Multi-factor authentication, or MFA for short, is a security measure that adds an extra layer of security to your accounts. MFA requires that you access an additional device or code, along with your usual login information, in order to log in to your account. Essentially, the first layer of security uses something you know (login information), while the second layer uses something you have (a device or a one-time use code).

The University of Maryland has implemented an MFA requirement for all university faculty and staff, requiring them to use the MFA process when logging on to any university resource that uses the Central Authentication Service (CAS). This includes G Suite for Education (Gmail, Drive, etc.), ELMS, UMEG, and Testudo. At this time, timesheets and ARES are not affected.

So, how does MFA actually work at UMD? You must use one of the following four options: a mobile device, a hardware token, a phone that can receive voice calls, or a one-time use code. It is recommended that you set up more than one option so you have a backup. You can see all of the MFA login options in action in this video playlist.

Mobile Device

First, you must download the Duo Mobile App on your mobile device or tablet. Then, visit identity.umd.edu/mfa, and log into CAS using your Directory ID and password. Click on “Start Setup” and select the device you are using. Enter your device information and click on “I have Duo Mobile installed.” Select the “+” symbol at the top right of the Duo Mobile app, scan the code that appears on your computer screen, and click “Continue.”

Lastly, select your login preferences. If your mobile device will be your main MFA method, you may choose “Automatically send this device a Duo Push.” If you’d like the most streamlined MFA process, select “Remember me for 24 hours,” which allows you to go through the MFA process only once every 24 hours for each device or browser, and then select “Automatically send this device a Duo Push.” When you receive a Duo Push, it will appear as a notification on your mobile device which you must approve. If you prefer not to receive a Push, you may click on the key icon in the Duo Mobile app, which will generate a passcode that you can enter in CAS.

Hardware Token

If you prefer not to use your mobile device with MFA, you may purchase a hardware token from Terrapin Tech. A hardware token is a small key fob device that is used to generate passcodes at the press of a button.

After purchasing your token, if you have not already enrolled a mobile device, go to identity.umd.edu/selfenrollment and log in. Click “Register Your Hardware Device,” enter the token information, and click “Register Device.” If you have already enrolled a mobile device and wish to register a hardware token as well, visit identity.umd.edu/mfa, click “Manage” under “Hardware Tokens,” and follow the same steps.

After completing either process, you will receive a message indicating that the hardware token has been successfully registered. You may now use the passcode generated by the token to authenticate into MFA-protected systems.

Phone That Can Receive Voice Calls

You can use any phone that can receive voice calls for MFA. This is also a good option to set up as a backup. Log in to identity.umd.edu/mfa, select “Landline” and click “Continue.” Enter your mobile or landline phone number using this format: (123) 456-7890, click “Confirm,” and then “Continue.” Click “Call Me” and enter the six-digit code provided during the call.

One-Time Use Codes

Setting up a secondary MFA option is recommended, in case your primary device is unavailable for some reason. A good option for a secondary method is using one-time use codes. You can generate one-time use codes by going to identity.umd.edu/mfa, by visiting Terrapin Tech, or by visiting an ID notary in your department. One-time use codes will expire after 180 days.

If you intend to use one-time use codes as your only MFA login method, you must visit Terrapin Tech or your department ID notary with your UMD ID card to have your identity verified and your first set of codes printed.

Why MFA?

Phishing attacks, in which hackers try to gain access to personal information, are becoming not only more common, but more devastating as well. You may remember a recent incident at UMD, during which 1,687 users were victimized by a phishing attack. In fact, in 2016, 81% of data breaches worldwide were due to weak or phished passwords. A strong password is no longer enough to prevent these incidents, which is why UMD is now requiring MFA for all staff members. By taking a few seconds to add an extra layer of security to your accounts, you are playing an important part in improving the security of our campus community. Please visit Terrapin Tech if you have any questions!