Multi-Factor Authentication

What is Multi-Factor Authentication (MFA)?

Multi-Factor authentication strengthens the login process by requiring:

Something you know: your netID and password
 

Something you have: usually a mobile device, but can also be a land line phone or hardware token
 

Opt-In/Opt-Out

Why is MFA needed?

MFA protects against phishing, password stealing malware, and password brute-force attacks and secures your netID logins from attackers exploiting weak or stolen credentials. Initially, MFA will be required for all users who directly access sensitive data using their netID login. However, we strongly recommend that everyone configure their logins to use MFA.

How do I get started?

Enrolling is easy. Simply click the “Opt In” button at the top of this page and login with your current netID and password. Then click the “Opt in my netID account” button to begin the process. Upon your next netID login attempt, you’ll be presented with the enrollment options for DUO. We strongly recommend that you choose the free DUO Mobile App as your primary second factor, which requires that you download that app from your app store. Registering two or more devices is also recommended.

Authentication Options

Once you’ve enrolled, there are a few different options for using DUO.

Push Notification

After installing the DUO app on your device, you can select "Send Me a Push” when trying to authenticate. Once a notification is sent, you will see a green checkmark and a red X in your DUO mobile app. Tap the green checkmark to gain access to your account. We recommend this option, as this is the easiest way to use DUO.

Phone Call

When trying to authenticate, you can also select “Call me”. DUO will then call you on a landline or mobile phone, and you can press a key for access.

Passcode

A passcode can be generated on the Duo Mobile application by pressing the ‘key’ symbol next to ‘University of Montana’ inside the Duo Mobile application. You should then be shown a set of numbers which can be used to sign in at the Duo authentication prompt. You can generate a passcode with the Duo Mobile application even if your phone is not connected to the internet and generating a passcode with the app doesn’t utilize any data or minutes on your cell phone plan.

Remember Me

If you are using a personal computer or mobile device that only you use, check “Remember me for 7 days”. This will ensure that you only have to use DUO on that device and browser once per week.

Frequently Asked Questions

  1. I lost or forgot my multi-factor device.  Now what?
  2. Why does Duo Mobile ask for permission to use my camera?
  3. Can more than one person enroll the same landline?
  4. What should I do if I receive a request to sign in with Duo that I did not initiate?
  5. My browser doesn't remember me. Now what?
  6. Should I enroll more than one device?

I lost or forgot my multi-factor device.  Now what?

If you have an additional device enrolled, use it to login. Otherwise, call the UM IT Help Desk at (406) 243-4357 to receive a temporary passcode and to receive assistance in enrolling another device after verbally verifying your identity.

Why does Duo Mobile ask for permission to use my camera?

Duo Mobile only needs permission to use your camera when you set up your smartphone or tablet. It only uses your camera to scan the Quick Response (QR) code used for activation. After activation, Duo Mobile doesn’t access your camera. You can remove this permission and Duo Mobile will work fine.

Can more than one person enroll the same landline?

Yes, more than one person can set up and use the same landline. 

What should I do if I receive a request to sign in with Duo that I did not initiate?

Do NOT approve Duo Mobile push notifications or Duo phone calls that you didn’t initiate yourself. They may be fraudulent, unauthorized attempts to sign in as you. Only approve MFA requests you initiate yourself, knowingly and intentionally. If you believe someone is trying to use your account, please report it immediately by sending an e-mail to infosec@umontana.edu.

My browser doesn't remember me. Now what?

The "Remember Me" functionality requires persistent cookies in your browser. If your browser is not remembering that you checked the "Remember Me" box, then check the cookie settings of your browser. Chrome's "incognito" setting, Firefox's "private window", and Internet Explorer's/Edge's "InPrivate" settings will affect this behavior and the "Remember Me" feature will not work. Duo Help offers an article with more information on how to configure your browser to accept cookies from DUO.

Should I enroll more than one device?

To avoid being locked out of your account, UM IT recommends adding a second phone number in case your primary device is lost or stolen. To add a new device, select "My Settings and Devices" on the DUO login screen, then "Add a New Device." You don't need more than one device to use DUO, but it is best practice to do so.

Was this helpful?
0 reviews

Details

Article ID: 60628
Created
Fri 8/17/18 11:07 AM
Modified
Mon 10/18/21 3:05 PM