- What Is Two-Factor Authentication?
Two-factor authentication strengthens access security by requiring two methods to verify your identity. These methods can include something you know - like a username and password, plus something you have - like a smartphone app to approve authentication requests.
- Why is UF using Two-Factor Authentication?
Two-Factor Authentication helps fight against phishing, social engineering and password brute-force attacks and helps to secure your logins from attackers exploiting weak or stolen credentials.
Due to the number of attempted account compromises UF is increasing account security by augmenting the thing you “know” (your username and password) with a Two-Factor Authentication platform called Duo, allowing you to use a mobile phone app and more, to protect your personal data and institutional systems.
- Who is expected/eligible to use Two-Factor Authentication?
Most Faculty, Staff, and Affiliates will use Two-Factor Authentication to access University resources. Eventually, Students will be included in the use of Two-Factor. All compromised accounts eligible for Two-Factor must enroll. Such accounts not responding to requests to enroll will be forced.
UF Affiliations expected/eligible to use Two-Factor Authentication (GatorLink accounts only):
F’ FACULTY 192 Faculty 221 Consultant Faculty ‘T’ STAFF 193 USPS 195 TEAMS 220 Consultant Staff ‘E’ EMPLOYEE 194 OPS 197 Courtesy Faculty 200 Emeritus 204 Board of Trustee 205 UF Executive 209 SHANDS 213 DSO 217 Athletic Association 218 Foundation Employee 219 Clinical Faculty 236 Recent Employee ‘S’ STUDENT 191 Student 263 UF Online Student 216 Non-Reg Student 261 Non-Reg UF Online Student 224 Newly Admitted Applicant 260 Newly Admitted UF Online Applicant 253 Innovation Academy Student ‘M’ MEMBER 203 Departmental Associate 283 Retired Faculty
- How can I direct the VPN to use a different factor/device?
Once you are enrolled in Two-Factor, you will receive a push to your first push device if you simply enter your password. If you do not have a push-capable device a telephone call will be made to your first-listed phone number asking you to confirm the login.
If you need to specify an alternate method you may also use a passcode, or specify a different push device or phone number by using append-mode on your password.
How to use append mode:
Enter your password and the authentication method you want to use, separated with a comma. It will look something like this:password,authentication_method
In place of authentication_method:
Type... To... password,passcode Log in using a passcode, either generated with Duo Mobile, generated by your hardware token, or provided by an administrator.
Examples: "mypass123,123456" or "mypass123,1456789"
password,push Push a login request to your phone (if you have Duo Mobile installed and activated on your iOS, Android, or Windows Phone device). Just review the request and tap "Approve" to log in. password,phone Authenticate via phone callback.
You can also add a number to the end of these factor names if you have more than one device registered. For example, push2 will send a login request to your second phone, phone3 will call your third phone, etc.
- How do I enroll?
To enroll in Two-Factor Authentication use My Two-Factor self-service.
- Do I have to use a Mobile Phone for Two-Factor Authentication?
- Should I have more than one enrolled device?
Yes! It is strongly recommend you define more than one Two-Factor device in case you don't have your favorite device with you. Consider defining a smartphone belonging to a co-worker/friend or your desk phone as a backup device. You may define multiple devices. You should secure and protect your Two-Factor devices as you would your computer, tablet or other personal or University owned equipment in your care.
Technical and Troubleshooting
- How can I get the DUO Mobile app?
The app (DUO mobile) can be downloaded from the Google Play Store or the Apple Store for Android / iOS devices. If you have any questions, please call the help desk at (352) 392-HELP (4357) or firstname.lastname@example.org.
- What charges can I expect by using my Mobile phone?
Telephone calls sent to your phone do cost the University money and while it may only be a few cents, it all adds up. A Duo "push" to the Duo Mobile app on a smartphone uses a very small amount of data (less than 2,000 bytes). If you authenticated 16 times per day resulting in about 500 authentications per month you would use about 1 MB of data. The average data plan is about 1000 times greater than 1 month of Two-Factor push authentications.
Wireless Carrier/Network charges may apply for voice and data on your mobile phone.
- What if my phone/token is lost or stolen?
You can visit My Two-Factor and remove the lost token or phone from your account if you have a second registered device. You may also add new devices. If not, then you can contact a Help Desk via phone or in-person for possible assistance. Identity verification will be required. Management of devices is an individual's responsibility. See FAQ item for Backup of the Duo Mobile app.
- How do I Enable Backups of the Duo Mobile app?
Apple iOS devices
- Make sure you are running the latest version of the Duo Mobile App on your current iOS device.
- Back up your device to iCloud. Nightly iCloud backups will include Duo Restore information. Encrypted iTunes backups will also work. Note: Duo only stores non-sensitive account information on iCloud.
- Make sure you are running the latest version of the Duo Mobile App on your current Android device.
- Open the Duo Mobile App.
- Tap the overflow menu in the top right corner of the main accounts list.
- Tap Settings.
- Tap Duo Restore.
- Turn on Duo Restore.
- You will then be prompted to select a Google account to store your backup on. Note: Duo only stores non-sensitive account information on Google drive.
- What if I will be traveling abroad?
Please have a look at this guide about using Duo abroad: Duo Travel Guide
- Why am I not receiving Duo Push notifications?
Please verify that your device is connected to the internet. Your device will need to have a connection to a wireless or cellular network to receive push notifications. On UF Campus you are strongly encouraged to enable Wi-Fi by visiting https://getonline.ufl.edu using the browser on your smartphone.
If this is a new device with the same phone number, you will need to reactivate your device.
If you still are not receiving Duo Pushes you can contact a Help Desk or your local technical support for further assistance.
- I got a new phone or I reinstalled the Duo Mobile app, what do I do?
- Which iPhone and Android versions are supported?
See information about supported and unsupported smartphone platforms for Duo Mobile.
- Are there any accessibility options with Two-Factor Authentication?
Yes, please see the documentation on accessibility below.
- Who can I contact if I need help?
If you need any assistance or have any questions about Two-Factor Authentication or the Two-Factor Authentication project please contact us.