As part of our Digital Transformation initiative and in order to enhance UCD account security, IT Services are rolling out multi-factor authentication (MFA) using Duo.
MFA offers an extra layer of account security which requires you to verify your identity when you log in. As well as your username and password, MFA requires that you have an authentication device such as a mobile phone or tablet allowing you to respond with a tap or a code as you log in.
MFA has been enabled on staff accounts from a number of UCD Units already and will soon be rolled out to the wider UCD Community. MFA currently protects access to Google Workspace applications (Gmail, Google Drive, Google Calendar etc.), tableau, CoreESS and exams manager.
This website provides information on MFA, its benefits, FAQs and supporting documentation. If you require additional information or support, please contact the UCD IT Helpdesk: email@example.com.
Duo has been chosen as the multi-factor authentication (MFA) solution for UCD. The system will make it more difficult for hackers to access your UCD IT account. Even if someone has your password, they will need a “second factor” to gain access to your account. Check out this short video to learn more.
Passwords are increasingly easy to compromise. They can often be stolen, guessed, or hacked — you might not even know someone is accessing your account. Multi-factor authentication adds a second layer of security, keeping your account secure even if your password is compromised. With Duo Push, you will be alerted right away (on your phone) if someone is trying to log in as you.
This second factor of authentication is separate and independent from your username and password — Duo never sees your password.
MFA is an essential service to help safeguard access to critical systems or systems storing sensitive and research data. MFA provides stronger assurance that your information is only accessible to the intended people, and that UCD systems and services remain highly available.
Your password alone is not enough to keep identity thieves from getting into your account.
You could be at risk of having your password stolen if you:
If an identity thief steals your UCD username and password, they can:
Duo Mobile App FAQs:
IT Services recommends using the Duo mobile app as your second-factor authentication method. The app is available to download from the app store on your device.
Installing the Duo Mobile App does not mean you have to share your mobile number. You can register your smartphone as a tablet, and you will not be required to share your mobile number.
You will receive an automated email from Duo Security. The email will guide you through the enrolment process. Once you receive this email you must complete the enrolment process otherwise you will be required to do so during your next login.
A hardware token is a small device you carry that generates a 6-digit passcode that you type into the multi-factor prompt. It is a battery-powered item that can be attached to your keychain and is sometimes called a key fob. Pressing a button on the token generates the passcode. No connection to the Internet is required.
Most people will not want or need a token. A smart device will be the preferred verification device to complete authentication and securely access UCD systems.
Important information about hardware tokens:
At present as our IT Centre is currently closed due to Level 5 Restrictions (of the Plan for Living with COVID-19), we are unable to issue any hardware tokens until our IT Centre can reopen safely.
Callback and SMS Messaging:
Another option you can choose as your verification step is known as SMS message.
SMS works following a successful login with your username and password and when prompted to verify it is you, you’ll need to click on Text Me. Once you receive the text message (containing a 6 digit code) simply click on enter passcode and type in the code. And that’s it you logged in.
Another option you can choose as you second factor verification step is known as CALLBACK.
Callback works with a landline or a mobile phone. When choosing this method and following a successful login (username/password) you would select Call Me at the verification stage. Your phone will ring, you will need to answer it, listen to the recorded message and press the # on your phone keypad key to confirm the login is you. Please note the voice recording is Americanised and instructs users to press the pound key. We do not have a pound key on this side of the Atlantic, so it’s the # key for us. It’s also worth noting that the number that will be calling you will be (+353 1) 716 2700. Which is the number for the IT Services Helpdesk.
How to request a Hardware Token
In cases where no other second factor authentication method will work. A user can request a hardware token. A Hardware Token is a chargeable, consumable item with a cost per token of €35. Users must first request a Hardware Token using InfoHub. As a chargeable item your request must then be approved by your Head of School/Unit.
You will receive an email confirmation that the MFA Hardware token request has been submitted, the request is automatically sent to your Head of School/Unit. You will also receive an email confirming your Head of School/Unit decision
The following guide outlines the process involved here
Do I need a smartphone or special data plan to use multi-factor authentication?
No. Having a smartphone makes for an easier and more secure experience with Duo. However, it is also possible to enrol a non-smartphone mobile device or landline to receive SMS passcodes or phone calls.
What is the Duo Mobile App?
Duo Mobile is a mobile application (app) that you install on your smartphone or tablet to generate passcodes for login or receive push notifications for easy, one-tap authentication on your mobile device. It works with Duo security’s multi-factor authentication service to make your logins more secure.
What is the recommended multi-factor authentication method?
If you have a smartphone or tablet, we recommend Duo Push, as it is quick, easy-to-use, and secure. See an introduction to Duo security and a demonstration of Duo Push in this short video: https://www.youtube.com/watch?
How much data does a Duo Push request use?
Duo Push authentication requests require a minimal amount of data -- less than 2KB per authentication. For example, it would only consume 1 megabyte (MB) of data if you were to authenticate 500 times in a given month.
Why does the Duo Mobile App need to access my camera?
Duo Mobile only accesses your camera when scanning a QR code during activation.
Why have I stopped receiving push notifications from Duo Mobile?
There are several reasons this could be happening. Please try the following to troubleshoot:
- Make sure your enroled device has a mobile network or Wi-Fi connection.
- Have the Duo Mobile App open when you authenticate.
Try these additional push troubleshooting steps:
If the above solutions don’t work, try using another authentication method, such as passcodes provided in the Duo Mobile App.
How can I authenticate if I am somewhere with no mobile signal or Wi-Fi access?
See this Duo knowledge base article for information on authenticating without mobile or internet service: https://help.duo.com/s/article/4449
Can Duo see my password?
No. Your password is only verified by UCD and never sent to Duo. Duo only provides the second factor, using your enroled device to verify it’s actually you who is logging in.
Does using Duo give up control of my device?
No. The Duo Mobile App has no access to change settings or remotely wipe your device. The visibility Duo Mobile requires is to verify the security of your device, such as OS version, device encryption status, screen lock, etc. This is used to help recommend security improvements to your device. You are always in control of whether or not you take action on these recommendations.
Duo Mobile has no more access or visibility into your phone than any other app. Duo Mobile cannot read your emails or track your location, it cannot see your browser history, and it requires your permission to send you notifications.
Does "remember me" defeat the purpose of multi-factor authentication?
No. Even if an attacker knew your username and password, they would still have to access the same physical device and use the same browser to take advantage of "remember me." The probability of this is so low that it makes “remember me” a safe and convenient addition.
Even though I check the "remember me" box, I still get challenged for 2-step authentication when I log in?
The remembered device feature works by setting cookies on your browser. That means "remember me" only works on the exact device and same browser in which you checked the box -- you have to remember all browsers on all devices that you use to not get prompted for 2-step authentication.
You can also check your browser settings to see if it's blocking cookies. You can set an exception in your browser's security settings to allow third-party cookies from Duo Security.
Duo's cookies are only used to remember a device. The cookies and associated data are never used for advertising or marketing purposes.
Use the following formats to add exceptions for Duo-served cookies:
Internet Explorer: *.duosecurity.comfirefox https://duosecurity.com
Note: Safari does not allow third-party exceptions.
I don’t have access to anything that would interest anyone. Do I still need to use Duo?
Yes. You likely have access to more than you think, including information that can be of great value to attackers. If your account is compromised, it creates the opportunity to spread attacks elsewhere at UCD.
For instance, your email account could be used to spread phishing attacks to your contact list. Shared files to which you have access could be infected, so that other users who access those files could have their accounts compromised. Your account could be used to log into various University systems.
Doesn’t using Duo attract attackers, since having it suggests we possess something of value?
No. Higher Education Institutions are known to be a target for cyber criminals, particularly universities where a significant amount of research is done. Universities house a great deal of sensitive data of value to cyber criminals and, by their nature, have an open-access, decentralised environment.
If I use Duo, will “big brother” be watching me?
No. UCD's intent is to provide a safe and secure online environment.
Is there a cost associated when requesting a Hardware Token as my second factor device?
Requesting a MFA Hardware Token will incur a cost of €35 per token
What is a Hardware Token?
A hardware token is an electronic device that generates one-time passwords for logging into a computer system. A hardware token provides an extra layer of security called multi-factor authentication.
How to use the Hardware Token?
To authenticate using a hardware token, click the “Enter a Passcode” button. Press the button on your hardware token to generate a new passcode, type it into the space provided, and click “Log In” (or type the generated passcode in the Second Password field). Using the “Device:” drop-down menu to select your token is not necessary before entering the passcode.
My hardware token was lost or stolen. What do I do?
Please contact the UCD IT Helpdesk immediately in order for the hardware token to be disabled on 01 7162700 or alternatively at the following email address -firstname.lastname@example.org
Who should have a Duo MFA token?
No one is required to have a Duo MFA token, and most people will not want (or need) a token. Only in special cases (e.g. where no other option can be used for MFA) should a token be used. (Note: using a smart device, phone (mobile and/or landline) are the preferred verification methods. Also please note a Hardware Token is a consumable item with a time limited battery life of between 2 to 4 years.
I’m leaving the University. Do I have to return my Duo MFA token?
Yes. If you are leaving the University, you should return your Duo MFA token to your department for re-distribution and re-use.
I do not own a smartphone or smart device. What are my options?
Users will be required to choose one second factor authentication method from the following options:
Duo Mobile App on a Smart Device (IOS, Android or Windows), Call-back or SMS to a mobile phone, Call-back to a Landline or a hardware token. You can register your mobile device as a mobile to authenticate by using a “Phone Call” or by receiving a 7-digit passcode sent by “text message” options.
My mobile number is not an Irish number. Does this matter?
You can use the Duo Mobile App on any smartphone or smart device. When registering your device, you can select your country of choice from the drop-down list.
I am unable to download the Duo Mobile App on my Apple/Android device. What can I do?
In the case of Android Devices, the Duo Mobile App can only be downloaded on devices running Android 8 or greater.
For Apple devices (iPhone, iPad, iWatch etc.) the Duo Mobile App can only be downloaded on devices running IOS 12.0 or greater.
You can register your mobile device as a mobile to authenticate by using a “Phone Call” or by receiving a 7-digit passcode sent by “text message” options.
When I receive a phone call to authenticate, it states the pound key is to be pressed?
The pound key on our keypads is the # key
Does Duo Mobile work in China?
Duo Mobile does work in China.
Most of the following issues are related to enrollment, if you've already enrolled and travelled to China The Duo Mobile App will work. But there are some considerations you should be aware of, more information can be seen on the Duo Support site here:
Duo MFA in China - https://help.duo.com/s/article/2094?language=en_US
MFA Enrolment for Android Users when in China
Android Users should note that the Google Play Store is not available in China, and SMS messages containing links will be blocked. This can make enrollment when in China a challenge and prevent Android users from being able to download the Duo Mobile application. However, you can download the Duo Mobile APK directly here: http://dl.duosecurity.com/DuoMobile-latest.apk
MFA Enrolment for iOS Users when in China
There are no commonly known issues associated with using Duo Mobile and iOS in China.
Where can I get a copy of the Webinar presentation?
Download a PDF version of the presentation here.
The following videos were used during the presentation:
1) What is Two-Factor Authentication? (2FA)
2) Getting Started with Duo Security
3) Authenticate with Duo Push on iPhone - Duo Security
I am already using DUO Mobile App from another institution.Can I use this also with my UCD account?
As you already have the Duo Mobile app installed and you are using it to access your account from another institution,you will see two accounts in the App after you enroll your device on your enrolment day for your UCD account.
One from your current institution and the other from UCD which would work independent of each other .
This would not interfere with a Push from UCD or vice versa when you use a Push from your current institution.
Phase 1 Proof of Concept August 2019 September 2019 (Complete)
Phase 2 IT Services Staff Pilot November 2019 to March 2020 (Complete)
Phase 3 Extended Pilot outside IT Services - May 2020 to August 2020 (Complete)
Phase 4 Full Deployment beginning January 2021. Schedule below:
|College of Arts and Humanities||11/02/2021|
|College of Business||25/02/2021|
|College of Engineering and Architecture||11/03/2021|
|College of Health and Agricultural Sciences||25/03/2021|
|College of Sciences||08/04/2021|
|College of Sciences and Law||22/04/2021|