Frequently Asked Questions

Using MFA

Why did Western choose Duo authenticator?

The Duo authenticator is a service that allows for a second factor authentication to be prompted for our users when using a username and a password on Western services that require MFA. These services include Office 365 as well as a number of other Western services that other authenticators do not support.

The Duo authenticator is part of a larger organization known as Cisco Systems. Western has engaged in a long-term agreement with Cisco Systems for a variety of network services and the 2FA application falls within the context of that contract.

Duo is a feature-rich and industry standard technology used across North American Higher Education and private sectors. Other authenticators do not have the same abilities and cross compatibility that Duo provides.

How does the MFA Process Work?

Overall, the MFA process is straightforward and largely inobtrusive. Typically, the MFA process would include the login to your system as usual with an extra step in the form of acknowledging that access via your mobile device.

What is the most popular method for the second factor of MFA?

The most popular method for the second factor of MFA is the Duo mobile app. This app works on most devices (iOS and Android) and is the most convenient of all options to use.  This option can work whether the mobile device is connected to a network or not (please see documentation for how this works).  Even in instances where consumers have opted for a different second factor as their default (call-back or a hardware token), they often end up changing to the mobile app option for ease-of-use and convenience reasons.

How do I approve my log in?

Select your device type for a guide:

My account is locked out. What should I do?

Your account will lock after 3 failed log in attempts and will unlock after 15 minutes. Contact the WTS Helpdesk for further assistance.

Can I use MFA without a mobile device?

You can also enroll a tablet, a landline telephone (i.e. your office phone), obtain a security key, or request a Hardware Token.

Is MFA accessible?

Duo self-enrollment and authentication are compatible with screen readers. Additionally, the Duo Mobile app is accessible to voiceover functionality on Apple and Android devices.

Does the MFA process work in areas where some access is limited (international locations such as China, as an example)?

Yes. There are several ways to achieve the second factor of authentication without the guarantee of connectivity (bearing in mind that being able to reach the email service in the first place may be an issue depending on the location’s overall internet access), including:

(1) Offline codes generated with the Duo Mobile app that can be generated and used without any sort of mobile connectivity
(2) The use of a hardware token that can be carried with you
(3) The WTS Helpdesk can be contacted and a temporary code(s) can be generated for access

We recommend you visit our Travelling with MFA page ahead of any planned travel to be sure you have everything you need. 

Will my administrative support personnel be limited in how they assist with me with email?

No.  While it is not a good practice to share passwords and have other users access others’ accounts, we recognize that this situation could be in place with some of these positions.  The MFA implementation takes this into account.

How can I protect services/applications I manage with MFA?

Create a Service Desk ticket with Web Operations to enquire about deploying MFA on services/applications that you manage.

I have received a request to approve a login that I did not initiate, what do I do?

If you have received a request to approve a login that you did not initiate and you do not recognize, deny this request and change your Western University password.

Will MFA be in place for access to other platforms at Western (PeopleSoft, etc.)?

Yes.  Eventually.  The MFA for Office 365 project will ultimately guarantee full user implementation by virtue of its comprehensive use within the organization. Some advanced planning to leverage the same MFA platform for use with other “line of business” applications has begun in select cases.

Managing my MFA devices

I replaced the phone that I enrolled in Duo. What should I do now?

  1. Log into MyMFA.uwo.ca.
  2. You will need to use your secondary device to authenticate into the MyMFA Duo settings
  3. Select Add another device
  4. Select the type of device you are adding and click Continue
  5. Enter any information required anc click Continue
  6. Remove old device from list by selecting Device Options then click the trashcan iconDelete device
    NOTE: You must have at least one device listed. The old device cannot be removed until you add a new device if it is your only device listed. 

Add an additional device

  1. Log into MyMFA.uwo.ca.
  2. You will need to authenticate into the MyMFA Duo settings
  3. Click the +Add another device and follow the on-screen prompts to setup the device. Add new device

Refer to Duo's guide step by step instructions: https://guide.duo.com/add-device

Remove a device that has been enrolled

  1. Log into MyMFA.uwo.ca.
  2. You will need to authenticate into the MyMFA Duo settings
  3. Once you're authenticated, click Device Options on the device you want to remove then the trash can icon to delete the device.
    NOTE: The option to remove a device only appears when you have more than one device set up. 
    Remove device

  4. Confirm the Remove

Duo Mobile App

Where can I download the Duo Mobile app?

You can download the Duo Mobile app by searching "Duo Mobile" in your device's app store and select Duo Mobile . Only Apple iPhones/iPads, Android, and Windows Mobile devices have a supported app. Use the links below to view the Duo Mobile app in the app store.

Why am I not getting Duo push notification?

The Duo Mobile app relies on having push notifications enabled on your mobile device. When setting up the app for the first time, you will be prompted to enable push notifications. If you had declined, you can enable the notifications by reviewing your device's notification preferences within Settings.

If I use the text message or phone call option, will I be charged by my phone company?

If you use the text message option and do not have an "unlimited" message plan, then you will be charged for the text message.

How do I use the Duo Mobile app if I do not have cell signal, data or Wi-Fi connection?

Generate a passcode using the Duo Mobile app by tapping the key icon. The passcode will appear underneath. You can generate a Passcode even if the phone has no internet or cell service.

Tap the key icon to view a Passcode.

Can I use the Duo Mobile app without a cellular data plan/using my cellular data?

To use the app with no impact on your data plan, you must first connect to a wireless network. Then open the Duo Mobile app and tap the key icon. A passcode will appear underneath. Then log in to the system using the passcode.

duomobilepasscode.jpg

How can I log into a MFA protected service if my phone is unavailable?

If you have enrolled a second device (i.e. tablet or office phone), you'll be able to log in using that device. 

Contact the Computer Accounts Office if you have only enrolled a single device.  We can provide a bypass code which will allow you to authenticate without using your enrolled device.


Published on  and maintained in Cascade.