Authenticate With Multi-Factor Authentication (MFA)

In this article

How does multi-factor authentication work?

Multi-factor authentication (MFA) uses two levels of security to verify your identity:

At the University of Maryland (UMD), your Directory ID and passphrase serve as the first level of security. UMD uses Duo to provide the second level of security through your choice of various supported authentication methods.

This second level of security will require you to verify your identity through the Duo authentication prompt, which can be used to generate a push request to the Duo Mobile app. You should receive a push notification on your mobile device when you generate a Duo push request.

You can also enter a passcode generated from a Multi-Factor Authentication Hardware Token to complete the authentication process.


How do I manage my settings?

Manage your MFA settings and devices at the Multi-Factor Authentication Profile site.


How do I authenticate?

You can choose an authentication method based on the devices you have enrolled in.

View mobile methodsView hardware token methodCall back optionsUse bypass codes

There are four different methods you can use for multi-factor authentication with Duo:

After logging in to a service, you'll be prompted to verify your identity with a MFA method like call back or passcode.

Push a login request to a mobile device

Pushing a login request to your phone or tablet is the recommended method for authenticating. After selecting Send Me a Push, you will receive a push notification on your mobile device, prompting you to approve or deny your login request. Select Approve to complete MFA and log in. For more information, see Self-Enroll in Duo Multi-Factor Authentication with Your Mobile Device

A push notification triggers an approval request on your device.

Enter a passcode using a mobile device

The Duo Mobile app allows you to generate a passcode that can be used to perform a second level of authentication. To enter a passcode from your Duo Mobile App, follow the steps listed below:

  1. Open Duo Mobile on your mobile device.
  2. Tap the key next your account to generate a passcode for that account
  3. Enter this passcode into the Passcode field when prompted by the Duo authentication prompt.

You may have more than one Duo account. Tapping the key icon generates the passcode beneath it. 

Enter a passcode using a hardware token

hardware token is a small key fob device that is used to generate passcodes at the press of a button. 

NOTE: Hardware tokens must be registered before use.

As with all MFA methods, Tokens can be registered on their own or in addition to other MFA methods. To authenticate using a hardware token, follow these steps:

  1. Push the button on your hardware token to generate a passcode.
  2. Enter this passcode into the Passcode field when prompted by the Duo authentication prompt.

A photo of a Duo hardware token with passcode numbers displayed.

 Use a bypass code

In the event that a secondary device such as a phone or hardware token is unavailable, you can use Multi-Factor Authentication Bypass Codes to complete the authentication process. Bypass codes are pre-generated and expire 180 days.

NOTE: Prior to obtaining bypass codes, you will need to enroll in MFA and register a mobile or landline phone number. The number will not be used for authentication and is for record-keeping purposes only. To learn more, view the steps in First Time Enrollment in Multi-factor Authentication.

You can obtain bypass codes by:

Use Call Me option

If you have added a Phone Number as an authentication method, Call Me will be offered as a possible authentication method. For more information, see How to Complete Multi-factor Authentication Using the Call Me Option.


What device is best for me?

Use the table below to help select the MFA device that works best for you.

 Device  Authentication methods  Advantages and disadvantages
Click to see mobile methods

Smartphone, Tablet

  • Push a login request to a mobile device.
  • Enter a passcode using a mobile device.
  • Receive a call using the Call Me option.
  • Supports send a push, the recommended authentication method.
  • If there is no network connection to receive a push, you can still generate a passcode. 
  • Can complete all authentication methods.
  • Duo Mobile App is free.
  • Works on Android, iOS and Windows devices.
Click to see callback option

Cell Phone, Landline

  • Call Me
  •  You can use your office or mobile phone to complete an authentication.
Click to see hardware token option 
  • Enter a Passcode
  • Push the button to generate a passcode that can be entered on your computer.
  • No apps to install.
  • Hardware tokens must be purchased and registered before use.
  Click to see bypass code option
  • Enter a Passcode
  • You can print pre-generated bypass codes from your MFA Profile.
  • No mobile devices or hardware tokens are required.
  • Bypass codes will expired.
  • Limits on the number of bypass codes you can generate at a time.


Get support 

Contact the Service Desk for assistance with multi-factor authentication.

For more information on Duo, visit the Duo Guide to Two-Factor Authentication.


Lea este artículo en español.