Multi-Factor Authentication FAQs

Body

Overview

The following article details frequently asked questions regarding multi-factor authentication (MFA) and how it is used at the University of Alaska (UA). 

In this article:

 

Multi-Factor Authentication - General

  • Who is eligible to enroll in MFA, and why should I use it?
    UA students and UA employees (including student employees) are currently able to opt-in for MFA.  MFA helps to protect your account (and by extension the University) from the risk of account compromise and data breach. As you’re no doubt aware, phishing attacks resulting in account compromise are happening with increasing frequency. By ensuring that network logins at UA require something you know (your password) and something you have (your MFA device), we can dramatically reduce the risk of an unauthorized entity accessing your account and the information you have access to.
     
  • What applications, websites, and services use MFA?
    The list of MFA-supported applications and services is growing, but popular applications and services include UAOnline, Google Workspace @ UA, Microsoft 365 @ UA, OU Campus, and UA Zoom. Most services accessible via single-sign-on (SSO) also support MFA.
     
  • How many devices should I enroll, and what kinds of devices can I use for MFA?
    We recommend you enroll at least two devices and that one of those is a cellular phone (or another device that you take with you wherever you go). You can use a smartphone (requires app install), regular cellphone, work/home telephone, security token, or security key (popular options include YubiKey, Google/Titan Security Key, or most any FIDO U2F or FIDO2-compatible keys).
     
  • I chose "Remember Me for XX Days" but I'm getting prompted for MFA earlier than that - why?
    More than likely, you’re using a different computer or different web browser (or both). “Remember Me” remembers the device and web browser you used. For example, if you use Microsoft Edge to access UAOnline and choose “Remember Me”, but then use Google Chrome or Mozilla Firefox to access your UA email, you’ll be prompted a second time.
     
  • I don't have access to my registered device - how do I log in?
    Please contact the UAA Technical Support Center for a temporary bypass code.
     
  • I don't like installing apps on my smartphone - is there another way to MFA?
    Sure - you can use your smartphone as a "dumbphone" - MFA can initiate a voice call to your cell phone. Or skip the cell phone entirely and call you at home or work.  If those options won’t work, please contact the UAA Technical Support Center for assistance.
     
  • How long will MFA remain active on my account?
    MFA will remain active based on your status at the university. For students, MFA will expire three semesters (one year) after the last day of the last semester of attendance. Year-old student accounts are expired semesterly. For staff, faculty, and other employee-sponsored accounts, MFA will expire when leaving the university or is locked by department request.
     
  • I am no longer an employee. Why is MFA still active on my account?
    It is likely that your previous department did not set an official end date for your employment. Please contact your previous department, and they will coordinate with UA HR to officially terminate your employment. Once resolved, our system will automatically remove MFA from your account.
     

Multi-Factor Authentication (Duo)

  • How do I know the app is legitimate? How about a phone call?
    When installing apps on your smartphone, it's a very good idea to only install them from the authorized app store (Duo Mobile in the Apple App Store for iOS version 12+; Duo Mobile in Google Play for Android version 8+). Phone calls will come from 907-455-2100 (you can call that number back to confirm that it's maintained by UA). If in doubt, contact the UAA Technical Support Center for assistance.
     
  • What if I'm getting an MFA prompt (Duo Push or phone call) but I didn't try to log in?
    Please DO NOT approve any unexpected Duo request. If you don't recognize it and didn't initiate it, please report it as fraudulent (follow voice prompt instructions or tap "Deny" in the app). Reporting suspicious MFA attempts will allow UA Information Security to promptly investigate any potential issues.
     
  • What's the fastest/easiest method of Duo multi-factor authentication?
    It depends. For most people, the "Duo Push" to their smartphone is the fastest and most convenient method of MFA. For others, phone calls to a landline can be faster or easier. We encourage you to enroll multiple devices and try various options to see what you prefer.
     
  • What can you see on my phone if I install the Duo app?
    We don't have access to your phone. The only information available to UA Duo administrators is some demographic information - make (brand), model, telephone number, and version of the Duo Mobile app installed.
     
  • I have poor or inconsistent cellular service - can I use the Duo App?
    The Duo Mobile app will work with a Wi-Fi connection if a cellular connection isn’t available. If you have no data connection at all, you can still use the app - just open Duo Mobile, find the relevant MFA-protected application (“Duo-Protected University of Alaska”), tap it to expand the entry, and show a one-time code you can enter at the MFA prompt.
     
  • I used to get Duo Push notifications but they've stopped - how do I fix this?
    First, check to see if the notification is appearing in the app; open the “Duo Mobile” app on your smartphone and look for a green bar at the top indicating that you have requests pending. If you don’t see the green bar, please contact the UAA Technical Support Center for assistance.
     
  • I already use the Duo App for other services, such as Facebook and Instagram - can I still use Duo for the University of Alaska?
    Yes, Duo authentication can be used for multiple services.
     
  • I get an error on my phone. Account Error Something unexpected happened. Please contact your helpdesk. NSURLErrorDomain -999/-1200
    These error messages indicate that the device cannot establish a connection to Duo's cloud service. If your device is on Wi-Fi, disconnect and see if the issue continues while on your cellular connection (if available). If the issue is not resolved, restart your device. If the issue continues, please contact the UAA Technical Support Center for assistance.
     
  • Can I use Duo on an airplane?
    Yes, Duo will authenticate on an airplane using the passcode option from the Duo app or hardware token. For additional information, please see the Duo Support article How is Duo Mobile able to generate a valid passcode when the device is in airplane mode?
     
  • Will my test be flagged by Honorlock if I use my MFA device while logging into Blackboard?
    No. Using a phone for MFA on Blackboard before an exam won’t cause issues. If an exam video gets flagged in Honorlock, the instructor will review it for academic integrity violations, not leading to an automatic fail. Instructors can contact UAA Faculty Development and Instructional Support for support with Honorlock or academic integrity concerns. Students should consult their instructors about Honorlock exam rules to ensure compliance.
     

Need additional help or have issues

For support, requests may be submitted anytime using the Questions or Assistance with Multi-Factor Authentication form. Requests generate a Ticket which will be worked in order received and urgency by UAA Employees with the knowledge and permissions to assist with the request.

For additional assistance contact the IT Services Technical Support Center via phone at (907) 786-4646, toll-free at (877) 633-3888, text "Support" to (844) 705-0262, or email us at uaa.techsupport@alaska.edu.

Details

Details

Article ID: 541
Created
Tue 5/25/21 7:09 PM
Modified
Fri 7/26/24 1:08 PM

Related Articles

Related Services / Offerings

Related Services / Offerings (1)

A security system that requires users to prove their identity using more than one factor of authentication to access accounts. It's designed to improve account security and prevent fraudulent account access, improving the basic level of security achieved with just one factor of authentication, usually a password.