Frequently Asked Questions about Multi-Factor Authentication
What is Multi-factor authentication?
Multi-Factor Authentication (MFA) is a way of ensuring that only you are able to access your accounts on specific applications. Today, when you log in to campus applications, you provide your username and your password. Multi-Factor Authentication requires you to provide an additional “factor” to prove that it really is you accessing your account. That additional “factor” may be a number that you receive via a text message, a number that appears on a mobile app, or even through a phone call.
Many of you already use some form of Multi-Factor Authentication when logging into your personal banking accounts or when logging into your social networking accounts such as Facebook, Twitter, or even Gmail.
Why are we moving to MFA?
Many banks, online services, universities, and colleges across the world are now moving to Multi-Factor Authentication for enhanced security. We’re moving to Multi-Factor Authentication because it will better protect both your and RIT’s information.
How will MFA make RIT more secure?
At most universities and in the corporate world, the most common way of compromising accounts is through phishing. With Multi-Factor Authentication, even if someone surrenders his or her password in a phishing attack, the attacker will not be able to login to any RIT applications that use Multi-Factor Authentication.
How will RIT provide MFA?
RIT has purchased a Multi-Factor Authentication service provided by Duo, a security solutions provider.
That factor can be provided from the Duo service in a number of ways, the preferred method being via a smartphone app, although there’s also the capability to use text messages to a mobile phone or a phone call to your desk phone.
When specific RIT applications are converted to Multi-Factor Authentication, you’ll be required to provide an additional “factor” to log in to that application.
What support will ITS provide?
The ITS Service Desk (585-475-HELP) or email@example.com will be your point of contact for any problems or questions about MFA and Duo.
Mobile Device FAQ
What if I forget my phone or if the battery dies?
If you have set up Offline Codes in advance, you can use those to log in if your phone is unavailable. If you have not already set up offline codes and your phone is unavailable, please visit the ITS Service Desk in person, and we can issue you bypass codes that will allow you to use MFA until you have access to your phone again.
Will the mobile application use my data plan?
If your mobile device is connected to wifi (on campus or elsewhere), the Duo Security app will not use data from your phone plan. When not connected to wifi, Duo does use a small amount of data to send push notifications. In internal RIT tests, under daily use, Duo used approximately 100Kb of data - less than the size of a typical digital photo.
Is there a charge to have it text/call my phone?
Standard text (SMS) message rates apply, for those who do not have a mobile plan with unlimited texts. Similarly, it will use minutes from your cellular plan (if applicable) to have Duo call you for verification.
Do I have to allow the Duo app to send push notifications?
For the best experience, we do recommend allowing the Duo app to send push notifications on your smartphone. Without push notifications, you would need to open the Duo app in advance of your login attempt in order to confirm your login. With notifications on, you can approve valid login attempts by simply tapping the notification on your device.
What do I do if I get a new mobile phone?
You will need to deactivate your old device in Duo, and then enroll the new one. See this page for additional instructions.
I already have a YubiKey, can I use that for mult-factor at RIT?
YubiKeys (or other U2F security keys) are allowed, though ITS does not provide assistance with them. For general information, visit Duo's guide to U2F keys.
Do I need to do anything special if I am traveling?
This will depend on how you currently have Duo set up. If you have the Duo app configured on your smartphone, you will only need to have the phone. If you do not have internet data, you will press on the arrow to the right of your account in the application, and select "Use a passcode" on the authentication page. Once you have put in that code, you will be authenticated through. If you do not have the application set up, we would recommend doing so. If you rely on calling your cell phone, you will need to be able to receive calls where you are traveling. If you do not have a mobile device configured at all and are unable to configure one, you will need to have your department purchase you a Duo token to bring with you.