IT Knowledge BaseDuo Multifactor AuthenticationMultifactor Authentication and Duo Security

Multifactor Authentication and Duo Security

Owned by Lucas Tetrault
Last updated: Nov 22, 2023 by Lucas Tetrault



Multifactor Authentication

Multifactor authentication (MFA) is the process of using two or more factors of authentication to grant access. This is sometimes called two-factor authentication (2FA) or 2-step verification. MFA is the most effective method for stopping unauthorized account access today. When combined, multiple factors of authentication provide a high level of confidence that the identity (user) is who they claim to be. 

The factors of authentication are broken down into three categories, with examples of each:

Something you know

Something you have

Something you are

  1. Password or passphrase

  2. Personal identification number (PIN)

  3. Security questions

  1. Trusted mobile device or computer

  2. Security key

  3. Identification badge

  4. Hardware token or code generator

  1. Fingerprint

  2. Face

  3. Retina

Important security reminders

  • Never approve a multifactor authentication request you did not initiate.

  • Always confirm you are at a UNW login page before entering a password or completing MFA.

  • If you suspect your account is compromised or is repeatedly requesting codes/approval: decline the requests and contact IT immediately.

  • Declining or not responding to 10 requests in a row will lock the Duo account to prevent any misuse until IT can resolve the incident.

  • UNW IT will never ask for your account password nor any MFA approval/code.

Duo Security

Northwestern licenses Duo Security for MFA to help safeguard employee accounts from unauthorized use.

How does it work? 

Enrolled employees provide two or more verification factors to gain access to protected applications when signing in from outside of Northwestern networks.   

  1. Enter UNW email address and password (first factor).

  2. Use one of the Duo options to provide the second factor via your mobile device.

What does it look like?

You can check out the Azure Single Sign-on Experience page for examples of using Duo MFA.

Why do I need This?

Multifactor authentication through Duo is required of Northwestern for compliance purposes.
Passwords are increasingly easy to compromise. They can often be stolen, guessed, or hacked — you might not even know someone is accessing your account. With Duo, you'll be alerted right away (on your phone) if any unauthorized access is attempted using your UNW credentials. This second factor of authentication is separate and independent from your username and password — Duo never sees your password

What are my options?

There are multiple options for Duo MFA available to the UNW staff and faculty. Duo also lets you link multiple devices to your account, so you can use your mobile phone and a security key for example. If you have used one of the methods since enrolling but would like to switch to a more convenient way to use Duo, you can adjust your preferences using the Duo self-service portal the next time you login.
UNW IT recommends using the Duo Mobile app methods for the most convenient and secure way to use Duo MFA.

 

No mobile phone?

You can use a hardware security key, an iOS or Android tablet, or a landline telephone.

 

Example Duo Push

 

Example Duo Passcode

 

Not sure which option is best for you?
Contact the IT Service Desk!

Walk-Up Service:

Monday-Thursday: 7:45am - 7:30pm

Friday: 7:45am-5:00pm

Saturday-Sunday: Closed

Located in the Riley Hall lower level.

Phone, Email, or Ticket:

Available 24/7 at 651-631-5699

servicedesk@unwsp.edu

Submit a ticket