Multi-Factor Authentication for Faculty and Staff

Security

Multi-Factor Authentication for Faculty and Staff

Fewer prompts, same protection

We’ve made a small change that will make a significant enhancement to your daily sign-ins, because logging in shouldn’t feel like a chore. Starting August 5, you can choose to remember trusted devices in Duo Mobile when accessing select U of A applications.

What this means for you:

fewer MFA prompts when signing in from your personal or work device
a more convenient login experience
the same strong level of security you can count on.

What’s new: remember your trusted device

As of August 5, you can enable the remember this device feature on devices you trust. This means:

fewer MFA prompts on devices you use regularly
a more seamless sign-in experience
the same strong protection behind every login

Protecting our community is a shared effort. MFA helps — now with fewer prompts and just as much peace of mind.

What is a trusted device?

A trusted device is:

One that is used only by you
A device that is physically secure (e.g., your work laptop, home desktop, or personal smartphone)
A device that you do not share with others.

A device should NOT be a trusted device if it is:

A public or shared computer, such as in a hotel, library, airport, internet cafe, or campus lab
Managed by a classroom or open-access kiosk, even if located at the university
Used by multiple people or is not password-protected.

Never enable the “remember” feature on a public or shared computer. Doing so may allow the next user to bypass MFA and access your account. Ensure you click Log Out after you are done working. Never share your password with anyone.

How does the remember feature work?

When accessing select U of A applications, Duo will present you with the below prompt.

Image of the prompt that will be available from Duo.

The remember feature stores security tokens with a 14-day expiry on the local device. The presence of the security token tells Duo that you’ve recently verified your identity. This results in reducing repetitive prompts without compromising protection.

Using this feature is optional: if you don’t want to use the remember function, select “No, other people use this device,” even if you are the sole user or on a personal device.

Will the remember function affect my device?

No. It simply stores the security token on the device. This is a practice used by many other applications and is often presented as a “Remember me?” checkbox, which you have likely seen and agreed to before.

Why may I be asked to authenticate again before 14 days have passed?

You used a different browser or device
You signed out manually
Your browser settings cleared cookies or cache

What is multi-factor authentication?

At the U of A, we use Duo Mobile MFA to add an extra layer of protection.
Multi-factor authentication (MFA) is the process of confirming a person’s identity using multiple verification factors when accessing systems. Typical factors for MFA include:

something you know (like a username and password),
something you have (like a passcode sent to your smartphone) and
something you are (like a fingerprint scan).

MFA requires at least two of the three factors. In the university’s deployment, after entering the CCID username and password, MFA is a second layer of security (or second factor) used to log into a service.

Why MFA still matters

MFA ensures that even if your password is compromised, a bad actor can’t access your account without a second factor. That second factor, your trusted device, makes a critical difference in protecting you and our community.

MFA is mandatory for all faculty and staff to access core university applications. During the enrollment process, you have two primary options for authentication:

Duo Mobile MFA app: This app is installed on your university or personal smartphone. Use of the Duo Mobile MFA app is highly recommended.
Fob device: A physical security key that generates unique codes.

MFA enrollment and device options

Obtaining a fob device

If you are unable to install the Duo Mobile MFA app on a smartphone, you can obtain a fob:

North Campus faculty and staff: Pick up fobs from the textbook information desk on the lower level of the U of A Bookstore. Bring your university ONEcard or government photo ID.
Enterprise Square faculty and staff: Complete the [MFA Fob Request - Alternative Access form](link to form if available). Select "Enterprise Square" as your location. You will be contacted to arrange pickup.
Augustana faculty and staff: Pick up fobs at the service desk on the main floor in Founders Hall.
Campus Saint-Jean faculty and staff: Contact csjtech@ualberta.ca to arrange fob pickup.
Not in the Edmonton area: Complete the [MFA Fob Request - Alternative Access form](link to form if available). Select "Not in the Edmonton area." You will be contacted to determine the best solution.

Note: Your fob may take up to two business days to activate after pickup. It is advisable to pick up your fob early within your 30-day enrollment window to ensure uninterrupted access to university applications.

Duo Mobile MFA App: privacy, security and benefits

Privacy and security of the Duo Mobile App

The Duo Mobile MFA app poses no privacy or security risks to your smartphone.

It cannot access or affect your device or data in any way, beyond providing an access prompt notification when you attempt to log in to �� applications.
Duo Mobile MFA has numerous industry safety certifications and has been validated and approved by global agencies, including the General Data Protection Regulation (GDPR) and the National Institute of Standards and Technology (NIST).

Duo Mobile MFA App vs. Key Fob

The Duo Mobile MFA app offers a superior user experience and is the recommended authentication method:

Feature

Duo Mobile MFA App

Key Fob Authenticator Device

Setup

Simple installation on a smartphone.

Requires physical pickup of a separate device.

Authentication

A notification pops up on your phone for one-tap approval.

You must refer to a unique code on the fob and type it into the login page.

Convenience

Generally faster and more seamless.

Involves an extra step of typing a code.

Cost

No direct cost to the university per user.

High associated cost for purchase, administration and provisioning.

Recommendation

Highly recommended.

Available as an alternative.

Why authenticator apps/fobs over SMS/text authentication?

The �� prioritizes the highest level of security for its faculty, staff, data, and documents. Authenticator apps like Duo Mobile MFA are the most secure method because they are directly tied to a physical device and interface directly with the CCID authentication system.

SMS-based MFA systems are less secure due to:

Vulnerabilities to cyberattacks: including redirects, text message phishing, forged authorization messages, or phone carrier data breaches.
Higher cost: SMS/text messaging services are more expensive than authenticator apps.

Authenticator apps offer both superior security and cost-effectiveness for the university.

��������

Research Computing

Enterprise Apps