Multi-Factor Authentication

 

What is Multi-Factor Authentication (MFA)?

Duo MFA uses a second factor (like a mobile device, landline, or hardware token) to verify our identity when logging in to UM resources. This adds an additional layer of security to our accounts and helps prevent bad actors from gaining access to them. This includes logging in via UM’s Single Sign-on (SSO), VPN, and some Microsoft Office 365 applications. MultiFactor authentication strengthens the login process by requiring:

Something you know: your NetID and password
 

Something you have: usually a mobile device, but can also be a land line phone or hardware token

 

Note: When searching for "Duo Mobile" in a mobile app store, be cautious as the top result might not be the legitimate Duo Mobile app, always verify the developer as "Duo Security" or "Cisco Systems"

You can navigate to the app store and download Duo Mobile app via the preferred link below.

Android (Google Play) or iPhone (Apple App Store)

Why is MFA needed?

In recent years, UM has experienced a substantial increase in compromised NetIDs and passwords. This can give cybercriminals the ability to access UM systems and data as well as personal information. MFA helps protect against phishing and other attacks and secures your netID logins from attackers exploiting weak or stolen credentials.

The primary problem is email phishing, which has become increasingly common and sophisticated. While MFA can help mitigate these attacks, it is important we know how to spot phishing and stay vigilant. UM has also detected several direct attacks on financial administrators, where their objective is redirect UM funds.

Report all suspected phishing - visit the "How do I report spam and phishing messages" page for more details.

 

How do I get started?

Enrolling is easy. Simply click the “Opt In” button below and log in with your current NetID and password. Then click the “Opt in my NetID account” button to begin the process. Upon your next NetID login attempt, you’ll be presented with the enrollment options for Duo. We strongly recommend that you choose the free Duo Mobile App as your primary second factor, which requires that you download that app from your app store. Registering two or more devices is also recommended.

After going through the "Opt In" process, close your browser, reopen it, and log into Cyberbear. This will ensure that you get the proper prompts to set up your MFA account. This can also be done by opening an incognito window on your browser before logging into Cyberbear. 

Opt-In

Authentication Options

Once you’ve enrolled, there are a few different options for using Duo. Duo will automatically prompt for the most secure form of authentication.

Change Authentication Option

 

Duo Push

To send your mobile device a push authentication, select "Duo Push."

Phone Call

When trying to authenticate, you can also select “Call me.” Duo will then call you on a landline or mobile phone, and you can press a key for access.

 

Passcode

A passcode can be generated on the Duo Mobile application by pressing the ‘key’ symbol next to ‘University of Montana’ inside the Duo Mobile application. You should then be shown a set of numbers which can be used to sign in at the Duo authentication prompt. You can generate a passcode with the Duo Mobile application even if your phone is not connected to the internet; generating a passcode with the app doesn’t utilize any data or minutes on your cell phone plan.

Hardware Token Code

If you choose to authenticate with a hardware token, you will be prompted to enter a passcode from the token. Press a button on the hardware token itself, enter the passcode into the Duo authentication prompt, then click 'Verify.' You will then be asked about the status of your device - whether it is your device or used by other people.

Frequently Asked Questions

  1. I lost or forgot my multi-factor device.  Now what?
  2. Why does Duo Mobile ask for permission to use my camera?
  3. Can more than one person enroll the same landline?
  4. What should I do if I receive a request to sign in with Duo that I did not initiate?
  5. My browser doesn't remember me. Now what?
  6. Should I enroll more than one device?

I lost or forgot my multi-factor device.  Now what?

If you have an additional device enrolled, use it to login. Otherwise, call the UM IT Help Desk at (406) 243-4357 to receive a temporary passcode and to receive assistance in enrolling another device after verbally verifying your identity.

Why does Duo Mobile ask for permission to use my camera?

Duo Mobile only needs permission to use your camera when you set up your smartphone or tablet. It only uses your camera to scan the Quick Response (QR) code used for activation. After activation, Duo Mobile doesn’t access your camera. You can remove this permission and Duo Mobile will work fine.

Can more than one person enroll the same landline?

Yes, more than one person can set up and use the same landline. 

What should I do if I receive a request to sign in with Duo that I did not initiate?

Do NOT approve Duo Mobile push notifications or Duo phone calls that you didn’t initiate yourself. They may be fraudulent, unauthorized attempts to sign in as you. Only approve MFA requests you initiate yourself, knowingly and intentionally. If you believe someone is trying to use your account, please report it immediately by sending an e-mail to infosec@umontana.edu.

My browser doesn't remember me. Now what?

The "Remember Me" functionality requires persistent cookies in your browser. If your browser is not remembering that you checked the "Remember Me" box, then check the cookie settings of your browser. Chrome's "incognito" setting, Firefox's "private window," and Internet Explorer's/Edge's "InPrivate" settings will affect this behavior and the "Remember Me" feature will not work. Duo Help offers an article with more information on how to configure your browser to accept cookies from Duo.

Should I enroll more than one device?

To avoid being locked out of your account, UM IT recommends adding a second phone number in case your primary device is lost or stolen. To add a new device, select "My Settings and Devices" on the Duo login screen, then "Add a New Device." You don't need more than one device to use Duo, but it is best practice to do so.

Was this helpful?
28% helpful - 58 reviews