Knowledge Article View - IT Service Desk

How does multi-factor authentication work?

Multi-factor authentication (MFA) uses two levels of security to verify your identity:

Level 1: something you know (that is, your username, passphrase, answer to a security question).
Level 2: something you have (that is, your phone, tablet, hardware token).

At the University of Maryland (UMD), your Directory ID and passphrase serve as the first level of security. UMD uses Duo to provide the second level of security through your choice of various supported authentication methods.

This second level of security will require you to verify your identity through the Duo authentication prompt, which can be used to generate a push request to the Duo Mobile app. You should receive a push notification on your mobile device when you generate a Duo push request.

You can also enter a passcode generated from a Multi-Factor Authentication Hardware Token to complete the authentication process.

Top

How do I manage my settings?

Manage your MFA settings and devices at the Multi-Factor Authentication Profile site.

Top

How do I authenticate?

You can choose an authentication method based on the devices you have enrolled in.

There are four different methods you can use for multi-factor authentication with Duo:

Mobile: Push a login request or send a passcode to a mobile device.
Hardware Token: Enter a passcode generated by a hardware token.
Callback: Authenticate via phone callback.
Bypass Codes: Enter a pre-generated bypass code.

After logging in to a service, you'll be prompted to verify your identity with a MFA method like call back or passcode.
Top

Push a login request to a mobile device

Pushing a login request to your phone or tablet is the recommended method for authenticating. After selecting Send Me a Push, you will receive a push notification on your mobile device, prompting you to approve or deny your login request. Select Approve to complete MFA and log in. For more information, see Self-Enroll in Duo Multi-Factor Authentication with Your Mobile Device.

A push notification triggers an approval request on your device.

Enter a passcode using a mobile device

The Duo Mobile app allows you to generate a passcode that can be used to perform a second level of authentication. To enter a passcode from your Duo Mobile App, follow the steps listed below:

Open Duo Mobile on your mobile device.
Tap the key next your account to generate a passcode for that account
Enter this passcode into the Passcode field when prompted by the Duo authentication prompt.

You may have more than one Duo account. Tapping the key icon generates the passcode beneath it.

Enter a passcode using a hardware token

A hardware token is a small key fob device that is used to generate passcodes at the press of a button.

NOTE: Hardware tokens must be registered before use.

As with all MFA methods, Tokens can be registered on their own or in addition to other MFA methods. To authenticate using a hardware token, follow these steps:

Push the button on your hardware token to generate a passcode.
Enter this passcode into the Passcode field when prompted by the Duo authentication prompt.

A photo of a Duo hardware token with passcode numbers displayed.

Use a bypass code

In the event that a secondary device such as a phone or hardware token is unavailable, you can use Multi-Factor Authentication Bypass Codes to complete the authentication process. Bypass codes are pre-generated and expire 180 days.

NOTE: Prior to obtaining bypass codes, you will need to enroll in MFA and register a mobile or landline phone number. The number will not be used for authentication and is for record-keeping purposes only. To learn more, view the steps in First Time Enrollment in Multi-factor Authentication.

You can obtain bypass codes by:

Generating and printing them from Multi-Factor Authentication Profile webpage.
Visiting the Terrapin Technology store in McKeldin Library.
Visiting an ID notary in your department.

Use Call Me option

If you have added a Phone Number as an authentication method, Call Me will be offered as a possible authentication method. For more information, see How to Complete Multi-factor Authentication Using the Call Me Option.

Top

What device is best for me?

Use the table below to help select the MFA device that works best for you.
Device	Authentication methods	Advantages and disadvantages
Smartphone, Tablet	Push a login request to a mobile device. Enter a passcode using a mobile device. Receive a call using the Call Me option.	Supports send a push, the recommended authentication method. If there is no network connection to receive a push, you can still generate a passcode. Can complete all authentication methods. Duo Mobile App is free. Works on Android, iOS and Windows devices.
Cell Phone, Landline	Call Me	You can use your office or mobile phone to complete an authentication.
	Enter a Passcode	Push the button to generate a passcode that can be entered on your computer. No apps to install. Hardware tokens must be purchased and registered before use.
	Enter a Passcode	You can print pre-generated bypass codes from your MFA Profile. No mobile devices or hardware tokens are required. Bypass codes will expired. Limits on the number of bypass codes you can generate at a time.

Top

Get support

Contact the Service Desk for assistance with multi-factor authentication.

For more information on Duo, visit the Duo Guide to Two-Factor Authentication.

Top

Authenticate With Multi-Factor Authentication (MFA)

In this article