Multi-factor authentication (MFA) is a multi-step login process deployed by the University to help ensure the security of university accounts. Multi-factor authentication is sometimes referred to as 2-Factor Authentication (2FA). Current students and staff are required to enroll their accounts in this system before they are allowed to access most University services.
How Multi-Factor Authentication Protects Your Account
Multi-factor authentication works by asking for an additional approval step after your account’s password is accepted when logging in to a University website or service. With MFA, you need “something you know” (NetID/password) along with “something you possess” (mobile device with Duo Mobile app, security key/hardware token). You will be prompted for approval using a device that you have. This means that even if your password is compromised, your account can be protected. This makes it much more difficult for attackers to compromise University accounts and systems using tactics such as phishing.
Why Do I Need to Use MFA?
MFA will protect both you and the university from unauthorized access to your personal data stored in the university's enterprise systems. MFA provides a second layer of security to your University account making it difficult for an unauthorized person to access your information. MFA provides better account protection than merely using a password. If your password is stolen or compromised, having MFA set up will require the thief to also have possession of your registered device in order to access your account. Merely having your pin and password is no longer enough to change your personal information.
What System is Used for MFA?
The University of Illinois has selected Duo, an industry leader in cybersecurity services, to provide Multi-factor Authentication or 2-factor authentication (2FA) services. It is a cloud-based service that will help secure your account and the University’s sensitive data.
How to Use Multi-Factor Authentication
When you log in to a university service protected by MFA, you will be shown a prompt asking for a second step (if you are already enrolled) or guiding you through the enrollment process (if you have not set it up yet).
You can also enroll at any time using the NetID Center website. Detailed instructions for doing so can be found in our article here: How do I enroll in 2FA? Please note that it is not possible to un-enroll your account once MFA is configured.
If your account is already enrolled, you can see (and change) the phone number you have registered and any other devices you have set up using the NetID Center website. More information about managing devices in the NetID Center can be found here: How do I manage my 2FA devices?
If you will be traveling internationally, or visiting a testing center, review this help article for guidance: How can I use 2FA without network access or while traveling internationally?
If you have trouble signing into your account using multi-factor authentication, see this help article: How can I troubleshoot 2FA problems?
Frequently Asked Questions
Is a smartphone required for MFA?
A smartphone is recommended but not required. A smartphone will provide the greatest level of security and convenience through the Duo Mobile app.
Do I need to use my personal device for MFA?
You are not required to have a mobile device to use MFA, but it is the most convenient option. Most individuals prefer to use the Duo Mobile app on their smartphones. Instead of a smartphone, you can register a tablet with the Duo Mobile app installed, or a security key. The recommended smartphone option makes MFA extremely easy and cost effective. A security key for MFA can be purchased. See this help article for more information on using security keys: What are 2FA Security Keys?
Can I use multiple devices with MFA?
Yes. We encourage you to register multiple devices in case you misplace or forget your primary device. Please note, your University phone number can't be used with MFA.
What if I lose or forget my MFA device, or can't access it?
Please see this help article: How do I generate and use 2FA temporary passcodes? These can be used if you forget your MFA device at home or have lost it. They can also be requested if you are going to a testing center and will not be able to take your MFA device with you. Temporary passcodes are good for 3 days, 100 uses, and you can request 24 per year.
NOTE: Temporary bypass codes are only to be used on an emergency basis.