Together Till the End Set Duo Everytime Continue

Multi-Factor Authentication

Protect your information with MFA. Here's the Why, When, and How.

The rise in cyber security attacks (e.g., phishing, ransomware) has created a need to further protect USD resources. An ID and a password are no longer enough to battle these crimes. By using modern Multi Factor Authentication technology (Duo), we can better determine that you are who you say you are, and are not a hacker with a stolen password. This technology has become the standard in most companies/universities and is now required by cyber security insurance providers.

How Does Multi-Factor Authentication Work?

Once you have enrolled in MFA, when you attempt to access any of the university's critical applications, you will be prompted to enter your username and password as usual (the first "factor"). You will then be taken to the Duo's MFA screen where you will select the device of your choice and the preferred method of verification — push notification, a phone call, or a passcode — you will use to verify that it's you (the second "factor" or multi-factor).

Who and What is Covered by MFA?

All active USD employees and students are required to use MFA (Duo).

• How do I set up MFA for the first time?
  • Have the following devices on, ready and connected to the internet: a computer as well as a mobile device or tablet.
    • If you do not have a computer. You can complete these steps on your mobile device and the last step there is a link to send the activation code to your email.  Which would need to be opened on your mobile device to finish activation.
    • One device will be used to access the enrollment website, and the other will be the registered authenticating device. It can either be a phone or tablet.
    • If you do not have a mobile device, continue with the instructions below but use Landline as your type of device. For employees, the landline can also be your Zoom Phone number.
  • On the device used to complete the enrollment, open an internet browser and go to duoenrollment.sandiego.edu
  • Log in with USDOne credentials
  • Select "Start Setup

  

  • Select the type of device you are going to be using. If you are going to use your zoom phone, select landline.

  

  • After selecting mobile device and clicking continue. Select the Country of Cellular Carrier. Enter your 10 digit mobile number. Check the box to confirm the number was entered correctly. Click Continue.

  

  • Select the model of your Cellular device. Android covers a wide range of phones i.e Samsung, LG, Motorola, and Google. Click Continue.

  

  • Install the Duo Mobile App on your mobile Device. Once installed, open the Duo Mobile App on your mobile device and click "I have Duo Mobile installed" from the duoenrollment.sandiego.edu page.

  

  • Open Duo Mobile on your phone and press the "+" button. Then scan the barcode on the screen by directing the camera of your mobile device towards the barcode. After scanning the QR code you have successfully Setup your Duo MFA.
  • Note: If you did not have a second device such as a computer or tablet click on "Email me an activation link instead". Open the email on your mobile device, and complete the following steps below.

  

  • Enter your email address and click Send Email

  

  • Open Email with subject "Duo Mobile Activation" from sender "Duo Security" (no-reply@duosecurity.com) and click on the link in your email. Link will open your Duo mobile App on your phone to finish registration.

  

• How do I add a new device or manage an existing one?

  Manage your Devices or create new devices.

  • Navigate to duoenrollment.sandiego.edu
  • Login With your USDOne credentials.
  • Use desired Multi-Factor Authentication
  • Make sure you save after any changes

  

  • To add a new device, Click "Add another device"

  

  • To Change the name of an existing device or re activate Duo Mobile Click Device Options

  

  • If you have multiple devices you can change which device will be your default device in the "Default Device" Drop down menu.

  

  • To change your preferred login method select from the options in the "When I log in" Drop down menu.

  

• What happens if I lose or change my device?

  Changing devices with Duo is not a problem

  If you changed or upgraded your device but it still has the same phone number, you can navigate to duoenrollment.sandiego.edu and use "Call Me" as your second form of Authentication. Here you can reactivate Duo Mobile, Add a device, or change device settings.

  If you lose your device, or if your device is not able to receive Duo notifications, please contact the ITS Help Desk - the Help Desk team can assist you.

  • Navigate to duoenrollment.sandiego.edu
  • Login With your USDOne credentials.
  • Select Call Me

  

  • A blue bar will appear at the bottom of your screen saying it's calling you.

  

  • Once you answer press 3 to continue.

  

  • Select Device Options next to your phone number.

  

  • Click reactivate Duo Mobile

  

  • Click Call me or Text me

  

  • Enter the 6 digit code and click verify

  

  • Click Continue

  

  • Select the type of device you are going to be using. If you are going to use your zoom phone select landline.

  

  • After selecting mobile device and clicking continue. Select the Country of Cellular Carrier. Enter your 10 digit mobile number. Check the box to confirm the number was entered correctly. Click Continue

  

  • Select the model of your Cellular device. Android covers a wide range of phones i.e Samsung, LG, Motorola, and Google. Click Continue

  

  • Install the Duo Mobile App on your Cellular Device. Once installed, open the Duo Mobile App on your cellular device and click "I have Duo Mobile installed"

  

  • Open Duo Mobile on your phone and press the "+" button. Then scan the barcode on the screen by directing the camera of your mobile device towards the barcode. After scanning the QR code you have successfully Setup your Duo MFA.

  • (Optional) If you did not have a second device such as a computer or tablet click on "Email me an activation link instead". Open the email on your mobile device.

  

  • Enter your email address and click Send Email

  

  • Open Email labeled Duo Mobile Activation from sender Duo Security (no-reply@duosecurity.com) and click on the link in your email. Link will open your Duo mobile App on your phone to finish registration.

  

• How long will my authentication last?

  Browser-based applications such as MySanDiego portal, Workday, Blackboard, Torero Mail, and Salesforce will have an option to remember you for 7 days. This applies only to the device and browser you used to log in with. If you login with Chrome and try to use Firefox you will be prompted to use MFA again (each can be remembered for 7 days). Access via VPN will continue to require MFA every time you use it.

  (Note: Make sure to check "Remeber me for 7 Days)

  

• What is Two-Factor Authentication (MFA)?

  Two-factor authentication (MFA) seeks to decrease the likelihood that others can access your personal data. Specifically, it enhances the security of your password by using your phone, tablet or other device to verify your identity when you attempt to access USD's network and Critical Applications from anywhere on or off-campus.

  It takes two items to access and update your information: "something you know" (like your password) and "something you have" (like your phone). For example, when you visit an ATM, one authentication factor is the ATM card you use to start the transaction - that's the "something you have." Next, you enter a PIN, which is the "something you know." Without both of these factors, your authentication will fail.

• Why Do I Need to Use MFA?

  Passwords are becoming increasingly easy to compromise. They can be stolen (phished or hacked) and guessed. New Phishing techniques combined with the limited pool of passwords most people use for multiple accounts means your digital information is increasingly vulnerable. You might not even know who else has your password and is accessing your accounts.

  In addition, experience has shown that people are not as good at recognizing malicious (Phishing) email as you might think. Annually, numerous members of the USD community fall prey to these kinds of scams. We have to take steps to ensure that we are more than just a single click away from having our paycheck stolen or becoming a victim of identity theft.

  Multi-Factor Authentication adds a second layer of security to your USDOne account to make sure that your digital information stays safe, even if someone else knows your password. This second factor of authentication is separate and independent from the USDOne password — MFA never uses or even sees your password.

• Am I required to use Multi-factor authentication?

  You are required to use Duo multi factor authentication when logging into many of the USD systems including, but not limited to: MySanDiego portal, Blackboard, Salesforce, Workday, Torero Mail, and VPN.

• How long does it take to enroll/register a device for MFA?

  5 to 10 minutes.

• How many devices can I add?

  There is no limit on the number of devices that can be added. We recommend that all users add at least two devices, such as a mobile device and a landline/Zoom phone.

• Do I need to have a mobile device to use MFA?

  No, you can use a smartphone, cell phone, landline (such as your office or home phone), or tablet. A complete and up-to-date list of authentication methods is available on the MFA website. We recommend that users who have a smartphone choose to use them, since they are the easiest to use with MFA.

• What if I forget my mobile device at home?

  We encourage users to set up multiple authentication devices with MFA, so that when one method is unavailable, you have others from which to choose. For example, you could set up your mobile device for "push" and also your office phone and home phone to do callback.

• What happens if I lose my phone?

  Contact the ITS Help Desk immediately if you lose your phone or suspect that it's been stolen. The support specialist will disable it for MFA and help you log in using a one-time bypass code. While it's important that you contact the Help Desk if you lose your phone, remember that your password will still protect your account.

• What happens if I upgrade or replace my phone with the same number?

  Upgrade or Replaced Phone

  If you upgraded or replaced your phone but kept the same number, re-activating your Duo mobile is quick and easy.

  • Navigate to duoenrollment.sandiego.edu
  • Login With your USDOne credentials.
  • Select Call Me

  

  • A blue bar will appear at the bottom of your screen saying it's calling you.

  

  • Once you answer press 3 to continue.

  

  • Select Device Options next to your phone number.

  

  • Click reactivate Duo Mobile

  

  • Click Call me or Text me

  

  • Enter the 6 digit code and click verify

  

  • Click Continue

  

  • Select the type of device you are going to be using. If you are going to use your zoom phone select landline.

  

  • After selecting mobile device and clicking continue. Select the Country of Cellular Carrier. Enter your 10 digit mobile number. Check the box to confirm the number was entered correctly. Click Continue

  

  • Select the model of your Cellular device. Android covers a wide range of phones i.e Samsung, LG, Motorola, and Google. Click Continue

  

  • Install the Duo Mobile App on your Cellular Device. Once installed, open the Duo Mobile App on your cellular device and click "I have Duo Mobile installed"

  

  • Open Duo Mobile on your phone and press the "+" button. Then scan the barcode on the screen by directing the camera of your mobile device towards the barcode. After scanning the QR code you have successfully Setup your Duo MFA.

  • (Optional) If you did not have a second device such as a computer or tablet click on "Email me an activation link instead". Open the email on your mobile device.

  

  • Enter your email address and click Send Email

  

  • Open Email labeled Duo Mobile Activation from sender Duo Security (no-reply@duosecurity.com) and click on the link in your email. Link will open your Duo mobile App on your phone to finish registration.

  

• What if I don't have a data plan on my phone or cellular service?

  The Duo mobile device app provides options that work without a data plan, a texting plan or even a connection, if necessary. The Duo Mobile App can generate the required code without need of either a cell signal or data plan, and it can do so anywhere in the world. If you have a signal and data plan, the App makes two-factor authentication as easy as a pushing a single button, but if you don't, you can use the app to generate a six digit code and enter that instead.

  The Duo Mobile App can generate a passcode without a cellular or wireless connection. Alternately, you may use a landline phone if an Internet connection is unavailable.

• What is the user experience if you are using your phone or an iPad on a cellular network or on a non-USD Wi-Fi network and need to log in?

  You will be prompted to MFA as if you are on campus network. If the registered device is the same as the one being used to login, the Duo Mobile App will notify & prompt for confirmation and users can confirm access the usual way. Alternatively a secondary device can also be used to confirm the MFA.

• How would one log into a USD application or Torero Mail on an airplane equipped with Wi-Fi?

  What would the experience be in this situation using a laptop, iPad, or phone? This experience will be the same no matter what off campus location you are trying to log in from. You will be required to authenticate with MFA. In the case where a push or text is not working, your phone will function like a token while in airplane mode generating a passcode every 30 seconds.

• Can I use the Duo's Mobile App internationally?

  The MFA mobile device app is designed to work internationally. If you install the app, it can generate the required code without need of either a telephone signal or data plan, and it can do this anywhere in the world. If you have a signal and data plan, the app makes two-factor authentication as easy as a pushing a single button, but if you don't have one of those two things, you can use the app to generate a six digit code and enter that manually.

• Can the system handle international phone numbers?

  Yes, MFA can handle international phone numbers. If entering an international phone number, you can leave a space between country code, city code, and the phone number.

• Who is eligible to use DUO MFA?

  All active faculty, staff, and students are eligible to use Duo.

• Do I have to download the Duo App?

  No, you can use a landline (such as your office or home phone) but we recommend that users who have a mobile device choose to use the Duo App, since it is the easiest to use with MFA.

• Does DUO see my password?

  No, the university's identity system verifies your login and password internally as before and never sends it to Duo. Duo provides only the second factor—the "something you have." In fact, Duo knows just enough so it can do its job.

• What if I have questions or concerns about the requirement to use 2FA?

  If you have any questions or concerns about the requirements to use Duo, please contact the ITS Help Desk.

• Can I add multiple MFA Devices?

  Adding Additional MFA devices.

  • Navigate to duoenrollment.sandiego.edu
  • Login With your USDOne credentials.
  • Use desired Multi-Factor Authentication.
  • Make sure you save after any changes.

  

  • To add a new device, Click "+ Add another device"

  

• What Devices Can I Use?

  Duo's MFA lets you link multiple devices to your account, so you can use your mobile phone, a landline or a tablet, as your second factor.

  When you are doing your initial setup, you may add as many devices as you like (landline and/or
  mobile). Subsequently, when you are logging in you can choose which device the authentication request is sent to and which authentication method you would like (via Duo Mobile App, SMS text message, or phone call).

  

• I've selected to automatically send push notifications to my phone, but I need to authenticate using another device.

  If you have checked the box that allows you to send a push to your mobile phone, you will automatically receive push notifications every time you are required to use MFA.

  

  If you need to push the notification to another device, hit CANCEL at the bottom right of the screen. This will allow you to authenticate with another previously-registered device. If you no longer wish to receive automatic push notifications, uncheck the box next to "Automatically send a push". You can then Log In to your desired page or manage your devices.

• I've selected to automatically send push notifications to my phone, but I do not have that number anymore.

  If you have checked the box that allows you to send a push to your mobile phone, you will automatically receive push notifications every time you are required to use MFA. The rest of the DUO screen will then be blurred out (as shown below):

  

  If you have a new number and cannot receive the push notification sent to that phone, hit CANCEL at the bottom right of the screen. This will allow you to authenticate with another previously-registered device.

  

  From here, it is recommended that you register another device to ensure that you always have at least two devices to use for MFA Authentication.

lambewhers1967.blogspot.com

Source: https://www.sandiego.edu/its/security-and-privacy/two-factor-authentication.php

Share this post