Cybersecurity Awareness Month: Multi-factor Authentication (MFA)

What is multi-factor authentication?

Multi-factor authentication adds a second layer of security to your online accounts. Verifying your identity using an additional factor (like your phone or other mobile device) prevents anyone but you from logging in, even if they know your password.

This additional factor of authentication is separate and independent from your username and password — Duo never sees your password.

How It Works

1. Enter username and password as usual

2. Use your phone to verify your identity

3. Securely log in

Why do I need this?

Passwords are surprisingly easy to compromise. They can often be stolen, guessed, or hacked — you might not even know someone is accessing your account. Multi-factor authentication helps keep your account secure even if your password is compromised. With Duo Push, you'll be alerted immediately (on your phone) if someone is trying to log in as you.

What services are supported by Duo?

Duo has apps for iOS and Android. Duo also allows you to authenticate using SMS passcodes sent to your cell phone, hardware tokens, or via a phone call (faculty/staff only). Duo is checked whenever you authenticate using WebAuth or myUMBC. This also applies to systems such as PeopleSoft and services such as Box, Microsoft Office, VPN, and Google Apps (Drive).  Those who are identified as having access to sensitive data are administratively enrolled in Duo.

What should you do if you receive a Duo push notification that you didn’t initiate?

If you receive a Duo push notification that you didn’t initiate, DO NOT APPROVE IT! Instead, mark it as fraudulent and change your password on a trusted machine.