Current staff Current staff
Site search

Multi-factor authentication (MFA)

  1. Home
  2. Information and services
  3. Information technology
  4. UQ accounts and passwords

MFA provides an extra layer of protection to make sure it’s really you when you log in to UQ websites and systems.

At UQ, staff are required to use multi-factor authentication (MFA). Logging in using MFA requires 2 factors to identify you:

  1. Something you ‘know’ (your username and password).
  2. Something you ‘have’ (e.g. a code sent to your mobile phone).

By using MFA, your account is protected from unauthorised access if one of these factors is compromised.

All ongoing, fixed-term and casual professional staff are now using MFA, and in 2020 UQ will continue to roll out MFA to other staff account types. A deployment plan has been developed in consultation with faculties, institutes and other organisational areas.

Why is MFA important

UQ takes cyber security very seriously. Not only does MFA help protect your personal information, pay details, research and work, it also protects University information, data and systems.

Passwords are increasingly easy to compromise. They can often be stolen, guessed or hacked — you might not even know someone is accessing your account. MFA helps keep your account secure even if your password is compromised. 

Watch our video to learn more:

Watch: Why MFA is important

Top of page

About MFA at UQ

UQ uses Duo to provide its MFA services.

For most people, the Duo Mobile app is the most convenient way to use MFA. You can choose to either receive a "push" notification or generate a passcode.

If you have a UQ mobile phone, you're expected to use it for your MFA needs. If you're unable to take your mobile phone into a particular location (e.g. your research lab), you can submit an IT request (staff login required) for a Duo token.

MFA options chart
MFA option Duo mobile app - Push notification Duo mobile app - passcode Duo token
  Duo mobile - push notification Duo mobile - passcode Duo token
How does this work

Duo sends a login request to your smartphone. Simply tap Approve (green tick) to authenticate.

You can set your preferences to automatically ‘push’ a request to your phone.

 Duo sends a 6-digit numeric passcode to your smartphone. Enter the number into your MFA login screen on your browser. Duo sends a 6-digit numeric passcode to your token. You then need to enter the number into your MFA login screen on your browser.
Platforms
  • Android
  • iOS
  • Windows Mobile
  • Android
  • iOS
  • Windows Mobile
 Independent
Network connection needed? Internet access required None None
Pros

Convenient if you have your phone with you all the time.

Simply tap ‘Accept’ when promoted (no need to type a string of numbers into your browser		 Convenient if you have your phone with you all the time.

Can be used in locations (such as research labs) where a mobile phone is not allowed.

Convenient if traveling overseas.
Cons   Need to enter the string of numbers into your browser when prompted.

Need to enter the string of numbers into your browser when prompted.

May not always have token if accessing the system when not in your office.
User cost None None None

 

Top of page

Activating MFA

UQ uses Duo to provide its MFA services.

Most people find using the Duo Mobile smartphone app the most convenient way to use MFA. To activate MFA on your mobile device, you’ll need:

  • your mobile device (smartphone)
  • a computer or other device.

If you don’t have a smartphone, or are unable to use one in your work area, you can submit an IT request (staff login required) for a MFA token. When you collect the token, you’ll be shown how to use it to register and log in with MFA.

To activate MFA, watch the video guide or read the steps:

Watch: How to activate MFA

  1. On your mobile device, download the Duo Mobile app  from Google Play or the App Store.
  2. On your computer, go to the MFA portal.
  3. Enter your date of birth and click ‘Submit’.
  4. Click ‘Start setup’.
  5. Select the type of device you wish to add and click ‘Continue’.
  6. Enter your mobile phone number and click ‘Continue’. This number will be used to recover your account if you lose access to it.
  7. Select your device's operating system and click ‘Continue’.
  8. Click ‘I have Duo Mobile Installed’.
  9. On your mobile device, open the Duo Mobile app and tap the plus icon (+) to add a new account.
  10. Tap 'Allow' if the app asks for permission to access your camera, so it can open a QR code scanner. Focus it on the QR code (square barcode) on your computer screen.
  11. On your computer, click 'Continue' when the tick appears to confirm the app has registered the QR code.
  12. Click the 'When I log in' drop down menu and choose one of the authentication methods.
  13. Click 'Save', then click ‘Continue to Login’.

You'll now need to use your registered device when you log in to UQ websites and systems that require MFA.

Top of page

Logging in with MFA

To learn about logging in with MFA, watch the video guide or read the information below:

Watch: How to log in with MFA

When you log in to a UQ website or system that requires MFA, you’ll be asked how you would like to authenticate.

If you select:

  • ‘Send me a push’, a notification will appear on your mobile device that asks you to accept or deny access.
  • ‘Enter a passcode’, you’ll need to open the Duo Mobile app and enter the passcode from the app on the login screen of the website or system.

If you have multiple devices registered, you can choose which one you want to use.

If you prefer to always use a particular authentication method, you can select that in your device settings on the MFA portal.

VPN users: If you enter a passcode or use a MFA token, the authentication process for logging in to the VPN is slightly different. Follow the VPN authentication instructions

Top of page

Managing devices used for authentication

Once you’re registered, you can go to the MFA portal to:

  • add, remove or change the device you use for MFA
  • select or change your preferred authentication method.
Top of page

Frequently asked questions (FAQs)

Here are our answers to common questions about MFA:

Setting up MFA

What devices can I use for MFA?

What can I do if I don't have a smartphone or don’t want to use my personal device?

What is a Duo token?  

What happens if I don't register a device?

General use

Why do I need to use MFA?

Do I need to use MFA every time I log in?

Why don’t all UQ sites use MFA?

Can I change the authentication method I use?

How do I log in if I can’t take a mobile phone into my workplace (e.g. a research lab)?

I need to log in to my UQ account in a location without mobile coverage or where mobiles aren’t allowed. What do I do?

Does MFA use my data on my smartphone?

Why does the Duo Mobile app need access to my camera?

How does Duo store my data?

What should I do if I receive an unexpected Duo login request?

New, damaged or lost devices

How do I log in if I leave my device at home?

What do I do if I’ve lost my phone or MFA-enabled device?

What do I do if my MFA token is lost, stolen or damaged?

How do I change my default device for Duo?

Can I use MFA when travelling overseas?

Problems logging in

I'm not receiving push notifications from Duo. How do I fix this?

What do I do if my MFA token code isn't working?

What do I do if I've clicked 'Remember me', but I'm still asked to log in?

What do I do if I can't see the option to enter a code for MFA?

Top of page

IT Support