Skip to main content

Multi-factor authentication

UVic MFA for Everyone

UVic MFA is being added for all eligible users who haven't already signed up. This roll out is happening gradually. Everyone at UVic will be added by March 2024. If you’re not already signed up for UVic MFA, you can expect to see a prompt with enrolment instructions when you sign into online resources with your NetLink ID.

The reminder prompt can be deferred for a bit if you’re busy, but we recommend finding time to enroll before the deadline to avoid any conflicts with important deadlines like course registration and midterm exams. These prompts won’t show up for everyone at the same time, so you might get yours at a different time than your classmates or colleagues.

You don’t have to wait for a prompt! Anyone can sign up for UVic MFA right now.

The best way to keep your UVic account secure is to enable multi-factor authentication (MFA). This type of security is also called two-factor authentication (2FA) or two-step verification. MFA adds an extra layer of security to your account by adding an extra step into your sign in process.

When you use MFA, you’ll sign in to your account using your passphrase, then confirm that it’s you using a personal device like a phone. This makes it much harder for someone else to gain access to your account.

Keeping your account secure is important for your own online safety and the safety of the UVic community.

Who can use UVic MFA?

Students, faculty, staff, emeritus and UVic affiliates can use UVic MFA.

How to use UVic MFA?

UVic uses Duo for our MFA service. You can register a mobile device or Duo hardware token to be your second factor. You should choose a device you usually have with you or add more than one device to make sure you can always access your account. Your phone is probably the best option to choose because you’ll usually have it with you.

When you sign in to UVic resources, you’ll get a UVic Duo MFA prompt. You’ll need to either approve a push notification on your mobile device or enter in a code from your hardware token to finish your sign in process.

UVic MFA will work even if you don’t have access to Wi-Fi or cellular data.

Sign up for UVic MFA

You can use UVic MFA through the Duo Mobile app, a Duo hardware token or both. You can add or remove devices from your Duo profile if you want to add a back-up or get a new phone.

You must complete the whole Duo enrolment process, otherwise your NetLink ID will be locked. If you plan to use your phone for UVic MFA, make sure it’s compatible with Duo or a supported TOTP app

You’ll need to do three things to start using UVic MFA:

  1. Set up a device (phone or tablet) or hardware token (your “second factor”)
  2. Turn MFA on in your Online tools profile
  3. (Recommended) Make bypass codes

It typically takes about 20 minutes to sign up. If you need help signing up for UVic MFA, we made a video to guide you through the process. You can also contact the Computer Help Desk.

Set up a device or token

You’ll need to set up at least one device to use to authenticate. Most people use the Duo Mobile app on an iPhone or Android phone that they already carry around. To install Duo Mobile on your phone or tablet:

  1. Go to Duo Mobile for iPhone and iPad (Apple App Store) or Duo Mobile for Android (Google Play Store)
  2. Select Get or Install to download and install the free Duo Mobile app

Make sure you install the correct app. It will be called Duo Mobile and is published by Duo Security LLC. The logo is green with DUO written in white text.

Duo Mobile app logo is green with DUO written in white text

If you already use another authenticator app, UVic MFA does support some alternative authenticator apps for passcodes only. Duo Mobile is required if you want to use push notifications for authentication. You can add other accounts to Duo Mobile if you want to streamline account security for all your online services.

If you don’t have a compatible iPhone, iPad or Android device, you can use a Duo hardware token instead. A hardware token is a small single-purpose device that generates a one-time passcode when you press a button.

  • If you’re a student or emeritus, you can buy a hardware token at the UVic Bookstore
  • If you’re an employee, you can request a hardware token through your department.

If you can’t use your phone or access a Duo hardware token, there is support available for students with financial or accessibility needs.

You can use multiple devices (phones, tablets, tokens) if you want. It can be useful to have a backup! But you must add at least one.

Turn MFA on in your UVic profile

  1. Go to account security settings in Your profile.
  2. Select Manage multi-factor authentication. Confirm you’re ready to enrol in UVic MFA and select Enable Duo.
  3. Follow the on-screen steps to enrol your first device.

Make bypass codes

Bypass codes are codes that you can use to get into your account if you don’t have access to your phone or token—for example, if you forget it at home one day.

You don’t have to make bypass codes, but we strongly recommend that you generate a set of single-use codes, write them down and keep them someplace safe.

It typically takes about 5 minutes to create your bypass codes. If you need help generating codes, we made a video to guide you through the process. You can also contact the Computer Help Desk.

Alternative authenticator apps

UVic MFA supports several popular authenticator apps that use Time-based One-time Passwords/Passcodes (TOTPs) for generating one-time passcodes. Personal TOTP hardware tokens are not supported.

You can use a TOTP authenticator app if:

  • you don't need the option for push notifications
  • you don’t want to use a physical Duo hardware token
  • you already use an authenticator app and want to keep your accounts together
  • Duo Mobile isn't available in your app store

Since TOTP authenticator apps don't provide push notifications for UVic MFA, you won't know about any suspicious login attempts on your account. Duo Mobile is the only way to be notified when someone has your passphrase and tries to sign in to your account.

How does it work?

Whenever you get a UVic Duo MFA prompt, open your TOTP authenticator app to generate a one-time use passcode. Enter the code into the hardware token field in the prompt window.

Install an authenticator app of your choice. It must support 6-digit TOTP to work with your UVic account. We recommend Microsoft Authenticator for ease of use and compatibility with UVic MFA.

The following others have also been tested:

Then add your UVic account to TOTP authentication apps by scanning a unique QR code or entering a secret key.

Once your authenticator app is set-up on your device, you can generate a QR code to add your UVic account.

  1. Go to account security settings in Your profile.
  2. Under the Authenticator tokens section, click Add a new authenticator token. You’ll be prompted to add an authenticator token.
  3. Choose the Authenticator App option from the drop-down menu under What type of authenticator token would you like to add?
  4. Add a name for the authenticator app you’re using. (optional)
  5. On your device: open your authenticator app and add a new account. Options will vary depending on your app:
  6. In Your profile: scan the QR code or copy the secret key provided into your authenticator app. Click Submit.

Common issues

Once you’re signed up for UVic MFA, you can instruct Duo to remember your device. When you see the "Is this your device?" prompt, you can choose Yes, this is my device to remember it for 7 days.

This option works well for your most common devices or web browsers. If you use multiple computers or switch to a new web browser, you’ll see the regular UVic Duo MFA prompt.

If your enrolment process is interrupted before it finishes, there are a couple things you can try to restart the process:

  • If you’re still on the Enrol in Duo Multi-factor Authentication page, nothing’s been done to your account yet. You can just start the enrolment process over
  • If you’re getting stuck on the Add First Device to Duo page, click the “I’m having issues enrolling a device” option, then click Unenrol. This will take you back to the start and you can try again.
  • If you accidentally close the browser window before adding a device or selecting Unenrol, your NetLink ID might get locked. You can unlock your account using the NetLink ID recovery tool.

UVic MFA works even if your phone doesn’t have an internet or data connection. You can use the Duo Mobile app to generate single use six-digit passcodes just like a Duo hardware token.

  • Open the Duo Mobile app and press the show button next to the passcode field. You might need to click on University of Victoria if you have more than one account added to your Duo Mobile app.
  • Copy the six-digit code into the Duo prompt window in your web browser. You can use the Refresh passcode button anytime you need a new single use passcode.

Still unsure? We made a video about how to use Duo Mobile when your phone has no internet or data service.

You can update your enroled devices online.

You’ll need to approve a Duo prompt to make any changes to your devices, so make sure you have another device or bypass code handy. If you don’t have one, contact the Computer Help Desk.

Once you’re in the device management settings, you can remove your old phone and add a new one. If your new phone has the same phone number, you can Reactivate Duo Mobile.

You’ll need to install the Duo Mobile app on your new phone to complete the reactivation.

Deleting the app won’t remove UVic MFA from your NetLink ID, but it can lock you out of your account. Try to make sure you have another device added or a bypass code before deleting the app. If you deleted the app without one, contact the Computer Help Desk.

If you do have a second device or a bypass code, you can reactivate your device. You’ll need to reinstall the Duo Mobile app first.

There are a few ways to access your UVic account if you lose your phone or Duo hardware token:

  • If you’ve added another device to your Duo account, you can use that to sign in.
  • If you made bypass codes, you can use one to sign in.
  • If you don’t have a second device or bypass codes, you can contact the Computer Help Desk.

Once you’ve signed in, you can unenrol the lost phone or hardware token to remove it from your Duo account. You can always re-add your lost device if you find it later.

If you receive a Duo push notification when you aren’t trying to sign in to a UVic service, someone might be trying to access your account. Deny the push notification. When Duo asks, “Was this a suspicious login?”, press Yes. This will stop the other person’s sign in attempt.

You should change your NetLink ID passphrase immediately.

There are a few reasons why you might not be getting push notifications on your phone:

  • The Duo Mobile app isn’t responding. Try restarting the app and you should see an approval request waiting for you.
  • Notifications are turned off. Double check your notification settings. You might have them turned off or they’re being blocked by Focus mode or Do not disturb.
  • You don’t have Wi-Fi or cell service. If your phone has a weak connection, you can use the Duo Mobile app to generate one-time use codes like the Duo hardware token.

Duo has more notification information for iPhone and Android on their support site.

Hardware tokens generate codes for you when the button is pushed. Each code lasts long enough for you to use it while signing in. If the button gets pressed too many times without the code getting used, it can get out of sync with the UVic MFA service. This can also happen if the battery is failing or if the token is damaged.

You can re-sync your token online. You will need to approve a Duo prompt to make any changes to your devices, so make sure you have another device or bypass code handy. If you don’t have one, contact the Computer Help Desk.

If you can't find the Duo Mobile in your app store, it may be restricted due to your region or unavailable on your device.

Try setting up an alternate authenticator app. Some authenticator apps support a wider variety of devices.

You can also contact the Computer Help Desk.

If you need a guide for setting up Duo Mobile on your smartphone, this video walks you through the entire process from start to finish.

If you need a guide for creating and using bypass codes, this video walks you through the entire process from start to finish.

Accommodation requests

UVic MFA account security is for everyone. If you have accessibility needs or financial barriers that make it difficult for you to enrol in Duo, please submit an accommodation request.

International use

If you’re travelling or living outside Canada, you can still use UVic MFA. You can still use Duo Mobile without data or Wi-Fi.

You can also swap SIM cards in your phone. The Duo Mobile app is tied to your phone’s hardware security module (HSM), so picking up different SIM cards in other countries won’t disable your UVic MFA access.

There are some specific countries or regions where the Duo Mobile app is blocked due to economic and trade sanctions enforced by the U.S. Office of Foreign Assets Control. These restrictions also include other online services through UVic, like Microsoft 365 and Remote VPN access.

If you’re travelling to a restricted country or region, please contact the Computer Help Desk before you leave. This list of countries or regions currently includes:

  • Cuba
  • North Korea
  • Iran
  • Sudan
  • Syria
  • Crimea region
  • Sevastopol region
  • Donetsk region
  • Luhansk region

Contact Computer Help Desk

If you need help, please contact the Computer Help Desk.