fb pixel

Multi-Factor Authentication (MFA) for Students

How To Documents

Videos

FAQs

How To Documents

Student MFA Info

Refer to the DUO Student's Guide to Two-Factor Authentication

OWA

How Multi-factor Authentication Works with Outlook Web Access

Smartphone / Tablet

Setup Duo Mobile on a Smartphone

Setup Duo for on a Tablet

Activate a New Phone or Add a Security Key / Phone Number / Duo Mobile for Smartphone or Tablet

SMS Text

Setup Duo on a cellphone for SMS (text message) only passcodes

Videos 

The following videos are available to assist you:

Welcome to Duo (for End Users)

Getting Started with Duo - Enrolling in Duo Mobile & using Duo Push

Two-Factor Authentication with Duo Push

Duo's Self-Service Portal: Skip to 2.26 minutes to view the User Experience with the Self-Service Portal

Other Duo Product Videos: The following videos are available:

  • Passwordless Authentication
  • Authenticate with Duo Mobile (Android)
  • Zero-Trust, Explained
  • Authenticate with Hardware Tokens
  • Introduction to Duo Help Desk Push
  • Duo Security Overview for Schools and Students
  • Authenticate with SMS
  • Authenticate with Apple Watch
  • Authenticate with Mobile Passcodes
  • Authenticate with U2F Tokens
  • Authenticate with Bypass Codes
  • Authenticate with Duo Mobile on iPhone
  • Duo for Apple Watch
  • Duo Push Demonstration

FAQs

What is Multi-Factor Authentication (MFA)?

Multi-Factor or Two-Factor Authentication (MFA or 2FA) adds a level of security by combining two or more methods of authentication when you log into an account, email and /or application. There are different applications that enable MFA or 2FA and The University of Winnipeg has selected Cisco DUO for UWinnipeg MFA. Initially, UWinnipeg will be implementing MFA on M365/email but more applications will be enabled in the coming months. When you log to your UWinnipeg M365 or email, you will be asked to verify your identity using a second factor (like your mobile device). This prevents others from accessing your email even if your password has been compromised.

What is 2FA?

Two-factor authentication adds an additional layer of authentication beyond a username and password. 2FA involves something you know (password) plus something you have with you (like Duo Mobile on your smartphone) to prevent someone from logging in with only your password. With Duo 2FA, you still enter your username and password. The second factor provided by Duo is simply an added layer of security on top of your existing credentials. We recommend using Duo Push via the Duo Mobile app to perform 2FA.

What is the Duo Universal Prompt?

The Duo universal prompt is an interactive prompt that lets you choose how to verify your identity each time you log in to a web-based application.

Single Sign On

When you select Other option a second screen will allow you to select a different verification method or you can select Manage devices at the bottom of the prompt to setup a new phone or other options that may be available. (Note: All options displayed may not be available.)

Universal prompt other options

 

What are Passcodes?

Passcodes are numeric codes that can be generated either via the Duo Mobile app, SMS (text message), or a hardware token, depending on what your IT administrator permits. Passcodes may be used at any time and are particularly handy for authenticating when your 2FA device doesn't have internet or cellular service.

What is a Push Notification (Duo Push)?

A push authentication request that is sent to the Duo Mobile App on an enrolled device. Push notifications include information like the geographical location of the access device, IP address of the access device, and the application being accessed so you can verify whether the push is real or fraudulent.

How does it work?

mfa-how-does-it-work.png

  1. Enter your username and password
  2. Use your phone / other method* to verify your identity
  3. You are securely logged in
Why is my password not good enough?

Passwords are no longer enough to secure accounts. They are increasingly easy to compromise. Weak, reused or easy to guess passwords put your accounts at risk. Enabling MFA on an account adds a layer of protection, even if your password is compromised a hacker will not be able to gain access to your account and you will be notified that someone is trying to log in.

Do I need a smartphone or data plan to use two-factor authentication?

No. Having a smartphone makes for an easier and more secure experience with Duo Push. However, it is also possible to enroll a non-smartphone mobile device to receive SMS passcodes.

What is Duo Mobile?

Duo Mobile is a mobile application (app) that you install on your smartphone or tablet to generate passcodes for login or receive push notifications for easy, one-tap authentication on your mobile device. It works with Duo Security’s two-factor authentication (2FA) service to make your logins more secure.

What is the recommended two-factor authentication method?

If you have a smartphone or tablet, we recommend Duo Push, as it is quick, easy-to-use, and secure. See an introduction to Duo Security and a demonstration of Duo Push in this short video: https://www.youtube.com/watch?v=_T_sJXnSM98

How much data does a Duo Push request use?

Duo Push authentication requests require a minimal amount of data -- less than 2KB per authentication. For example, you would only consume 1 megabyte (MB) of data if you were to authenticate 500 times in a given month.

What are the mobile device requirements for using DUO?

Android: The current version of Duo Mobile supports Android 8 and greater. (More Information)

iOS: The current version of Duo Mobile supports iOS 12.0 and greater. (More Information)

Apple Watch: requires Duo Mobile 3.8 or later. (More Information)

Can I have DUO on multiple devices?

Yes, DUO can be configured on several devices or multiple devices of the same type.

Where do I get the Duo Mobile App? I have a new device what do I do?

If you get a new cell phone, you will need to re-activate Duo Mobile. You may enroll your new device yourself using the device management portal. For instructions on how to enroll a new device, please refer to the How To Document “Activate a New Phone or Add a Security Key / Phone Number / Duo Mobile for Smartphone or Tablet

If you no longer have access to your cell phone that was registered, you will need to contact the Technology Service Desk (servicedesk@uwinnipeg.ca  or 204.786.9149) for assistance.

What happens if I lose my phone?

Lost or stolen cell phones should be reported to the Technology Service Desk (servicedesk@uwinnipeg.ca or 204.786.9149) as soon as they are noticed missing so that an update can be made to Duo.

Can I use Google Authenticator?

Duo Mobile App does not support OTP applications like Google Authenticator.

Where can I get more info on DUO?

To get more detailed help with DUO check out Duo Help Center.

Why have I stopped receiving push notifications from Duo Mobile?

There are several reasons this could be happening. Please try the following to troubleshoot:

  1. Make sure your enrolled device has a cellular network or WiFi connection.
  2. Have the Duo Mobile app open when you authenticate.
  3. Try these additional push troubleshooting steps:
    1. iPhone: https://help.duo.com/s/article/2051
    2. Android: https://help.duo.com/s/article/2050
  4. If the above solutions don’t work, try using another authentication method, such as passcodes provided in the Duo Mobile app.
How can I authenticate if I’m somewhere with no cell signal or WiFi access?

See this Duo Knowledge Base article for information on authenticating without cell or internet service: https://help.duo.com/s/article/4449

How can I manage the devices I use for Duo?

Learn more about managing your devices using the universal prompt here: https://guide.duo.com/manage-devices. 

  • Add or manage devices after enrollment
  • Add another device
  • Rename or remove a device
  • Reactivate Duo Mobile on an existing device
Can Duo see my password?

No. Your password is only verified by your organization and never sent to Duo. Duo provides only the second factor, using your enrolled device to verify it’s actually you who is logging in.

Does using Duo give up control of my smartphone?

No. The Duo Mobile app has no access to change settings or remotely wipe your phone. The visibility Duo Mobile requires is to verify the security of your device, such as OS version, device encryption status, screen lock, etc. We use this to help recommend security improvements to your device. You always are in control of whether or not you act on these recommendations.

Why is my Outlook client not showing a MFA (2FA) prompt when Microsoft 365 is protected by Duo?

Please refer to the Duo Information: https://help.duo.com/s/article/3814?language=en_US

How do I access my UWinnipeg mailbox (uwinnipeg.ca or webmail.uwinnipeg.ca)?

Go to https://outlook.office.com to access your email.

Where can I find Duo's privacy and security information

Please refer to Duo's  Privacy Data Sheet.

What should I do if I receive a push notification in Duo that I didn’t initiate?

Assume that someone is trying to illegally access your account. 

  • Choose "Deny" in the Duo app to block the request then call the Technology Service Desk at 204.786.9149 and report the attempted login!
I receive an Access denied error when I try to log into my webmail.uwinnipeg.ca email.

I receive the following error when I try to log in.

login error

Make sure that when logging into your student email at the Microsoft prompt that you type in username@webmail.uwinnipeg.ca.

Microsoft Sign in

And then again at the following prompt: username@webmail.uwinnipeg.ca

Single Sign-On