Multifactor Authentication — Duo
Also known as MFA, two-factor authentication, TFA, Duo and two-step verification.
Multifactor authentication (MFA) uses multiple proofs of identity to ensure you are authorized to access the service or resource that you are requesting.
These proofs include more than one of:
- something you know (a secret piece of information, such as a password)
- something you have (a token, card or device)
- something you are (a biometric measurement or representation)
CUIT uses Duo as the MFA service to verify your identity for Columbia’s centralized applications. With Duo, you can use a mobile app, a text message or a phone call to authenticate. Duo can be combined with other authentication factors like username and password authentication to create multifactor authentication. Most people use Duo via the mobile app, Duo Mobile, which runs on a variety of smartphones and tablets.
As of 2017, multifactor authentication using Duo is required for access to the following services:
- View Your Paycheck
- View Your Direct Deposit Information
- View or Update Your Benefits information
- View or Update Your Personal Information
- View Your Tax Information
- My W-2
- Verify Your Employment
- PAC Time and Absence
***NEW*** Beginning in mid-February 2020, CUIT no longer requires you to change your UNI password periodically if you register to use Duo MFA across all CUIT web applications (e.g. LionMail, ARC, PAC, CourseWorks, RASCAL). This change is based on password research which found that keeping a strong, unique password that you remember is more secure than using weaker passwords, perhaps writing them down or reusing them, and then changing them frequently. To elect this extra layer of security, browse to Multifactor Authentication Self Service, and in the SELECT APPLICATIONS FOR MFA box, choose All web applications.
***NEW*** As of early February 2020, the Forgot Password portal has a new, more user-friendly look! The service is also offering increased flexibility for our users with Duo MFA: if you are enrolled in Duo, MFA authentication will now be one of your two required authentication “factors” required to reset your UNI password. If you don’t have your ID card handy, or have forgotten your challenge questions, Duo makes it easy to change your password on your own without calling the Service Desk. All users who are enrolled in the Duo service must use Duo authentication in combination with another "factor" (CU ID card number or challenge-response questions) to update a forgotten password. This makes self-service password resetting more flexible for you, in addition to enhancing security around protecting your password.
Watch these how-to videos to learn how to install and use Duo on your mobile device (iPhone and Android).
- Install Duo on your iPhone (streaming version)
- Install Duo on your iPhone (downloadable mp4 version)
Authentication is the process of ensuring that something is genuine. Username and password authentication uses a shared secret (the password) to establish that a user of an application is actually who or what the user claims to be.
Multifactor authentication (MFA) uses multiple forms, or factors, of proof, including:
- Something you know (a secret like a password)
- Something you have (a token, card or device)
- Something you are (a biometric measurement or representation)
The number and independence of the authentication factors add to the degree of confidence we have in the identity of the person or thing. This degree of confidence is sometimes called the level of assurance. A multifactor authentication is said to have a higher level of assurance than an authentication that uses a single factor.
Duo is a service that can use a mobile app, a text message or a phone call to authenticate you. It can be combined with other authentication factors like username and password authentication to create multifactor authentication. Most people use Duo via the mobile app, Duo Mobile, which runs on a variety of smartphones and tablets. Here are descriptions and screenshots of Duo Mobile for Android, Apple iOS, BlackBerry and Windows Phone.
Duo has been added to Columbia's CAS web authentication service to create multifactor authentication. It is required for logins to selected applications and for logins by selected users to some additional "MFA-optional" applications. Duo authentication has also been added to Remote Desktop Protocol (RDP) logins for CUIT-managed Windows servers and to logins to CUIT-managed Linux hosts.