Multi-factor authentication (MFA)
MFA provides an extra layer of protection to make sure it’s really you when you log in to UQ websites and systems.
At UQ, staff are required to use multi-factor authentication (MFA). Logging in using MFA requires 2 factors to identify you:
- Something you ‘know’ (your username and password).
- Something you ‘have’ (e.g. a code sent to your mobile phone).
By using MFA, your account is protected from unauthorised access if one of these factors is compromised.
All ongoing, fixed-term and casual professional staff are now using MFA, and in 2020 UQ will continue to roll out MFA to other staff account types. A deployment plan has been developed in consultation with faculties, institutes and other organisational areas.
Why is MFA important
UQ takes cyber security very seriously. Not only does MFA help protect your personal information, pay details, research and work, it also protects University information, data and systems.
Passwords are increasingly easy to compromise. They can often be stolen, guessed or hacked — you might not even know someone is accessing your account. MFA helps keep your account secure even if your password is compromised.
Watch our video to learn more:
About MFA at UQ
UQ uses Duo to provide its MFA services.
For most people, the Duo Mobile app is the most convenient way to use MFA. You can choose to either receive a "push" notification or generate a passcode.
If you have a UQ mobile phone, you're expected to use it for your MFA needs. If you're unable to take your mobile phone into a particular location (e.g. your research lab), you can submit an IT request (staff login required) for a Duo token.
| MFA option | Duo mobile app - Push notification | Duo mobile app - passcode | Duo token |
|---|---|---|---|
 |
 |
 |
|
| How does this work |
Duo sends a login request to your smartphone. Simply tap Approve (green tick) to authenticate. You can set your preferences to automatically ‘push’ a request to your phone. |
Duo sends a 6-digit numeric passcode to your smartphone. Enter the number into your MFA login screen on your browser. | Duo sends a 6-digit numeric passcode to your token. You then need to enter the number into your MFA login screen on your browser. |
| Platforms |
|
|
Independent |
| Network connection needed? | Internet access required | None | None |
| Pros |
Convenient if you have your phone with you all the time. Simply tap ‘Accept’ when promoted (no need to type a string of numbers into your browser |
Convenient if you have your phone with you all the time. |
Can be used in locations (such as research labs) where a mobile phone is not allowed. Convenient if traveling overseas. |
| Cons | Need to enter the string of numbers into your browser when prompted. |
Need to enter the string of numbers into your browser when prompted. May not always have token if accessing the system when not in your office. |
|
| User cost | None | None | None |
Activating MFA
UQ uses Duo to provide its MFA services.
Most people find using the Duo Mobile smartphone app the most convenient way to use MFA. To activate MFA on your mobile device, you’ll need:
- your mobile device (smartphone)
- a computer or other device.
If you don’t have a smartphone, or are unable to use one in your work area, you can submit an IT request (staff login required) for a MFA token. When you collect the token, you’ll be shown how to use it to register and log in with MFA.
To activate MFA, watch the video guide or read the steps:
- On your mobile device, download the Duo Mobile app
from Google Play or the App Store. - On your computer, go to the MFA portal.
- Enter your date of birth and click ‘Submit’.
- Click ‘Start setup’.
- Select the type of device you wish to add and click ‘Continue’.
- Enter your mobile phone number and click ‘Continue’. This number will be used to recover your account if you lose access to it.
- Select your device's operating system and click ‘Continue’.
- Click ‘I have Duo Mobile Installed’.
- On your mobile device, open the Duo Mobile app and tap the plus icon (+) to add a new account.
- Tap 'Allow' if the app asks for permission to access your camera, so it can open a QR code scanner. Focus it on the QR code (square barcode) on your computer screen.
- On your computer, click 'Continue' when the tick appears to confirm the app has registered the QR code.
- Click the 'When I log in' drop down menu and choose one of the authentication methods.
- Click 'Save', then click ‘Continue to Login’.
You'll now need to use your registered device when you log in to UQ websites and systems that require MFA.
Logging in with MFA
To learn about logging in with MFA, watch the video guide or read the information below:
When you log in to a UQ website or system that requires MFA, you’ll be asked how you would like to authenticate.
If you select:
- ‘Send me a push’, a notification will appear on your mobile device that asks you to accept or deny access.
- ‘Enter a passcode’, you’ll need to open the Duo Mobile app and enter the passcode from the app on the login screen of the website or system.
If you have multiple devices registered, you can choose which one you want to use.
If you prefer to always use a particular authentication method, you can select that in your device settings on the MFA portal.
VPN users: If you enter a passcode or use a MFA token, the authentication process for logging in to the VPN is slightly different. Follow the VPN authentication instructions.
Managing devices used for authentication
Once you’re registered, you can go to the MFA portal to:
- add, remove or change the device you use for MFA
- select or change your preferred authentication method.
Frequently asked questions (FAQs)
Here are our answers to common questions about MFA:
Setting up MFA
General use
Do I need to use MFA every time I log in?
Why don’t all UQ sites use MFA?
Can I change the authentication method I use?
How do I log in if I can’t take a mobile phone into my workplace (e.g. a research lab)?
Does MFA use my data on my smartphone?