Duo (MFA): FAQ

Introduction

ITS has partnered with Duo Security (www.duo.com) to implement Multifactor Authentication (MFA) for access to various Pace University’s applications and for other high value services as they become available. For quick reference, below are frequently asked questions regarding the Duo (MFA) service:

For quick reference, below are Frequently Asked Questions for Duo (MFA). Please select your topic below.

FAQ

What is Multifactor Authentication (MFA)?

MFA, also known as 2-Factor Authentication, adds a second verification step (or 2nd factor) by utilizing a mobile device in your possession, such as a cell phone or tablet, to complete authentication to a website or system.


For example, when you authenticate to the Pace VPN using Duo MFA, you will first enter your username and password (something you know).  Next, you will generate a separate passcode using the Duo MFA application that is on your phone or tablet (something you have).

back to top

Why is this occurring?

Implementing Duo MFA will allow us to better protect your Pace account from potential unauthorized intrusions by adding a 2nd step for verification, which uses a physical device in your possession.  This additional step will reduce system access vulnerabilities and help to strengthen our overall security.  Multifactor will also be required to authenticate to other high value Pace services as they become available.

back to top

What are the ways to verify your Identity using the Duo MFA?

Mobile Passcodes
Users will generate a six-digit passcode using the Duo mobile application (installed on their phone or tablet) that will be entered as part of authentication to access services protected by MFA.

Hardware tokens
In rare cases, users may be provisioned with a supported hardware token to generate a six-digit code.  A hardware token is only provisioned if a user does not have a smartphone, tablet, or if there is an extenuating circumstance.  Hardware token requests are reviewed by ITS on a case-by-case basis.  An initial hardware token may be provisioned without charge when approved.  However, bulk requests or replacement tokens will require a $20 fee for each device.  Upon separation, all tokens will need to be returned to the University.

Supported Devices

  • Smart phones (Android, iOS, and Windows)
  • Tablets (Android and iOS)
  • Hardware tokens (only provisioned if a user does not have a smart phone, tablet, or if there is an extenuating circumstance)

back to top

Can I enroll multiple devices?

Yes, you may enroll multiple devices. Enrolling multiple devices is strongly recommended for users that travel overseas before departing on their trip.

back to top

How to enroll another device?

Please use the instructions found on the following article to enroll additional devices: Duo (MFA): Manage Your Devices

back to top

How do I manage my device settings?

Please use the instructions found on the following article to enroll additional devices: Duo (MFA): Manage Your Devices

back to top

What if I am traveling overseas?

If you are traveling overseas, it is strongly recommended that you enroll more than one device for Duo MFA before you leave for your trip.  In addition, it is essential that you verify and test that all enrolled devices are working properly before you depart.  This will help to ensure that you will still be able to access critical services, such as the Pace University VPN, even if one of your devices is lost/stolen or isn’t working properly.

back to top

Do I need an Internet connection or cellular service in order to authenticate using Duo MFA?

No, generating a passcode using the Duo application for MFA on your phone or tablet does not require an Internet connection or cellular service.

back to top

What if I lose my phone or tablet?

Please contact the Pace ITS Helpdesk immediately. The ITS Helpdesk will validate your identity and then remove your device from being able to being used to complete multifactor authentication with your account.

back to top

What do I do if I get an invalid passcode error when using a passcode that was generated using the Duo MFA application?

The passcode generated using the Duo mobile application is only valid for a short period of time after it is generated (before becoming invalid).  Please make sure to generate a new code by clicking the refresh icon and try again.  It is important to note that the passcode generated by the Duo mobile application should immediately be entered into the appropriate login prompt to reduce the chances of an invalid passcode error.

back to top

What do I do if I continue to get an invalid passcode error when using a passcode that was generated using the Duo MFA application?

If you have a second device enrolled, please use this device to generate a new passcode and try again.  If you still continue to have problems, please contact the ITS Helpdesk.

back to top