Current staff Current staff
Site search

Multi-factor authentication (MFA)

  1. Home
  2. Information and services
  3. Information technology
  4. UQ accounts and passwords

MFA provides an extra layer of protection to make sure it’s really you when you log in to UQ websites and systems.

At UQ, staff are required to use multi-factor authentication (MFA). Logging in using MFA requires 2 factors to identify you:

  1. Something you ‘know’ (your username and password).
  2. Something you ‘have’ (e.g. a code sent to your mobile phone).

By using MFA, your account is protected from unauthorised access if one of these factors is compromised.

Why is MFA important

UQ takes cyber security very seriously. Not only does MFA help protect your personal information, pay details, research and work, it also protects University information, data and systems.

Passwords are increasingly easy to compromise – they can often be stolen, guessed or hacked. MFA helps keep your UQ account secure and can help you identify if someone else is accessing it. If you receive an unexpected MFA notification, find out what to do.

Watch our video to learn more:

Watch: Why MFA is important

Top of page

About MFA at UQ

UQ uses Duo to provide its MFA services.

For most people, the Duo Mobile app is the most convenient way to use MFA. You can choose to either receive a 'push' notification or generate a passcode.

If you have a UQ mobile phone, you're expected to use it for your MFA needs. If you would prefer to use a Duo token for MFA, or require a token for a specific reason, tokens can now be ordered through UQeMarket (catalogue no. 080010).

MFA options chart
MFA option Duo mobile app - push notification Duo mobile app - passcode Duo token Temporary passcode
 

Duo mobile - push notification

Duo mobile - passcode

Duo token

Temporary passcode
How does this work

Sends an authentication request to your mobile device (e.g. smartphone).

Simply tap 'Approve' (green tick) to authenticate.

You can set your preferences to automatically ‘push’ a request to your device.

Generates a 6-digit numeric passcode on your mobile device (e.g. smartphone).

Generate and enter the passcode into your MFA login screen when prompted.

Generates a 6-digit numeric passcode.

Generate and enter the passcode into your MFA login screen when prompted.

Generate a passcode valid for a limited time period (e.g. 8 hrs).

Generate a temporary passcode via the MFA portal for the duration required. Write or print on paper, carry with you and use when required.
Platforms
  • Android
  • iOS
  • Android
  • iOS
 Independent Independent
Network connection needed? Internet access required None None Internet access required
Pros

Convenient if you have your phone with you all the time.

Simply tap ‘Accept’ or 'Deny' when promoted (no need to enter passcode).

Convenient if you have your phone with you all the time.

Works 'offline'. Can be used when no internet or mobile network is available.

Works 'offline'. No mobile device required.

 Convenient as an alternative or backup option (e.g. if your phone isn't available).
User cost None None

None. Available through UQeMarket

 None

 

Top of page

Activating MFA

UQ uses Duo to provide its MFA services.

Most people find using the Duo Mobile smartphone app the most convenient way to use MFA. To activate MFA on your mobile device, you’ll need:

If you will be activating MFA for multiple UQ accounts (e.g. a staff account and a student account), follow the instructions for activating multiple accounts

To activate MFA, watch the video guide or read the steps:

Watch: How to activate MFA

  1. On your mobile device, download the Duo Mobile app  from Google Play or the App Store.
  2. On your computer, go to MFA activation. If you have multiple UQ accounts, ensure you are logged in with the account you are activating for MFA.
  3. Enter your date of birth and click ‘Submit’.
  4. Click ‘Start setup’.
  5. Select the type of device you wish to add:
    • If you are using your mobile phone to activate MFA for your first or only UQ account, select 'Mobile phone' for the device type and enter your mobile number.
    • If you are using your mobile phone to activate MFA for additional UQ accounts, select 'Tablet' for the device type.
  6. Select your device's operating system and click ‘Continue’.
  7. Click ‘I have Duo Mobile Installed’.
  8. On your mobile device, open the Duo Mobile app and tap the plus icon (+) to add a new account.
  9. Tap 'Allow' if the app asks for permission to access your camera, so it can open a QR code scanner. Focus it on the QR code (square barcode) on your computer screen.
  10. On your computer, click 'Continue' when the tick appears to confirm the app has registered the QR code.
  11. Click the 'When I log in' drop down menu and choose one of the authentication methods.
  12. Click 'Save', then click ‘Continue to Login’.

You'll now need to use your registered device when you log in to UQ websites and systems that require MFA.

Top of page

Logging in with MFA

To learn about logging in with MFA, watch the video guide or read the information below:

Watch: How to log in with MFA

When you log in to a UQ website or system that requires MFA, you’ll be asked how you would like to authenticate.

If you select:

  • ‘Send me a push’, a notification will appear on your mobile device that asks you to accept or deny access.
  • ‘Enter a passcode’, you’ll need to open the Duo Mobile app and enter the passcode from the app on the login screen of the website or system. If your device is unavailable, you can generate a temporary passcode via the MFA portal.

If you have multiple devices registered, you can choose which one you want to use.

If you prefer to always use a particular authentication method, you can select that in your device settings on the MFA portal.

VPN users: MFA is required for the UQ VPN service.

Top of page

Managing devices used for authentication

Once registered, you can use the MFA portal to:

  • add, remove or change the device you use for MFA. If you have multiple devices registered, you can choose which one you want to use.
  • choose to always use a particular authentication method.
Top of page

Frequently asked questions (FAQs)

Here are our answers to common questions about MFA:

Setting up MFA

How do I activate MFA for multiple accounts?

How do I resolve errors when enrolling my phone number?

What devices can I use for MFA?

What can I do if I don't have a smartphone or don’t want to use my personal device?

What is a Duo token?  

What happens if I don't register a device?

General use

Why do I need to use MFA?

Do I need to use MFA every time I log in?

Why don’t all UQ sites use MFA?

Can I change the authentication method I use?

How do I generate an MFA passcode using the Duo app?

How do I log in with MFA if I can't use my mobile phone in my workplace or a lab?

I need to log in to my UQ account in a location without mobile coverage. What do I do?

Does MFA use my data on my smartphone?

Why does the Duo Mobile app need access to my camera?

How does Duo store my data?

What should I do if I receive an unexpected Duo login request?

New, damaged or lost devices

How do I log in if I leave my device at home?

What do I do if I’ve lost my phone or MFA-enabled device?

What do I do if my MFA token is lost, stolen or damaged?

How do I change my default device for Duo?

Can I use MFA when travelling overseas?

Problems logging in

I'm not receiving push notifications from Duo. How do I fix this?

What do I do if my MFA token code isn't working?

What do I do if I've clicked 'Remember me', but I'm still asked to log in?

What do I do if I can't see the option to enter a code for MFA?

MFA in laboratories

How do I use MFA inside labs?

How do I log in with MFA in a lab where I can't use my phone?

How do I use the shared MFA tokens inside a lab?

I manage a lab. What MFA arrangements are required?

Top of page

IT Support