Multi-Factor Authentication FAQPrint
What is multi-factor authentication?
Multi-factor authentication (MFA) requires you to verify your identity using one or more factors in addition to username+password, such as your phone or other mobile device. This process prevents anyone but you from logging in, even if they know your password. This video from Duo, the company chosen by W&L to implement MFA, helps illustrate how the process will work.
Why are we implementing this?
Multi-factor authentication will add an additional layer of security to the W&L login. Passwords are increasingly easy to compromise. They can often be stolen, guessed, or hacked - you might not even know someone is accessing your account. Multi-factor authentication keeps your account secure even if your password is compromised.
Higher education institutions and businesses are increasingly adopting multi-factor authentication as part of a broad strategy to protect institutional data and resources. W&L's strategy includes tools and processes, such as threat-detection software, that operate in the background. Others such as password-complexity requirements and MFA affect the way you access W&L resources.
What is the timeline for implementation?
Testing and opt-in
ITS will conduct internal tests to determine the best method for deploying MFA. Once this method has been tested and refined, members of the W&L community will be provided with instructions and invited to begin using MFA at their own pace. Following this "opt-in" period, deadlines will be announced for departments to initiate use of MFA.
Email, then other applications
W&L email will be the first application to be integrated with MFA. Other applications that use the W&L username and password will be added later. Throughout the deployment, ITS will seek to minimize disruption to W&L routines and workflows, while gradually introducing the security enhancements provided by multi-factor authentication.
We strongly recommend you choose your smartphone or tablet - these provide the best experience with Duo multi-factor authentication.
- Install the Duo Mobile app on your smartphone, smart watch or tablet. The app provides two options: push notifications or Mobile Passcode.
If you don't have a smartphone, these are other options you can choose for a second factor. It's also prudent to choose one of these options as a back-up, in case your preferred device is not available when prompted.
- USB security key. These may be purchased at the University Store or an online retailer
- Office (landline) phone. With this option, access is limited to your office.
The Information Desk (540-458-4357 or email@example.com) can provide assistance in choosing the best and lowest-cost option for you.
What do I need to do to prepare for Duo two-factor?
Duo works best when you use one of these methods to access email:
- Windows OS: Office 2016, 2019 or Office 365. ProPlus can be used to access email.
- Mac OS: Outlook 2016, 2019 for Mac, Office 365 (requires Mac OS 10.11 or above). Mac Mail requires OS 10.14 or higher
- iPhone and iPad: Outlook app (requires iOS 11 or above) or the iOS native mail app (only iOS 11 or above). ITS recommends using the Outlook App.
- Android OS (Samsung, Moto, Pixel and similar) : Outlook app (requires Android 6 or above) or the included mail app on Android 9 or above.
How do I get started (opt in)?
- Watch this 35 second video: https://guide.duo.com/enrollment
- Before you get started, choose which device(s) you'll use for your second factor
- Enroll yourself, and follow the other prompts
How can I minimize prompts for a second factor?
Typically, for Office365 email if you check the Duo box to "remember me" you will be prompted to log in every 14 days on your primary computer and web browser. Be sure to check the "Remember me for 14 days" box during the log in process.
Some circumstances may require you to log in more often, including: you clear your browsing history; you access certain websites; you use certain browser settings; you use more than one device and web browser.
What if I forget or lose my two-factor device?
- You can enroll multiple devices/options as a second factor, for example your primary second factor is your smart phone, and your secondary is your desk phone or a hardware key/token.
- To restore Duo Mobile on a new device or phone, visit: https://duoselfservice.wlu.edu
- Contact the Information Desk (540-458-4357) to request a temporary bypass code to log in. The Information Desk Can also assist you in enrolling a new device for MFA.
Why does Duo Mobile need access to my device camera?
Duo Mobile uses your device camera during enrollment to scan a QR code.
Why does Duo Mobile suggest to use Google Drive to back-up my account?
You do not have to configure Duo Mobile to backup it's settings to Google Drive. However, Duo Mobile allows users with a Google Drive account to back-up their Duo Mobile configuration for future recovery purposes should you replace your phone for any reason.