Multi-Factor Authentication (MFA), Introduction

Multi-factor authentication (MFA) is a multi-step login process deployed by the University to help ensure the security of Illinois accounts. Multi-factor authentication is sometimes referred to as 2-Factor Authentication (2FA). Current students and staff are required to enroll their accounts in this system before they are allowed to access most University services.

How Multi-Factor Authentication Protects Your Account

Multi-factor authentication works by asking for an additional approval step after your account’s password is accepted when logging in to a University website or service. You will be prompted for approval using a device that you have. This means that even if your password is compromised, your account can be protected. This makes it much more difficult for attackers to compromise University accounts and systems using tactics such as phishing.

Users will see two MFA (Duo) prompts when logging in, depending on which login screen they reach (For Urbana campus users: Identity Management, Urbana Single Sign-On Pages).

  • (Urbana, Chicago, and Springfield applications) Duo Universal Prompt - when logging into Microsoft365 and Shibboleth (Canvas, Box, Zoom, Moodle, etc.) applications.
    • The NetID Center has been upgraded to use the Duo Universal Prompt
  • UI Verify (sometimes known as the AITS Duo iFrame) - when logging into some System-level (AITS) and uillinois.edu sites (HR Reporting, Direct Deposit, iBuy, etc.).

    Visual Difference
    Duo Universal Prompt AITS Duo iFrame
    Duo Universal Prompt AITS Duo iFrame

How to Use Multi-Factor Authentication

When you log in to a university service protected by MFA, you will be shown a prompt asking for a second step (if you are already enrolled) or guiding you through the enrollment process (if you have not set it up yet).

You can also enroll at any time using the NetID Center website. Detailed instructions for doing so can be found in our article here: Multi-Factor Authentication (MFA), Enrollment. Please note that it is not possible to un-enroll your account once MFA is configured.

If your account is already enrolled, you can see (and change) the phone number you have registered and any other devices you have set up using the NetID Center website. More information about managing devices in the NetID Center can be found here: Multi-Factor Authentication (MFA), Device Management.

If you have trouble signing into your account using multi-factor authentication, see this help article: Multi-Factor Authentication (MFA), Troubleshooting.

If the troubleshooting steps there are not helping, or if you have any other questions about multi-factor authentication, contact the Technology Services Help Desk by email at consult@illinois.edu or by phone at 217-244-7000 for further assistance.

Planning ahead (e.g. when traveling or going to a testing center)

If you will not have a cellular connection but can connect to Wi-Fi:

You can use the Duo Mobile app (available on iOS and Android) to receive push notifications when you have a Wi-Fi connection but no cell signal.

If your account is not set up for push notifications or if you have recently changed cell phones and are no longer able to get push notifications, please view the first couple sections in this article.

If you do not have a smartphone, you can get a temporary bypass code here. Additional information on requesting and using a temporary passcode can be found in this article. The bypass code will last for 3 days and can be used 100 times. You can request a temporary passcode a maximum of 24 times a year.

If you will have neither a cellular connection nor a Wi-Fi connection:

The Duo Mobile app can still allow you to access your account. Simply click on 'Other options' at the Duo prompt, then click on 'Duo Mobile passcode' on the next screen. Next, open the Duo Mobile app on your smartphone and tap to expand the entry for your University account. A six digit code will appear for you to enter at the prompt.

If you do not have a smartphone, you can use a temporary passcode as mentioned above.

If you will not have your cell phone with you:

If you will not have access to your cell phone at all, you can use the temporary passcode method previously mentioned.

In addition to these options, Yubikey security keys can be used for authentication and are not dependent on an internet connection.

Frequently Asked Questions

Is a smartphone required for MFA?

A smartphone is recommended but not required.  A smartphone will provide the greatest level of security and convenience through the Duo Mobile app.  As mentioned above, the Duo mobile app can generate a passcode for login (without a cellular connection) and receive push notifications for one-tap authentication. Any mobile phone will work, but will not include the advantages of the Duo Mobile app.

Do I need to use my personal mobile device for MFA?

You are not required to have a mobile device to use MFA, but it is the most convenient option. Most users prefer to use the Duo mobile app on their smartphones. Instead of a smartphone, you may register with a basic cell phone for text, a tablet with the Duo mobile app installed, or a token. The recommended smart phone option makes MFA extremely easy and cost effective. A token for MFA can be purchased through the WebStore by your unit. See this KB for more information on using hardware tokens: Multi-Factor Authentication (MFA), Hardware Tokens and Security Keys.

What if I lose my phone, or leave it at home? What if I don't have access to my MFA device?

Please see this help article: Multi-Factor Authentication (MFA), Troubleshooting. These can be used if you forget your MFA device at home or have lost it.  They can also be requested if you are going to a testing center and will not be able to take your MFA device with you.  Temporary passcodes are good for 3 days, 100 uses, and you can request 24 per year.

NOTE: Temporary bypass codes are only to be used on an emergency basis.

Can I use multiple devices with MFA?

Yes. We encourage you to register multiple devices in case you misplace or forget your primary device.  Please note, your University phone number can't be used with MFA.



Keywords:
2FA, 2-factor authentication, Two-factor authentication, Duo, Duo Security, Verify, UI Verify, enrollment, FAQ, Questions, Frequently, AITS, yubikey, NewHire, UI New Hire, lock, locked, lockout, denied, mfa, multi-factor authentication, multi, factor 
Doc ID:
65971
Owned by:
Identity and Access Management in University of Illinois Technology Services
Created:
2016-08-10
Updated:
2024-07-11
Sites:
University of Illinois System, University of Illinois Technology Services