Queries about MFA

Answers to your question about multi-factor authentication (MFA).

Common queries

What is MFA, and how do I enrol?

Multi-factor authentication (MFA) adds an extra layer of security when you log in to your University IT account. It's sometimes called two-factor authentication (2FA).

With MFA, you provide at least two pieces of evidence at login to verify your identity:

Something you know: a password, pin or passphrase.
Something you have: a physical device you have with you when logging in, for example, a mobile device or hardware token.

For information on how to enrol, visit our setting up MFA pages.

What should I do if after setting up MFA it keeps asking me for a passcode?

Log in to the Duo management portal
Enter your University username and password
Select 'Log in'
On the Duo Device Management page, select 'Call Me'
When you receive a call to your mobile device, press '1' on your mobile device keypad
The Duo device management page will show your currently registered Duo devices
Click 'Device Options' next to your listed mobile device
Click the 'Reactivate Duo Mobile' button
Continue to follow the instructions on your screen

How do I set up MFA for a new account with a previously registered number when I get the message 'number cannot be added' ?

You should contact IT help and support on +44 114 222 1111 and provide the following information where applicable:

previous username (e.g ELP21XZ)
previously registered phone number
full name
previous department
previous registration number
date of birth
new username
new department
new registration number

After speaking to IT help and support, you will receive an activation text with information on what to do next.

How do I register a new phone with the same number if MFA won’t recognise it?

Log in to the Duo management portal
Enter your University username and password
Select 'Log in'
On the Duo Device Management page, select 'Call Me'
When you receive a call to your mobile device, press '1' on your mobile device keypad
The Duo Device Management page will show your currently registered Duo devices.
Click 'Device Options' next to your listed mobile device.
Click the 'Reactivate Duo Mobile' button.
Continue to follow the instructions on your screen.

How can I register a new device with a new number if I have kept my previous device?

Log in to the Duo management portal
Enter your University username and password
Select 'Log in'
On the Duo Device Management page, select 'Send Me a Push'
Please select ‘Approve’ on your old device
The Duo Device Management page will show ‘My Settings & Devices’
Select ‘+ Add another device’
Continue to follow the instructions on your screen

What should I do if I cannot install the Duo Mobile app?

All mobile phones running iOS 14 or Android 10 or above can install the Duo app. If you cannot do this, contact IT help and support on +44 114 222 1111 for assistance.

General questions about MFA

Can I opt out of setting up MFA?

No. It is University policy that all staff and students must have their IT accounts protected with MFA.

Do I need a smartphone or data plan to use MFA?

If you are unable to use a smartphone you can request a hardware token or security key and contact IT help and support on +44 114 222 1111 for assistance.

Which services do I need to use MFA for?

You need MFA to verify access for the following services:

all services accessed through MUSE
off-campus access to the High Performance Computing (HPC) system
the University VPN service (University login required)

Do I need to verify my identity with MFA every time I sign in?

Once enrolled in MFA, you'll be prompted to use it whenever you log into MUSE.

You have the option to remember your device for seven days on the same or browser. The 'Is this your device?' check for MFA works for web services, such as your browser. If you use multiple devices and browsers, you'll need to select the option to remember your device on each browser.

Duo Mobile app

Why have I received a push notification when I haven't tried to log in?

You must deny the request and report it to IT help and support on +44 114 222 1111.

Your password may have been compromised. Someone may be trying to log in to your University IT account.

Is the Duo Mobile app safe and secure?

The Information Security team in IT Services has tested the security and privacy of the app. It is safe to use on personal devices. It does not provide the University or any external parties with access to your device's data, including contacts, photos, text messages or emails.

Duo Mobile needs some device permissions:

For more details, see Duo's Mobile privacy information.

Can Duo see my password?

No. Your password is verified by the University’s account systems and never sent to Duo or seen by anyone at the University.

Why does the Duo Mobile app need access to my camera?

When using MFA for the first time and registering a device, the Duo Mobile app will access your device's camera to scan a QR code displayed on the screen. After setting up Duo Mobile you can remove the app’s camera permission.

For more details, see Duo's Mobile privacy information.

Can Duo Mobile control my mobile device?

No. The Duo Mobile app cannot change settings or remotely wipe your mobile device.

Duo checks the security settings of your device to make sure it's a safe place to send notifications. It uses these checks to help recommend security improvements to your device. You're always in control of whether to take action on these recommendations.

How much data does a Duo Push request use?

Duo Push authentication requests require a minimal amount of data – less than 2KB per authentication. For example, you would only consume 1MB of data after authenticating 500 times.

I have two University accounts - can I use Duo on the same phone for both?

Yes. Devices can be registered to more than one account. To do this, you need to register each account for MFA. Then log in to each account and add the device.

See Manage your MFA devices and settings.

What happens if I haven't got my phone with me?

Contact IT help and support on +44 114 222 1111. They will generate a 6-digit bypass code for you to enter when you log in.

What happens if I get a new phone?

You will need to register your new phone for MFA. To register your new phone you need to use the Duo device management portal.

Follow the Managing your devices guidance on Duo's website to add a new device.

What should I do if my phone is lost or stolen?

Contact IT help and support immediately on +44 114 222 1111. They will prevent the device from being used for MFA, to secure your account.

Why have I stopped receiving push notifications from Duo Mobile?

Follow these steps:

Make sure your registered device has a mobile network or WiFi connection.
Have the Duo Mobile app open when you authenticate.
Try other troubleshooting methods for iPhone or Android.

If the methods above do not work, try using another authentication method, such as a passcode provided in the Duo Mobile app.

Why can't I download the Duo Mobile app from Google Play store in my country?

The Google Play store may be blocked or unavailable in some countries.

Read Duo's instructions to download and use the Duo App in China.

How does Duo work when I'm travelling?

Duo will continue to work as normal over WiFi or mobile data, where available. If it's not available, you can get a passcode within the Duo Mobile app instead.

I usually log into MFA with the Duo Mobile app push notifications, but have been asked to enter a PIN code as well - is this normal?

On certain occasions, you may be asked to enter a PIN code from the Duo Mobile app into the login process for verification. This will usually occur if you are logging in from a new location or device, and is part of the process to prevent fraudulent attempts to access accounts.

Hardware tokens

How do I get a hardware token?

If you are unable to use a smartphone you can request a hardware token or security key and contact IT help and support on +44 114 222 1111 for assistance.

I have two University accounts - can I use the same hardware token for both?

Yes. Devices can be registered to more than one account. Contact IT help and support on +44 114 222 1111 and ask them to register your token for the second account.

My hardware token is displaying the code 888 888 - how do I stop this?

Press the button on the hardware token for a shorter amount of time when you need an authentication code.

If you press the button for several seconds, it displays a test code of 888 888. This is to show that all parts of the display are working.

I usually log into MFA with a hardware token, but it has not been accepted - what should I do?

You should contact IT help and support on +44 114 222 1111 who will be able to assist you. This will usually occur if you are logging in from a new location or device, and is part of the process to prevent fraudulent attempts to access accounts.

Why has my hardware token stopped working?

Your hardware token can get out of sync if the button is pressed too many times in a row and the generated passcodes are not used for login. In some cases, this can happen by accident. For example, if the token is next to other objects in a pocket or backpack.

To resynchronise the token, generate three passcodes in a row and enter them one by one into the passcodes field.

If this doesn't work, contact IT help and support on +44 114 222 1111 for assistance.

What should I do if my hardware token is lost or stolen?

Contact IT help and support immediately on +44 114 222 1111. They will prevent the device from being used for MFA, to secure your account.

Security keys

Can I use a YubiKey or another type of hardware token?

You can use a security key. This method may be suitable for students who are not eligible to use one of our hardware tokens. Go to the Duo website to find out how to enrol your security key. We cannot answer queries about personal security keys.

Make sure you register a second device as well, or you may get locked out of your account.

Contact us

If you have a question about MFA that is not answered here or on the other MFA pages, contact the IT help and support on +44 114 222 1111.

IT Services