. The university’s MFA provider is a company named Duo Security (Duo for short).
After you enroll in MFA, when you log in to any MFA-protected website or service, you will enter your username and password (something you know) as you do today, and then use your smartphone or another device (something you have) to verify your identity.
All employees using any university SSO service are required to use MFA. University students are allowed, and encouraged, to opt-in to MFA in ELMO.
MFA prevents others from signing in as you, even if they know your password. It protects you and the University of Alaska from the risks of phishing scams and other forms of passwords theft.
Users’ passwords have been compromised by many different methods: guessing, hacking, watching you type the password, capturing the password on a computer with malware installed that records keystrokes, capturing passwords sent over a compromised network connection, capturing cached passwords on servers receiving passwords. Even the most careful user cannot be certain their password is never compromised by one or more of these attacks.
After you enroll in MFA, when you log in to any MFA-protected website or service, you will enter your UA Username and password as you do already, and then use your smartphone or another device to verify your identity.
The additional verification is not a second password, but a verification that depends on something else, such as demonstrating possession of your unlocked smartphone, or a security key, or a “biometric” such as a fingerprint, none of which would be compromised by even a successful attack on your password.
The University's MFA provider is a company named Duo Security (Duo for short).
Log in to ELMO, select Security Settings and choose the Multi-factor Authentication option.
- Once multi-factor authentication is enabled for your account, your first access to one of the relying services (UA Blackboard, Google Workspace @ UA, UAonline, DegreeWorks, Omni CMS, MyUA, etc.) triggers a login screen requesting your UA Username and UA Password.
- You will be presented with a page to automatically enroll and register the device(s) you will use for multi-factor authentication.
- Set up a smartphone or tablet (Duo Mobile) – recommended
- Set up a phone or landline
- Set up a security key
We recommend using Duo Mobile on your smartphone because it’s free, secure, and simple to use. Duo Mobile creates no data on your device.
You can manage your registered device(s) at any time, including:
- Adding a phone or other device as a backup in case your primary phone is unavailable
- Changing your primary device to receive notifications
- Changing your notification type
- Reactivating the Duo Mobile app on your device
Learn more about managing your device(s).
Once you set up a device, you’ll be ready to sign in with MFA.
- Browse to the system or application that requires signing in with MFA. It will initiate the process of signing in.
- Sign in with your UA Username and password, as usual.
- Check “Remember me on this browser” if you’re browsing on a computer or device that you can trust to protect your browser. This option reduces how often you have to sign in with MFA on the same web browser.
- Authentication methods depend on your choice of device. They include:
- “Send Me a Push” – Duo sends a notification to Duo Mobile on your smartphone or tablet. You then tap “Approve” to sign in. An internet connection (Wi-Fi or cellular data) is required to receive push notifications.
- “Enter a Passcode” – Open Duo Mobile on your smartphone or tablet to generate a passcode, with or without an internet connection. Or, if you have a hardware token, use the passcode from it.
- “Call Me” – Duo calls your smartphone, mobile phone, or landline. Answer the call and follow the instructions to approve. This option only works with phone numbers in the US and parts of Canada.
- USB Security Key– If you set up USB security key device, depending on your security key model, you'll need to tap, insert, or press a button
on your device to proceed.
View all authentication methods
- If successful using your MFA device to confirm it’s really you, sign-in is complete. Your browser will continue to the system or application that initiated the sign-in process.
Learn more about Authenticating with the Duo Prompt
Duo Mobile Push (Recommended)
|Duo Mobile Passcode
|Security Key Tap
|Security Key Passcode