This site requires JavaScript to be enabled
Welcome Guest|
Recent searches
IE BUMPER

Multi-Factor Authentication (MFA) : FAQ

Number of views : 1
Article Number : KB0018242
Published on : 2020-09-08
Last modified : 2020-09-08 16:39:17
Knowledge Base : IT Public Self Help

Multi-Factor Authentication (MFA):
FAQ

What is Duo?

Why is the university using MFA?

How do I use MFA?

How do I choose an MFA device?

What do I do if my device is not available (e.g., lost cell phone)?

What if I don’t have a smartphone?

What if I don’t have Wi-Fi?

Can Duo remember me so that I don’t have to use it every time I sign on?

What university services will require MFA?

What should I know about MFA from abroad?

Lowest cost methods

Do the telephone callback and SMS options support international phone numbers?

Error: Access is not allowed because you are not enrolled.

My MFA account seems to have disappeared. What happened?

Additional Troubleshooting Articles

Additional Knowledge Articles

 

Back to MFA Knowledge Base

 

What is Duo?

Duo is a Multi-Factor Authentication (MFA) security product that provides an extra layer of protection when accessing online services.

To increase security at the university, MFA will now be required to access online services such as Canvas, Zoom, UT Box, the Qualtrics Survey Tool, and most other services that require you to sign on with your UT EID and EID password.

 

Why is the university using MFA?

MFA helps stop cyber-security attacks like phishing. Cyber-security attacks are on the rise with 20% more accounts being compromised in 2019 as compared to 2018. This is the third year in a row of growth in compromised accounts and forecasting predicts this growth will only continue. Compromised student and guest accounts have risen 51% since 2018. MFA makes a difference in reducing compromised accounts.  

Why Duo? Infographic

 

How do I use MFA?

When you sign on to a university web service with your UT EID and EID password, you will automatically be prompted to sign on using MFA, as well.

Before signing on, you will need to register at least one device with the MFA service. Options include:

  • Duo Mobile application for your smartphone or tablet
  • Text message (SMS)
  • Automated voice call to your phone
  • Touch ID 
  • A security key such as YubiKey 

Once you have successfully sign on, you may select the remember me option to reduce the number of times you need to sign on with MFA in the future.

Infographic illustrating device options.

 

How do I choose an MFA device?

All devices must be registered in advance of trying to sign on to a system.

To register your first device, please see the Getting Started support article.

To register additional devices, please see the Device Management article.

Important: We recommend that you also select a backup device in case your primary device becomes unavailable.

 

What do I do if my device is not available (e.g., lost cell phone)?

As a preventative measure, we recommend that you also select a backup device in case your primary device becomes unavailable.

If you have not selected a backup device or your backup device is also unavailable, please contact the UT Service Desk for help. 

 

What if I don’t have a smartphone?

The MFA service does not require a smartphone.

You can register a feature phone (i.e., a non-"smart" cell phone) or your land line to work with automated voice calls.

You can also register your feature phone for text messages (SMS).

There are also options such as Touch ID and security keys.

For additional assistance with selecting a device, please call the UT Service Desk.

 

What if I don’t have Wi-Fi?

The MFA service does not require Wi-Fi.

The Duo Mobile application for your smartphone or tablet can generate a passcode which may be used to sign on.

You can register a feature phone (i.e., a non-"smart" cell phone) or your land line to work with automated voice calls.

You can also register your feature phone for text messages (SMS).

There are also options such as Touch ID and security keys.

For additional assistance with selecting a device, please call the UT Service Desk.

 

Can Duo remember me so that I don’t have to use it every time I sign on?

Yes. If available, click the "remember me" option on the MFA Sign On screen to activate this feature.

For more information, see KB0018312: Can Duo remember me so that I don't have to use it every time I sign on?

 

What university services will require MFA?

MFA will now be required to sign on to most university services that require your UT EID and EID password to access.

MFA is being added to these services in an effort to stop cyber-attacks and phishing that compromised user accounts and university systems.

Some of the more prominent applications which will require MFA include Canvas, Zoom, Outlook 365, Workday, and many others.  

 

What should I know about MFA from abroad?

If you are traveling abroad you may not have access to your smartphone, or your smartphone may have limited connectivity or no connectivity whatsoever. You may use the options below to successfully authenticate even under those conditions.

Generate Passcodes with the Duo Mobile App

If you are in a scenario where your smartphone is unable to connect to the Internet, you may still use your smartphone’s Duo Mobile application for multi-factor authentication. In the Duo Mobile app, if you tap the down indicator next to the appropriate service, you will receive a one-time passcode.

While authenticating, when you are prompted to Choose an authentication method, select the Enter a Passcode option and follow the instructions, providing the passcode which you generated in the previous paragraph.

Detailed instructions can be found in Duo’s documentation:

Please also be aware of the Information Security Office's International Travel Guidelines.

 

Lowest cost methods

The university endeavors to ensure that all students, faculty, staff, and affiliates can select a two-factor authentication method which meets their needs.

 

Zero Cost Options

If you already own a smartphone, the Duo Mobile application can be installed on your device at no extra charge.

If needed, there are several free VoIP options (such as Google Voice) where you can sign up for a free phone number. You can then configure that number to receive a text message or a phone call. Note that not all providers may work correctly with this configuration.

If you already own a cell phone, you can configure it to receive a text message or a phone call.

 

Low Cost Options

You can purchase a security key at the Campus Computer Store (as of this writing, prices start at $30.25) or online.

If you purchase a security key, you will need to make sure that it supports WebAuthn/FIDO2.

The least expensive YubiKey that supports FIDO2 is the Security Key Series with a retail cost of $20.

Security keys may be available from retail stores or online vendors at lower prices.

 

Future Options

As additional MFA devices and methods become available, the university will continue to assess and enable them as appropriate.

 

Do the telephone callback and SMS options support international phone numbers?

Yes. Duo Security reports that their telephone callback and SMS options are supported in more than 100 countries.

 

 

Error: Access is not allowed because you are not enrolled.

If you have attempted to sign on to a web site which is protected by Multi-Factor Authentication (MFA) and you have not yet registered any devices, you may see the following error message:

Multi-Factor Authentication sign on page with the error, "We're sorry, access is not allowed because you are not enrolled. Please contact your organization's IT help desk for assistance."

This error indicates that you have not yet registered (enrolled) a device for Multi-Factor Authentication.

To register a device, click on the "Register/Manage Devices" link below the error.

For more information, see our Getting Started knowledge article.

 

My MFA account seems to have disappeared. What happened?

If you have not successfully authenticated in 180 days, the system will consider your account to be inactive. If this happens, your account will be automatically removed.

If this happens, you may simple re-create your account using the instructions on our Getting Started knowledge article.

If your account has been automatically removed and you were previously using a hardware token or using a YubiKey to generate One Time Passcodes (OTPs - a pseudo-randomly-generated sequence of numbers), please call or visit the UT Service Desk to have your device re-connected to your account.

 

Additional Troubleshooting Articles

From the University:

From our vendor:

Additional Knowledge Articles

 

Thank You! Your feedback has been submitted.

Feedback