About MFA

  1. Multi-Factor Authentication adds an additional layer of security to your login process to prevent your credentials from being compromised.
  2. By using more than one method of authentication, your identity is verified and kept safe from phishing and other cyber security attacks.
  3. By using Duo for MFA, you will be using something you know (your password) with something you have (your device or hardware token) to confirm your identity.
  4. All UWM Faculty and Staff must be enrolled with Duo as part of Information Security Administrative Procedure 1030.A.
    Other constituencies such as Emeriti, Annuitants, student employees, sponsored guests, and students are not currently in scope for this initiative.

Getting Started with MFA

Enroll a Mobile Device

  1. Prepare your device for Duo Mobile.
  2. Open the enrollment link included in your email from Duo.
  3. Follow enrollment instructions for mobile device and install Duo Mobile.
  4. Optional: Enroll a second device, such as a hardware token. This ensures that if any of your devices are forgotten at home, you have a secondary method to authenticate with.

Enroll a Hardware Token

  1. Obtain a hardware token in-person from one of the following locations:
          UWM Campus: The UWM TechStore
          UWM at Washington County: The Library Information Desk
          UWM at Waukesha: The Library Information Desk
  2. Follow enrollment instructions for hardware token.
  3. Optional: Enroll a second device, such as a mobile device. This ensures that if any of your devices are forgotten at home, you have a secondary method to authenticate with.

FAQ’s

I am a new employee at UWM. What do I need to do to set up MFA?
  • After you activate your ePanther account, you will receive an automated email from Duo with instructions on how to enroll. You will have 2 weeks to enroll a hardware token and/or a mobile device. If you do not enroll within 2 weeks, you will be locked out of UWM systems such as Canvas, Office 365 and My UW System.
Do I have to do this every time I log in?
  • When you use Office 365 or UWM 1Login to access a UWM service (Canvas, My UW-System Portal, etc.) you will be prompted to authenticate with Duo. In an effort to make authenticating as seamless and non-disruptive as possible, you will have the option to use a “Remember Me” feature upon initial login. The time frame that you are allowed to remember your authentication on that device varies by service. Also, you will have to re-authenticate if you log in on a different device or browser, and when your time limit for the “Remember Me” feature expires for that time frame.
Should I enroll more than one device?
  • For your convenience, please consider enrolling at least two devices. This can be a phone and a tablet, a mobile device and a hardware token, or whatever combination works best for you. This ensures that if any of your devices are are forgotten at home, you have a secondary method to authenticate with.
    Please note: Individuals are limited to the use of one hardware token, if you have already enrolled a hardware token, please consider enrolling a smart phone or tablet.
Do I have to use a smart phone to do this?
  • If you are unable to use the Duo Mobile App for MFA, please enroll a free hardware token. Please follow the instructions on the webpage above for “Enrolling a Hardware Token”. Please note: Individuals are limited to the use of one hardware token.
What do I do if I lost my device or left it at home?
  • If  you have a secondary authentication device, please use that in the event of a lost or stolen device. If you do not have a secondary device, you can use the UWM Duo Bypass Code page to generate a bypass code that you can use to login to Duo protected services and applications for up to 12 hours, after which your bypass code will expire and a new one will need to be generated.

    In order to generate a Duo bypass code, you will need to provide your Campus ID (student number), your birth date, and answers to your security questions in order to verify your identity. For instructions on generating Duo Bypass Codes, please visit the UWM KnowledgeBase: https://kb.uwm.edu/page.php?id=84490

    If you have not previously set responses to your security questions or cannot provide any of the requested information to verify your identity, please contact the UWM Help Desk. If you have lost your Duo two-factor authentication device (a smartphone or hardware token), please contact the UWM Help Desk to generating a bypass code using this process.

How does this impact my privacy?
  • If you choose to use the Duo mobile app, UWM will not be able to see the personal information on your device. The only data collected is related to the use of the app (operating system, application version, IP address of authentication attempt, etc.). Please feel free to review Duo’s data and privacy information in more detail here: https://help.duo.com/s/article/2939?language=en_US
How does this work with traveling abroad?
  • If you enroll a smart phone or tablet with the Duo Mobile App, and have a cellular connection or a WiFi connection, you can authenticate as you normally would. If you enroll a hardware token, that does not require an internet connection although the services you are trying to authenticate with (Office 365, Canvas, etc.) do. If you are able to access these services with a cellular or WiFi connection, you will be able to authenticate. If you work remotely or are out of state and require a hardware token please contact the UWM Help Desk (help@uwm.edu) to coordinate receiving one through the mail.

 

By using the Duo Mobile App on my personal device, will my personal communications or data be subject to Wisconsin's Public Records Law or be subject to a subpoena request?
  • The contents of strictly personal communications (texts, emails, voice messages) or data are not subject to the Wisconsin Public Records Law simply by using the app to verify your identity. Strictly personal means that it is not related to university business. If you were using your personal device to conduct university business (such as responding to emails, texting a colleague about a work-related issue or leaving or receiving voice messages on work related subjects, or accessing UWM digital assets) those communications which relate to the university business could be subject to the Wisconsin Public Records Law or could be the subject of a university-related subpoena. The contents of your personal communications that do NOT involve university business would not be subject to the Wisconsin Public Records law or to a university-related subpoena for university business records.
What if I already use a Symantec hardware token (FOB) for HRS?
  • UWM employees who use a Symantec hardware token (or FOB) to authenticate to HRS will also need to enroll in, and use, Duo to authenticate to Office 365 and services that utilize UWM 1Login.
Where do I get a hardware token?
  • Faculty and Staff can pick up their free hardware tokens in-person at the following locations:
    • UWM Campus: The UWM TechStore located in the Panther Shop in the Union
    • UWM at Washington County: Library Information Desk
    • UWM at Waukesha: Library Information Desk
  • If you work remotely or are out of state and require a hardware token please contact the UWM Help Desk (help@uwm.edu) to coordinate receiving one through the mail.
Do I have to enroll?
  • Enrollment for all UWM Faculty and Staff is required by October 31, 2019 as part of Information Security Administrative Procedure 1030.A.
    Other constituencies such as Emeriti, Annuitants, student employees, sponsored guests, and students are not currently in scope for this initiative