Multi-Factor Authentication

Why 2-Step Authentication?

Your password alone is not enough to keep identity thieves from getting into your account.

You could be at risk of having your password stolen if you:

• Click the links in email messages
• Download software online
• Infrequently change your password
• Use the same password for multiple accounts

If an identity thief steals your UCD username and password, they can:

• Delete your contacts and files
• Lurk in your email account to get information about your work
• Use your account to get to your personal accounts (bank, credit card, etc.)
• Impersonate you to gain access to your contacts’ accounts

FAQs

The Duo Prompt Has a New Web Address

The Universal Prompt will appear on Duo’s website, duosecurity.com, rather than a ucd.ie website, as the Traditional Prompt did. 

This difference does not change the safety of using the Duo authentication prompt—Duo’s site is as secure as the Duo Traditional Prompt's UCD’s-based page.

If you receive an unexpected DUO authentication request, it is possible that your Connect IT account password has been compromised. If you did not initiate a login attempt, we recommend the following steps.

1. Firstly, Deny the authentication request.
2. If the authentication request was not you, change your UCD Connect password straight away by selecting the password option on the UCD Connect webpage. Please ensure your password is unique and strong.
3. Report the incident to the UCD IT Helpdesk on 01 716 2700. Please provide the date and time of the unsolicited request. 

Please remember to always verify DUO MFA login requests by checking the date, time and location of the request and only approve requests you initiate yourself.

Do I need a smartphone or special data plan to use multi-factor authentication?

No. Having a smartphone makes for an easier and more secure experience with Duo. However users can also use a hardware token to authenticate.

What is the Duo Mobile App?

Duo Mobile is a mobile application (app) that you install on your smartphone or tablet to generate passcodes for login or receive push notifications for easy, one-tap authentication on your mobile device. It works with Duo security’s multi-factor authentication service to make your logins more secure.

What is the recommended multi-factor authentication method?

If you have a smartphone or tablet, we recommend Duo Push, as it is quick, easy-to-use, and secure. See an introduction to Duo security and a demonstration of Duo Push in this short video: (opens in a new window)https://www.youtube.com/watch?v=_T_sJXnSM98

How much data does a Duo Push request use?

Duo Push authentication requests require a minimal amount of data -- less than 2KB per authentication. For example, it would only consume 1 megabyte (MB) of data if you were to authenticate 500 times in a given month. 

Why does the Duo Mobile App need to access my camera?

Duo Mobile only accesses your camera when scanning a QR code during activation. 

Why have I stopped receiving push notifications from Duo Mobile?

There are several reasons this could be happening. Please try the following to troubleshoot:

- Make sure your enrolled device has a mobile network or Wi-Fi connection.

- Have the Duo Mobile App open when you authenticate.

Try these additional push troubleshooting steps:

iPhone: (opens in a new window)https://help.duo.com/s/article/2051

Android: (opens in a new window)https://help.duo.com/s/article/2050

If the above solutions don’t work, try using another authentication method, such as passcodes provided in the Duo Mobile App.

How can I authenticate if I am somewhere with no mobile signal or Wi-Fi access?

See this Duo knowledge base article for information on authenticating without mobile or internet service: (opens in a new window)https://help.duo.com/s/article/4449

Can Duo see my password?

No. Your password is only verified by UCD and never sent to Duo. Duo only provides the second factor, using your enrolled device to verify it’s actually you who is logging in.

Does using Duo give up control of my device?

No. The Duo Mobile App has no access to change settings or remotely wipe your device. The visibility Duo Mobile requires is to verify the security of your device, such as OS version, device encryption status, screen lock, etc. This is used to help recommend security improvements to your device. You are always in control of whether or not you take action on these recommendations.

Duo Mobile has no more access or visibility into your phone than any other app. Duo Mobile cannot read your emails or track your location, it cannot see your browser history, and it requires your permission to send you notifications. 

Does "remember me" defeat the purpose of multi-factor authentication?

No. Even if an attacker knew your username and password, they would still have to access the same physical device and use the same browser to take advantage of "remember me." The probability of this is so low that it makes “remember me” a safe and convenient addition.

Even though I check the "remember me" box, I still get challenged for 2-step authentication when I log in?

The remembered device feature works by setting cookies on your browser. That means "remember me" only works on the exact device and same browser in which you checked the box -- you have to remember all browsers on all devices that you use to not get prompted for 2-step authentication.

You can also check your browser settings to see if it's blocking cookies. You can set an exception in your browser's security settings to allow third-party cookies from Duo Security.

Duo's cookies are only used to remember a device. The cookies and associated data are never used for advertising or marketing purposes.

Use the following formats to add exceptions for Duo-served cookies:

Internet Explorer: *.duosecurity.com

Firefox https://duosecurity.com

Chrome: [*.]duosecurity.com

Note: Safari does not allow third-party exceptions.

I don’t have access to anything that would interest anyone. Do I still need to use Duo? 

Yes. You likely have access to more than you think, including information that can be of great value to attackers. If your account is compromised, it creates the opportunity to spread attacks elsewhere at UCD.

For instance, your email account could be used to spread phishing attacks to your contact list. Shared files to which you have access could be infected, so that other users who access those files could have their accounts compromised. Your account could be used to log into various University systems.

Doesn’t using Duo attract attackers, since having it suggests we possess something of value? 

No. Higher Education Institutions are known to be a target for cyber criminals, particularly universities where a significant amount of research is done. Universities house a great deal of sensitive data of value to cyber criminals and, by their nature, have an open-access, decentralised environment.

If I use Duo, will “big brother” be watching me? 

No. UCD's intent is to provide a safe and secure online environment.

Is there a cost associated when requesting a Hardware Token as my second factor device?

Requesting a MFA Hardware Token will incur a cost of €35 per token

What is a Hardware Token?

A hardware token is an electronic device that generates one-time passwords for logging into a computer system. A hardware token provides an extra layer of security called multi-factor authentication.

How to use the Hardware Token?

To authenticate using a hardware token, click the “Enter a Passcode” button. Press the button on your hardware token to generate a new passcode, type it into the space provided, and click “Log In” (or type the generated passcode in the Second Password field). Using the “Device:” drop-down menu to select your token is not necessary before entering the passcode.

My hardware token was lost or stolen. What do I do?  

Please contact the UCD IT Helpdesk immediately in order for the hardware token to be disabled.

Who should have a Duo MFA token?

No one is required to have a Duo MFA token, and most people will not want (or need) a token. Only in special cases (e.g. where no other option can be used for MFA) should a token be used. (Note: using a smart device, phone (mobile and/or landline) are the preferred verification methods. Also please note a Hardware Token is a consumable item with a time limited battery life of between 2 to 4 years.

I’m leaving the University. Do I have to return my Duo MFA token?

Yes. If you are leaving the University, you should return your Duo MFA token to your department for re-distribution and re-use.

I do not own a smartphone or smart device. What are my options?

Users are required to choose one second factor authentication method from the following options:

Duo Mobile App on a Smart Device (IOS, Android or Windows) or a hardware token.

My mobile number is not an Irish number. Does this matter?

You can use the Duo Mobile App on any smartphone or smart device. When registering your device, you can select your country of choice from the drop-down list.

I am unable to download the Duo Mobile App on my Apple/Android device. What can I do?

In the case of Android Devices, the Duo Mobile App can only be downloaded on devices running Android 11 or greater.

For Apple devices (iPhone, iPad, iWatch etc.) the Duo Mobile App can only be downloaded on devices running IOS 15.0 or greater.

Does Duo Mobile work in China?

Duo Mobile does work in China.

Most of the following issues are related to enrollment, if you've already enrolled and travelled to China The Duo Mobile App will work. But there are some considerations you should be aware of, more information can be seen on the Duo Support site here:

Duo MFA in China - (opens in a new window)https://help.duo.com/s/article/2094?language=en_US

MFA Enrolment for Android Users when in China
Android Users should note that the Google Play Store is not available in China, and SMS messages containing links will be blocked. This can make enrollment when in China a challenge and prevent Android users from being able to download the Duo Mobile application. However, you can download the Duo Mobile APK directly here: (opens in a new window)http://dl.duosecurity.com/DuoMobile-latest.apk 

MFA Enrolment for iOS Users when in China
There are no commonly known issues associated with using Duo Mobile and iOS in China.

Where can I get a copy of the Webinar presentation?

Download a PDF version of the presentation here.

The following videos were used during the presentation:

1) What is Two-Factor Authentication? (2FA)
(opens in a new window)https://www.youtube.com/watch?v=0mvCeNsTa1g&feature=youtu.be 

2) Getting Started with Duo Security
(opens in a new window)https://www.youtube.com/watch?v=HDU35vn0SS0&feature=youtu.be 

3) Authenticate with Duo Push on iPhone - Duo Security
(opens in a new window)https://www.youtube.com/watch?v=rv12VryxlcE&feature=youtu.be

I am already using DUO Mobile App from another institution.Can I use this also with my UCD account?

As you already have the Duo Mobile app installed and you are using it to access your account from another institution,you will see two accounts in the App after you enroll your device on your enrolment day for your UCD account.
One from your current institution and the other from UCD which would work independent of each other .
This would not interfere with a Push from UCD or vice versa when you use a Push from your current institution.