Getting Started with MFA

 

Enroll a Mobile Device

  1. Click the Enroll now! button above.
  2. Prepare your device for Duo Mobile.
  3. Open the enrollment link included in your email from Duo. If you have not received an enrollment message within an hour, please contact the UWM Help Desk.
  4. Follow enrollment instructions for mobile device and install Duo Mobile.
  5. Optional: Enroll a second device, such as a hardware token. This ensures that if any of your devices are forgotten at home, you have a secondary method to authenticate with.

Enroll a Hardware Token

  1. Click the Enroll now! button above.
  2. Obtain a hardware token in-person from one of the following locations:
          UWM Campus: The UWM TechStore
          UWM at Washington County: The Library Information Desk
          UWM at Waukesha: The Library Information Desk
  3. Follow enrollment instructions for hardware token.
  4. Optional: Enroll a second device, such as a mobile device. This ensures that if any of your devices are forgotten at home, you have a secondary method to authenticate with.

Help with Enrollment

Duo Desk

  • Stop by one of our Duo Desk sessions to get help with enrollment! IT Staff will be located in the UWM Panther Shop near the UWM TechStore on the below dates and times:
    • Sept 12, 2019: 11am-1pm
    • Sept 19, 2019: 11am-1pm
    • Sept 25, 2019: 11am-1pm
    • Oct 1, 2019: 11am-1pm
    • Oct 9, 2019: 12pm-2pm
    • Oct 17, 2019: 12pm-2pm
    • Oct 23, 2019: 12pm-2pm

Duo Talks

  • University IT Services will be hosting Duo Talks throughout the Fall semester. There will be a short presentation on MFA (what it is, how it works, etc.) and the opportunity for Q&A with faculty and staff. Below are the dates and times:

Guides & More Info

Management of your devices

  • To manage your devices (enroll a hardware token, add a new device or phone number, etc.) use UWM’s Duo Dashboard. After enrollment, you will always be able to view and manage your information regarding multi-factor authentication through the dashboard.
  • For your convenience, please consider enrolling at least two devices. This can be a phone and a tablet, a mobile device and a hardware token, or whatever combination works best for you. This ensures that if any of your devices are forgotten at home, you have a secondary method to authenticate with. Please note: Individuals are limited to the use of one hardware token, if you have already enrolled a hardware token, please consider enrolling a smart phone or tablet.

Multi-Factor Authentication (MFA)

About MFA

  1. Multi-Factor Authentication adds an additional layer of security to your login process to prevent your credentials from being compromised.
  2. By using more than one method of authentication, your identity is verified and kept safe from phishing and other cyber security attacks.
  3. By using Duo for MFA, you will be using something you know (your password) with something you have (your device or hardware token) to confirm your identity.
  4. All UWM Faculty and Staff must be enrolled with Duo by October 31, 2019 as part of Information Security Administrative Procedure 1030.A.
    Other constituencies such as Emeriti, Annuitants, student employees, sponsored guests, and students are not currently in scope for this initiative.

FAQ’s

Do I have to do this every time I log in?
  • When you use Office 365 or UWM 1Login to access a UWM service (Canvas, My UW-System Portal, etc.) you will be prompted to authenticate with Duo. In an effort to make authenticating as seamless and non-disruptive as possible, you will have the option to use a “Remember Me” feature upon initial login. The time frame that you are allowed to remember your authentication on that device varies by service. Also, you will have to re-authenticate if you log in on a different device or browser, and when your time limit for the “Remember Me” feature expires for that time frame.
Should I enroll more than one device?
  • For your convenience, please consider enrolling at least two devices. This can be a phone and a tablet, a mobile device and a hardware token, or whatever combination works best for you. This ensures that if any of your devices are are forgotten at home, you have a secondary method to authenticate with.
    Please note: Individuals are limited to the use of one hardware token, if you have already enrolled a hardware token, please consider enrolling a smart phone or tablet.
Do I have to use a smart phone to do this?
  • If you are unable to use the Duo Mobile App for MFA, please enroll a free hardware token. Please follow the instructions on the webpage above for “Enrolling a Hardware Token”. Please note: Individuals are limited to the use of one hardware token.
What do I do if I lost my device or left it at home?
  • If  you have a secondary authentication device, please use that in the event of a lost or stolen device. If you do not have a secondary device, you can use the UWM Duo Bypass Code page to generate a bypass code that you can use to login to Duo protected services and applications for up to 12 hours, after which your bypass code will expire and a new one will need to be generated.

    In order to generate a Duo bypass code, you will need to provide your Campus ID (student number), your birth date, and answers to your security questions in order to verify your identity. For instructions on generating Duo Bypass Codes, please visit the UWM KnowledgeBase: https://kb.uwm.edu/page.php?id=84490

    If you have not previously set responses to your security questions or cannot provide any of the requested information to verify your identity, please contact the UWM Help Desk. If you have lost your Duo two-factor authentication device (a smartphone or hardware token), please contact the UWM Help Desk to generating a bypass code using this process.

How does this impact my privacy?
  • If you choose to use the Duo mobile app, UWM will not be able to see the personal information on your device. The only data collected is related to the use of the app (operating system, application version, IP address of authentication attempt, etc.). Please feel free to review Duo’s data and privacy information in more detail here: https://help.duo.com/s/article/2939?language=en_US
How does this work with traveling abroad?
  • If you enroll a smart phone or tablet with the Duo Mobile App, and have a cellular connection or a WiFi connection, you can authenticate as you normally would. If you enroll a hardware token, that does not require an internet connection although the services you are trying to authenticate with (Office 365, Canvas, etc.) do. If you are able to access these services with a cellular or WiFi connection, you will be able to authenticate. If you work remotely or are out of state and require a hardware token please contact the UWM Help Desk (help@uwm.edu) to coordinate receiving one through the mail.

 

Bu using the Duo Mobile App on my personal device, will my personal communications or data be subject to Wisconsin's Public Records Law or be subject to a subpoena request?
  • The contents of strictly personal communications (texts, emails, voice messages) or data are not subject to the Wisconsin Public Records Law simply by using the app to verify your identity. Strictly personal means that it is not related to university business. If you were using your personal device to conduct university business (such as responding to emails, texting a colleague about a work-related issue or leaving or receiving voice messages on work related subjects, or accessing UWM digital assets) those communications which relate to the university business could be subject to the Wisconsin Public Records Law or could be the subject of a university-related subpoena. The contents of your personal communications that do NOT involve university business would not be subject to the Wisconsin Public Records law or to a university-related subpoena for university business records.
What if I already use a Symantec hardware token (FOB) for HRS?
  • UWM employees who use a Symantec hardware token (or FOB) to authenticate to HRS will also need to enroll in, and use, Duo to authenticate to Office 365 and services that utilize UWM 1Login.
Where do I get a hardware token?
  • Faculty and Staff can pick up their free hardware tokens in-person at the following locations:
    • UWM Campus: The UWM TechStore located in the Panther Shop in the Union
    • UWM at Washington County: Library Information Desk
    • UWM at Waukesha: Library Information Desk
  • If you work remotely or are out of state and require a hardware token please contact the UWM Help Desk (help@uwm.edu) to coordinate receiving one through the mail.
Do I have to enroll?
  • Enrollment for all UWM Faculty and Staff is required by October 31, 2019 as part of Information Security Administrative Procedure 1030.A.
    Other constituencies such as Emeriti, Annuitants, student employees, sponsored guests, and students are not currently in scope for this initiative