How does multi-factor authentication work?

Multi-factor authentication (MFA) uses two levels of security to verify your identity:

• Level 1: something you know (that is, your username, passphrase, answer to a security question).
• Level 2: something you have (that is, your phone, tablet, hardware token).

At the University of Maryland (UMD), your Directory ID and passphrase serve as the first level of security. UMD uses Duo to provide the second level of security through your choice of various supported authentication methods.

This second level of security will require you to verify your identity through the Duo authentication prompt. To get started, view the steps in the Set your default Multi-Factor Authentication Device article. Contact the Service Desk for assistance with multi-factor authentication.

Top

How do I manage my settings?

Manage your MFA settings and devices at the Set your default Multi-Factor Authentication Device site.

Top

How do I authenticate?

You can choose an authentication method based on the devices you have enrolled in.

NOTE: Information on authentication before the Universal Prompt update is covered in Duo Guide to Two-Factor Authentication.

• Duo Push.
• Duo Mobile Passcode.
• Fido2/Webauthn Security Key.
• Hardware Token Passcode.
  
  • Register a hardware token..
• Phone Call.
• Bypass Code.
  
  • Bypass codes are pre-generated and expire after 180 days.
  • You will need to enroll in MFA and register a mobile or landline phone number.
  • Generate them from the Multi-Factor Authentication Profile webpage, Terrapin Technology store or an ID notary in your department.

Top

What device is best for me?

Use the table below to help select the MFA device that works best for you.

Device	Authentication methods	Advantages and disadvantages
Smartphone, Tablet	Push a login request to a mobile device. Enter a passcode using a mobile device. Receive a call using the Call Me option.	Supports send a push, the recommended authentication method. If there is no network connection to receive a push, you can still generate a passcode.  Can complete all authentication methods. Duo Mobile App is free. Works on Android, iOS and Windows devices.
Cell Phone, Landline	Call Me	You can use your office or mobile phone to complete authentication.
Hardware token	Enter a Passcode	Push the button to generate a passcode that can be entered on your computer. No apps to install. Hardware tokens must be purchased and registered before use.
Bypass codes	Enter a Passcode	You can print pre-generated bypass codes from your MFA Profile. No mobile devices or hardware tokens are required. Bypass codes will be expired. Limits on the number of bypass codes you can generate at a time.

Contact the Service Desk if you have any questions.

Top