Security & privacy

Step 1: Install Duo Mobile on your mobile device

• From your mobile device, download the Duo Mobile app for iOS or Android. A supported mobile device is required to enrol in UVic MFA. If you're unsure about your phone's compability, please see Duo's support information for Android and iOS devices.
• Once the app is installed, you're ready to activate UVic MFA on your NetLink ID.

Step 2: Enroll your mobile device

Warning: if you do not complete this step, you may be locked out of your NetLink ID. Contact the Computer Help Desk for assistance.

• From a web browser, navigate to your account security settings in your Online tools profile and click on Manage multi-factor authentication.
  
  
• Confirm you're ready to enroll in UVic MFA, then click Enable Duo.
  
  
• Follow the steps to enroll your first device. If you have more than one mobile device — like a phone and a tablet — we recommend adding both in case you're unable to access one of them.

If you are interrupted or want to back out of the initial MFA sign up process, please do following:

• If you are still on the Enroll in Duo Multi-Factor Authentication page, you do not need to take any action. Duo has not yet been enabled on your account.
• If you are on the Add First Device To Duo page, then select the "I'm having issues enrolling a device" option, then click “Unenroll.”
• If you have already enrolled a device but want to back out of the MFA sign up process, please contact the Computer Help Desk for assistance.

If you happen to close the Add First Device To Duo page without selecting “Unenroll”, you may lose access to your NetLink ID as the service expects you to have a MFA token added and enabled. Please proceed to the NetLink ID recovery page and follow the instructions to recover your account. You will be prompted to either complete the signup process or unenroll from MFA.

There is no cost to enroll in MFA at UVic. The Duo Mobile app is free to download and use to receive push notifications for UVic services. Duo Hardware tokens do have an associated cost; more information about hardware tokens can be found below.

To access UVic services, you typically need to log in by providing your NetLink ID and personal passphrase. During the log in process, MFA introduces an additional challenge to ensure that even if someone knows your passphrase they still can’t log in. That challenge can only be passed by having a physical device (token) that is unique to you and added to UVic MFA. UVic MFA is optimized for using a mobile phone (with Duo Mobile App installed) as a token.

Your mobile phone is an item that is unique to you and readily available to you. It is also hard to access by someone else. UVic MFA is optimized to work best with Duo Mobile App that sends push notifications to your phone whenever you try to log in. A simple tap is all that is required to pass the MFA challenge. If your phone doesn’t have internet access it can still be used as a token as it generates offline codes that can be entered instead of taping ‘Approve’. You will need to use the token every time you log into UVic services, this is an additional reason why mobile phone is recommended as it is usually an item you carry with you.

If you don’t have a phone that’s compatible with the Duo Mobile App, or prefer not use a mobile phone at all, Duo Hardware Tokens are available.

Students can purchase a Duo Hardware Token from the UVic Bookstore.

Employees can obtain a Duo Hardware Token using a simple request form.

To use the Duo Hardware Token select ‘Enter a Passcode’ on the Duo login prompt, press the button on your hardware token to generate a new passcode, type it into the space provided and click Log In.

MFA is used once per your log in session, you can click the ‘remember me 7 days’ checkbox and you won’t be prompted for MFA again on that browser. If you use a different browser, device, private window or clear your cookies you’ll be prompted for MFA on each of those browsers/devices. Once you add your mobile phone or Hardware Token as a second factor you will be ask to use this device each time you sign into UVic services.

Yes, you can! We recommend enrolling more than one device in case you lose access to your primary one or don't have it with you. 

You can add another device through the Manage multi-factor authentication page in the account security settings in your Online tools profile under the "I want to manage my devices" option.

Once you've enrolled in UVic MFA you'll receive Duo authentication prompts whenever you login to protected UVic-authenticated services. After you login with your NetLink ID & passphrase you'll see an additional security prompt for Duo Push or your hardware token passcode.

If you receive a Duo Push notification that you did not generate, someone may be attempting unauthorized access to your account. Deny the push notification, and when asked ‘Was this a suspicious login?’ select Yes.

We recommend changing your NetLink ID passphrase immediately, and contact the Computer Help Desk for assistance.

For more information about Duo Push notifications, check out the UVic MFA: Approve or Deny video.

If your phone doesn't have Wi-Fi or cellular service you can use the Duo Mobile app to generate a single use passcode. You can enter the passcode into the UVic MFA login screen to access your UVic online services.

Open the Duo mobile app and press the show button next to the passcode field and copy the six-digit code into the passcode field on the Duo MFA screen. You may need to click on "University of Victoria" to expand the options in the Duo Mobile app to see the passcode.

You can use the Refresh passcode button anytime you need a new single use passcode.

Want to see a demonstration? Check out our instructional video.

Users can generate 10 single-use codes that enable them to login if their mobile device is unavailable. We recommend generating bypass codes as soon as possible because they cannot be generated after a device is reported lost or stolen. Print out or write down bypass codes and store them in a safe place. If you use a password manager application you can store the codes within it.

Codes can be generated through the Manage multi-factor authentication page in the account security settings in your Online tools profile profile under the "I want to manage my bypass codes" option.

If you have a secondary device registered — such as a tablet, hardware token or security key — you can still use that device to access your account.

If you do not have a secondary device — and do not have a new phone with the same phone number — you will need a bypass code to access your account.

 If you do not have a second device or bypass codes, contact the Computer Help Desk.

If your phone number is the same, you can use Device Reactivation to activate the new phone. You can access this feature through the Manage multi-factor authentication page in the account security settings in your Online tools profile under the "I want to manage my devices" option.

If your phone number has changed, and you do not have a secondary device with which to receive UVic MFA push notifications, you will need a bypass code to register the new phone.

The Duo Mobile app is available for Android and iOS. Duo Mobile also works with Apple Watch and Touch ID on some MacBooks. Hardware tokens can be used in addition to, or instead of, the Duo Mobile app.

If you're unsure about your phone's compability, please see Duo's support information for Android and iOS devices.

We recommend using a mobile phone with the Duo Mobile App if at all possible because the login experience is much easier and faster. However, a Duo Hardware Token can be enrolled with UVic MFA and is available to use as a second factor device if that is preferred over using your mobile phone.

Students can purchase a Duo Hardware Token from the UVic Bookstore.

Employees can obtain a Duo Hardware Token using a request form.

For more information about the Duo Hardware Tokens see Duo support article: Using Duo with a hardware token

If you lose your hardware token, you will need to use the Duo Mobile app or bypass code to access your account in order to remove the lost token from Duo. 

If you do not have another method of accessing your account, contact the Computer Help Desk to report the lost token and to receive a temporary bypass code.

Hardware tokens can become un-sycned from the UVic MFA service if the button is pressed too often (20+ times) without being used for authentication. You can re-sync your token through the Manage multi-factor authentication page in the account security settings in your Online tools profile under the "I want to manage my devices" option. You will need another enrolled device or bypass code to change any settings.

If you do not have access to a secondary device or bypass code, contact the Computer Help Desk. 

Hardware tokens may also experience issues if the battery is failing or it has been damaged. If re-syncing your hardware token does not resolve the problem, contact the Computer Help Desk. 

Yes. Using a device for two-step login comes with the obligation to take reasonable precautions to protect it. Such precautions normally include the use of a password or a PIN to unlock the phone, as well as keeping your device current and apps up-to-date. 

No, you cannot. UVic MFA is configured for use with Duo Mobile and UVic-issued hardware tokens.

You can use the Duo Mobile app for authentication for non-UVic services, but cannot use third-party applications to replace Duo Mobile at UVic.

No, your computer doesn't need any additional software or configuration to work with UVic MFA . If you login to any online resources protected by UVic MFA you'll see the prompt notification in your web browser window.

You don't need UVic MFA authentication to login to UVic computers or wireless internet.

Open the Duo Mobile app and the push notification should be waiting there. 

You can read more about troubleshooting push notification issues for iOS and Android.

No. Deleting the Duo app will not unenroll you from Duo. You will be locked out of your NetLink ID if you delete the app without a secondary device attached to your account. Reinstalling the Duo app will not grant access until it is re-registered to your account.

If you have a second device or bypass codes, you can re-register your device through the Manage multi-factor authentication page in the account security settings in your Online tools profile under the "I want to manage my devices" option.

If you've deleted the app and do not have a secondary method to access UVic MFA, contact the Computer Help Desk.

To keep your account secure and prevent unauthorized access, we recommend you keep UVic MFA enabled. If you feel you have a case for an exception, please contact the Computer Help Desk.

Only those with active university affiliations will be eligible for UVic MFA. When you graduate or leave UVic, your Duo account will be disabled and you will no longer be prompted for UVic MFA upon login to UVic services.

If your phone loses internet and you need access to your account, you can still generate a six-digit code. Open the Duo mobile app and press the show button next to the passcode field and copy the six-digit code into the passcode field on the Duo MFA screen. You may need to click on "University of Victoria" to expand the options in the Duo Mobile app to see the passcode.

See the next FAQ for countries where Duo Mobile is blocked.

Want to see a demonstration? Check out our instructional video.

• Cuba
• North Korea
• Iran
• Sudan
• Syria
• Crimea region
• Sevastopol region
• Donetsk region
• Luhansk region

Changing your SIM card will not impact your Duo Mobile use because the app is tied to the device's hardware security module (HSM). You will still be able to authenticate UVic services using your phone with Duo Mobile.