Search Google Appliance

Information Technology

Two-Step Login FAQ

What is two-step login?

Two-step login, also known as multi-factor authentication, increases security by requiring more than one step to confirm your identity when logging in to computer systems, applications and networks. UMass is implementing Duo (a multi-factor authentication service) on select IT services to increase security. After you log in to a Duo enabled service with your UMass NetID and password, you will be prompted for an additional authentication factor by any of the following methods you choose:

  • A push notification or passcode via the Duo Mobile app on your device.

  • A phone call to your mobile phone or landline.

  • A text message (SMS) to your device.

What is authentication?

Authentication is the process of verifying the identity of a user or process to ensure that they are genuine. 

Why is UMass implementing Duo for multi-factor authentication?

Attacks on computers, applications and networks are increasing in sophistication due to phishing and malware. Duo multi-factor authentication provides another layer of security to help protect institutional information.

Who can use Duo multi-factor authentication?

UMass employees

What UMass applications utilize Duo for authentication?

Duo multi-factor authentication will initially be implemented on the Human Resources Peoplesoft applications (HR Direct) starting August 1, 2017.

How do I enroll in Duo?

Please see instructions at the following link: Duo Multi-Factor Authentication Enrollment and Use

What happens after I enroll in Duo?

When you login to a Duo-enabled service with your NetID and password, you will be prompted to select another authentication method to verify your identity. These methods are:

  • Duo Push: Receive a push notification on your mobile device.
  • Call Me: Receive a phone call.
  • Passcode: Receive a set of passcodes on your device.

Once you verify your identity you will be logged into the service.

For more information on using Duo for authentication, look at the authentication documentation here: Duo Multi-Factor Authentication Enrollment and Use

How do I re-add my account in the Duo Mobile application?

  1. Navigate to https://multifactor.umass.edu and log in with your NetID and password, and then click "Continue."
  2. Click on "My Settings & Devices."
  3. Now you will need to authenticate to access the device settings, choose an authentication device next to the "Device" field. (Note you can use the device that you need to re-add your University of Massachusetts Amherst account to the mobile application).
  4. Select "Enter a passcode."
  5. A blue dialog box should pop up that says "Enter a passcode from Duo Mobile or a text." Click on "Text me new codes."
  6. On your device you should receive a text with several passcodes.
  7. On the web browser, above the "Log in" button, enter one of the passcodes and click "Log in."
  8. Click on "Device Options" next to the device that you need to re-activate Duo Mobile on.
  9. Click "Reactivate Duo Mobile."
  10. Select the type of phone, if applicable, and click "Continue."
  11. Click "I have Duo Mobile."
  12. At "Activate Duo Mobile for [device]" dialog either scan the QR code on screen using your device and the Duo Mobile application or have an activation link sent to you via email (see "Duo Multi-Factor Authentication Enrollment and Use" step 7 for more information).
  13. Your account should be re-activated and you can now authenticate using the Duo Mobile application on your device.

Can I register multiple devices and phone numbers?

We recommend registering multiple devices or phone numbers. During the initial enrollment process, you may register multiple devices, including smartphones, cell phones, landline phones, and tablets. If you need to register another device after you have completed the initial enrollment process, you may do so from the Multi-Factor Authentication self-service portal at https://multifactor.umass.edu

How do I add another device?

  1. Navigate to https://multifactor.umass.edu and log in with your NetID and password, and then click "Continue."
  2. Click on "Add a new device."
  3. Choose an authentication device and an authentication method.
  4. Select the type of device you would like to add, and click "Continue."
  5. Follow the on-screen prompts to add the device, see  "Duo Multi-Factor Authentication Enrollment and Use" for more information on how to use Duo with a variety of devices.

How do I change my preferred authentication method?

  1. Navigate to https://multifactor.umass.edu and log in with your NetID and password, and then click "Continue."
  2. Click on "My Settings and Devices."
  3. Choose an authentication device and an authentication method.
  4. Click on the drop down menu next to "When I log in."
  5. You can select one of three options:
    • "Ask me to choose an authentication method," which will allow you to select from all authentication options for your device when you are trying to log into a Duo-enabled service.
    • "Automatically send this device a Duo Push," which will automatically send your "Default Device" a push notification when you are trying to log into a Duo-enabled service.
    • "Automatically call this device," which will automatically call your "Default Device" when you are trying to log into a Duo-enabled service.

What if I do not have access to my registered device?

We recommend registering multiple devices or phone numbers. If you need to authenticate and do not have access to a registered smartphone, tablet, cell phone, or landline phone , please contact the IT User Services for assistance.

What if I lose my registered mobile device?

If you lose your phone or tablet, you should remove it from your list of enrolled devices using the Multi-Factor Authentication self-service portal as soon as possible. You may also contact IT User Services to assist with this.

Will I have to provide a second factor every time I log in to a multi-factor enabled service?

To help balance security and usability, the HRDirect multi-factor authentication service is configured to remember your web browser for 30 days when you first log in to an application. It will not prompt you for the second factor if you access the service from the same web browser, unless the 30 days has expired, or you clear your browser cookies.

Other multi-factor enabled services may require you to provide a second factor each time you log in, or they may remember browsers for a different length of time.

I am a campus IT Professional. How can I enable multi-factor authentication on a service I manage?

Contact IT User Services at 413-545-9400 or it@umass.edu to request additional information.