Multi-factor Authentication (MFA)

Also known as Two-factor Authentication (2FA), TFA, Duo and Two-Step Verification.


By enrolling in MFA, you are taking an important additional step toward securing your online identity and personal information. You are also helping to protect University’s research, intellectual property, and institutional data.

MFA is a form of security that protects an account with two layers of authentication. The first layer is a PIN number or password, something that you know. The second factor is something that you physically have, such as a device. For example, a bank account uses MFA for security by requiring both a PIN and a debit card. The university’s MFA provider is a company named Duo Security (Duo for short).

After you enroll in MFA, when you log in to any MFA-protected website or service, you will enter your username and password (something you know) as you do today, and then use your smartphone or another device (something you have) to verify your identity.

All employees and UA students using any university SSO service are required to use MFA.

MFA prevents others from signing in as you, even if they know your password. It protects you and the 鶹 from the risks of phishing scams and other forms of passwords theft. 

Users’ passwords have been compromised by many different methods: guessing, hacking, watching you type the password, capturing the password on a computer with malware installed that records keystrokes, capturing passwords sent over a compromised network connection, capturing cached passwords on servers receiving passwords. Even the most careful user cannot be certain their password is never compromised by one or more of these attacks.

After you enroll in MFA, when you log in to any MFA-protected website or service, you will enter your UA Username and password  as you do already, and then use your smartphone or another device to verify your identity. 

The additional verification is not a second password, but a verification that depends on something else, such as demonstrating possession of your unlocked smartphone, or a security key, or a “biometric” such as a fingerprint, none of which would be compromised by even a successful attack on your password.

The University's MFA provider is a company named Duo Security (Duo for short).


Get Started

Self-enroll to use multi-factor authentication

 Log in to ELMO, select Security Settings and choose the Multi-factor Authentication option.

  • Once  multi-factor authentication is enabled for your account,  your first access to one of the relying services (UA Blackboard, Google Workspace @ UA, UAonline, DegreeWorks, Modern Campus CMS, MyUA,  etc.)  triggers a login screen requesting your UA Username and UA Password.
  • You will be presented with a page to automatically enroll and register the device(s) you will use for multi-factor authentication.   

Enroll your device(s)

We recommend using Duo Mobile on your smartphone because it’s free, secure, and simple to use. Duo Mobile creates no data on your device.

Manage your MFA-registered devices

You can manage your registered device(s) at any time, including:

  • Adding a phone or other device as a backup in case your primary phone is unavailable
  • Changing your primary device to receive notifications
  • Changing your notification type
  • Reactivating the Duo Mobile app on your device

Sign in with MFA

Once you set up a device, you’ll be ready to sign in with MFA.

  1.  Browse to the system or application that requires signing in with MFA. It will initiate the process of signing in.
  2.  Sign in with your UA Username and password, as usual.
  3. Check “Remember me on this browser” if you’re browsing on a computer or device that you can trust to protect your browser. This option reduces how often you have to sign in with MFA on the same web browser.
  4.  Authentication methods depend on your choice of device.  They include:
    • “Send Me a Push” – Duo sends a notification to Duo Mobile on your smartphone or tablet. You then tap “Approve” to sign in. An internet connection (Wi-Fi or cellular data) is required to receive push notifications.
    • “Enter a Passcode” – Open Duo Mobile on your smartphone or tablet to generate a passcode, with or without an internet connection. Or, if you have a hardware token, use the passcode from it.
    • “Call Me” – Duo calls your smartphone, mobile phone, or landline. Answer the call and follow the instructions to approve. This option only works with phone numbers in the US and parts of Canada. Calls from Duo may be recorded for troubleshooting purposes, and recordings are automatically deleted after 13 days.
    • USB Security Key– If you set up USB security key device, depending on your security key model, you'll need to tap, insert, or press a button on your device to proceed.
    • "Text Message Passcode" - Not available for employees. Duo will send a passcode in a text message to a registered number.

      View all authentication methods
  5.  If successful using your MFA device to confirm it’s really you, sign-in is complete. Your browser will continue to the system or application that initiated the sign-in process.

Learn more about Authenticating with the Duo Prompt


Notification Comparison

Authentication Method Smartphone Tablet Cell phone Landline Security Key Mac Device Duo Token Apple Watch

Duo Mobile Push (Recommended)

Yes Yes           Yes
Duo Mobile Passcode Yes Yes           Yes
Security Key Tap         Yes      
Touch ID           Yes    
Security Key Passcode             Yes  
Phone call Yes   Yes Yes