FAQs

Multi-factor Authentication and Duo

UA employees (including student employees) are currently able to opt-in for MFA.  MFA helps to protect your account (and by extension the University) from the risk of account compromise and data breach.  As you’re no doubt aware, phishing attacks resulting in account compromise are happening with increasing frequency.  By ensuring that network logins at UA require something you know (your password) and something you have (your MFA device), we can dramatically reduce the risk of an unauthorized entity accessing your account and the information you have access to.

The list of MFA-supported applications and services is growing, but popular applications and services include UAOnline, GSuite (Google), Omni CMS, DocuSign, Cherwell, Amazon Web Services, RAVE, and remote access services.  Most services accessible via single-sign-on (SSO) also support MFA.

You can self-enroll by logging into ELMO at https://elmo.alaska.edu, selecting “Security Settings”, and then choosing the “Multi-Factor Authentication” option.  You may be prompted to enroll when you login to certain UA services.  Please follow the instructions available at https://alaska.edu/oit/services/mfa/add-device.php and https://alaska.edu/oit/services/mfa/manage-devices.php

We recommend you enroll at least two devices and that one of those is a cellular phone (or another device that you take with you wherever you go).  You can use a smartphone (requires app install), regular cellphone, work/home telephone, security token, or security key (popular options include YubiKey, Google/Titan Security Key, or most any FIDO U2F or FIDO2-compatible keys).

More than likely, you’re using a different computer or different web browser (or both).  “Remember Me” remembers the device and web browser you used.  For example, if you use Microsoft Edge to access UAOnline and choose “Remember Me”, but then use Google Chrome or Mozilla Firefox to access you UA email, you’ll be prompted a second time.

When installing apps on your smartphone, it's a very good idea to only install them from the authorized store ("App Store" on iOS/Apple; "Play Store" on Android).  Phone calls will come from 907-455-2100 (you can call that number back to confirm that it's maintained by UA).  If in doubt, contact the OIT Service Desk for assistance.

Please DO NOT approve any unexpected Duo request.  If you don't recognize it and didn't initiate it, please report it as fraudulent (follow voice prompt instructions or tap "Deny" in the app).  Reporting suspicious MFA attempts will allow UA Information Security to promptly investigate any potential issues.

It depends.  For most people, the "Duo Push" to their smartphone is the fastest and most convenient method of MFA.  For others, phone calls to a landline can be faster or easier.  We encourage you to enroll multiple devices and try various options to see what you prefer.

Sure - you can use your smartphone as a "dumbphone" - MFA can initiate a voice call to your cell phone.  Or skip the cellphone entirely and call you at home or work.  If those options won’t work, please contact the OIT Service Desk for assistance.

We don't have access to your phone - the only information we see is some demographic information - make (brand), model, telephone number, and version of the Duo Mobile app installed.

The Duo Mobile app will work with a Wi-Fi connection if a cellular connection isn’t available.  If you have no data connection at all, you can still use the app - just open Duo Mobile, find the relevant MFA-protected application (“Duo-Protected University of Alaska”), tap it to expand the entry and show a one-time code you can enter at the MFA prompt.

First, check to see if the notification is appearing in the app – open the “Duo Mobile” app on your smartphone and look for a green bar at the top indicating that you have requests pending.  If you don’t see the green bar, please contact the OIT Service Desk for assistance.