Multi-factor Authentication and Duo

All UA employees (including student employees) are required to enroll in MFA. UA students are encouraged to enroll in MFA, and can opt-in by changing their security settings at elmo.alaska.edu. MFA helps to protect your account (and by extension the University) from the risk of account compromise and data breach.  Phishing attacks resulting in account compromise are happening with increasing frequency.  By ensuring that network logins at UA require something you know (your password) and something you have in your posession (your MFA-enabled device), we can dramatically reduce the risk of an unauthorized entities accessing your account and the information within.

The list of MFA-supported applications and services is growing, but popular applications and services include UAOnline, GSuite (Google), Modern Campus CMS, DocuSign, TDNext , ClientAmazon Web Services, RAVE, and remote access services.  Most services accessible via single-sign-on (SSO) also support MFA.

Starting Oct. 31, Duo MFA will be required for all accounts using the University Virtual Private Network (VPN) and Virtual Desktop Infrastructure (VDI) services.

You can self-enroll by logging into ELMO at https://elmo.alaska.edu, selecting “Security Settings”, and then choosing the “Multi-Factor Authentication” option.  You may be prompted to enroll when you login to certain UA services.  Please follow the instructions available at https://uaf.edu/nooktech/services/mfa/add-device.php and https://uaf.edu/nooktech/services/mfa/manage-devices.php

We recommend you enroll at least two devices and that one of those is a cellular phone (or another device that you take with you wherever you go).  You can use a smartphone (requires app install), regular cellphone, work/home telephone, security token, or security key (popular options include YubiKey, Google/Titan Security Key, or most any FIDO U2F or FIDO2-compatible keys).

More than likely, you’re using a different computer or different web browser (or both).  “Remember Me” remembers the device and web browser you used.  For example, if you use Microsoft Edge to access UAOnline and choose “Remember Me”, but then use Google Chrome or Mozilla Firefox to access you UA email, you’ll be prompted a second time.

Temporary Bypass codes can be generated from elmo.alaska.edu, by logging in via your security questions.

To generate a bypass code:

  1. Go to elmo.alaska.edu and select the Forgot password button. 
  2. Enter your username or ID number, then select the Reset password button.
  3. After that, answer your security questions. 
  4. If successful, continue by selecting the Security Settings button in the top left. Then select the Generate one-day passcode button. The code can then be used an unlimited number of times for the next 24 hours.

If you experience any issues with ELMO or answering your security questions, contact the Nanook Technology Service Desk for assistance.

When installing apps on your smartphone, it's a very good idea to only install them from the authorized store ("App Store" on iOS/Apple; "Play Store" on Android).  Phone calls will come from 907-455-2100 (you can call that number back to confirm that it's maintained by UA).  If in doubt, contact the NTS Service Desk for assistance.

Please DO NOT approve any unexpected Duo request.  If you don't recognize it and didn't initiate it, please report it as fraudulent (follow voice prompt instructions or tap "Deny" in the app).  Reporting suspicious MFA attempts will allow UA Information Security to promptly investigate any potential issues.

It depends.  For most people, the "Duo Push" to their smartphone is the fastest and most convenient method of MFA.  For others, phone calls to a landline can be faster or easier.  We encourage you to enroll multiple devices and try various options to see what you prefer.

Sure - you can use your smartphone as a "dumbphone" - MFA can initiate a voice call to your cell phone.  Or skip the cellphone entirely and call you at home or work.  If those options won’t work, please contact the NTS Service Desk for assistance.

We don't have access to your phone - the only information we see is some demographic information - make (brand), model, telephone number, and version of the Duo Mobile app installed.

The Duo Mobile app will work with a Wi-Fi connection if a cellular connection isn’t available.  If you have no data connection at all, you can still use the app - just open Duo Mobile, find the relevant MFA-protected application (“Duo-Protected University of Alaska”), tap it to expand the entry and show a one-time code you can enter at the MFA prompt.

First, check to see if the notification is appearing in the app – open the “Duo Mobile” app on your smartphone and look for a green bar at the top indicating that you have requests pending.  If you don’t see the green bar, please contact the NTS Service Desk for assistance.