What is multifactor authentication (MFA)?

Multifactor authentication is a second layer of security added to the login process that requires you to enter your password and a second form of authorization to complete the login. MFA couples your password (something you know) with a secondary authorization from a device (something you have). MFA Protects your account from unauthorized access if your password becomes compromised. 


Is Duo MFA Required? 

Yes. All students, faculty, staff, and retirees will be required to protect their ATU account with Duo MFA to protect their data in ATU systems.


What is required to use Duo MFA?

Duo works best with the Duo Mobile app on a mobile device. Alternatively, you can receive SMS messages that contain one-time passcodes for MFA, or you can obtain a hardware device that generates one-time passcodes from the Campus Support Center.


Duo supports mobile devices running Android 8.0 or higher, iOS 12.0 or higher. Duo requires a screen lock to be enabled on the device to receive and approve a Duo push notification.


What is the best method of MFA?

Duo is designed to send you a push notification when you log into an ATU system. This push notification allows you to approve the login quickly. Duo Push is the easiest, quickest, and most secure method to verify your login. The Duo Mobile app can also generate one-time passcodes that You can enter to verify your login. 


Secondarily, a hardware device that generates one-time passcodes can be used to validate your login. These hardware tokens are available from the Campus Support Center.


Lastly, You can configure your Duo account to send SMS messages to your mobile device that contain one-time passcodes for login verification. This method is not recommended by OIS, Duo, or NIST standards, but we recognize that this may be the only option for some people.


What should I do if I received a Duo Push or SMS when I didn't log in? 

If you receive a push notification or an SMS message from Duo that you did not initiate, it is very likely that someone has your password and is trying to log in as you. Do not approve the request. Instead, you should immediately change your password through the Account Management Systems (AMS). This scenario is what Duo is designed to protect against.