Multi-Factor Authentication Frequently Asked Questions (FAQ)


Table of contents

Do I need to enroll in Multi-Factor Authentication?

Multi-Factor authentication (MFA) is required to access any resources secured by the Central Authentication Service (CAS). 
 

Faculty and staff

Current faculty, staff, and Emeritus faculty are required to authenticate with MFA before accessing any CAS-secured resources. 
 

Students

Current students are required to authenticate with MFA before accessing any CAS-secured resources.
 

Affiliates and associate accounts

Affiliates of UMD and Associate accountholders are not required to authenticate their identity with MFA before accessing select CAS-secured resources such as ELMS-Canvas or Testudo. 
 
Top

What Is Multi-Factor Authentication?

MFA requires the use of multiple methods or devices to authenticate your identity when logging into University of Maryland accounts, services, or systems protected by the Central Authentication Service (CAS). MFA services for UMD are provided by Duo Security.

Top

How Do I sign up for Multi-Factor Authentication?

You can self-enroll in MFA by visiting the Set your default Multi-Factor Authentication Device page.

NOTE: If you intend to use Bypass Codes only to complete multi-factor authentication, contact your departmental IT representative or the Service Desk for assistance with enrollment.

Top

Can I add multiple devices or methods?

You can have multiple devices enrolled to use with MFA, though one of them must be set as the default device. In fact, DIT recommends having a backup authentication method in place, in the event you misplace your primary method. This backup method may be a copy of pre-generated bypass codes or Call Back (see Overview of Multi-Factor Authentication and Login Methods to learn more about methods of authenticating). 

It is highly recommended that you obtain Bypass Codes before removing or adding a new device to your Multi-Factor Authentication Profile.

Top

What devices are supported?

UMD utilizes Duo to provide multi-factor authentication services. Duo supports the following devices and operating systems:

To learn more about devices supported by Duo, visit Duo's Guide to Two-Factor Authentication

Top

What if I get a new device?

If you get a new device, you can add it to your list of enrolled MFA devices at the Set your default Multi-Factor Authentication Device site as long as you still have a method of MFA authentication--such as your old device, or a bypass code--to access the MFA Profile site.

Top

What if I lose my device?

If you have two or more devices enrolled in MFA and one device is lost or stolen, you visit Set your default Multi-Factor Authentication Device to remove it.

If you only have one device, contact the Service Desk to have the device removed. You may need to undergo additional ID proofing steps to re-enroll in MFA.

Top

I am going to be traveling abroad. How can I use MFA to authenticate?

When traveling internationally or when disconnected from a wireless network, you may be unable to authenticate your identity using the Send A Push option. So it is recommended that you use the Duo Mobile App to generate a passcode. Here are the steps to use the Duo App to generate the passcode:
  1. At the multi-factor authentication window on your computer, click Enter Passcode.
  2. Go to the Duo Mobile App on your mobile device.
  3. Tap the Key icon for the University of Maryland College Park.
  4. A six-digit numeric code will be generated. Enter this code in the Enter Passcode field on the multi-factor authentication window on your computer.

Alternatively, a hardware token can be used to generate a passcode when traveling internationally or when disconnected from the internet.

Top

What if I have trouble authenticating?

Top

Get support

 Contact the Service Desk for assistance if you continue to encounter problems.

Top