Multi-Factor NetID Authentication (Duo)

Coming December 7th!

The UW Madison is in the process of implementing a Multi-Factor Authentication (MFA) requirement when logging in with your NetID. This applies to all users with a NetID, and will require an additional security step that utilizes either your smartphone or a UW provided key fob. The rollout for the Biostatistics and Medical Informatics department is expected to be completed by December 7th 2018, though we will be working with groups within the department starting the first week of November 2018 to begin the process.

Users are able to configure their own MFA system themselves using the guides below if you prefer. This requires configuring the app on your smartphone, and informing the BCG you are ready to be added. We will be scheduling individual workshops and meetings with groups throughout the department as needed for those that would like assistance in person.

How It Works

Multi-factor authentication adds an additional layer of security to the login process when using your NetID credentials to access UW systems. It will generally be required for all uses that involve signing in through the standard ‘University of Wisconsin-Madison Login’ page. The VPN connection will not require MFA.

To use the MFA method with your NetID once it is initially configured:

  1. Navigate to the site you would like to login to using your NetID
  2. Enter your NetID username and password normally and click ‘Login’
  3. The Multi-Factor Authentication portal will appear
  4. To use the Duo Smartphone App Push notifications:
    • Configured to automatically push: You can open the new notification on your smartphone and press ‘Approve’ in the app
    • Configured to manually push: Click ‘Send Me a Push’ in the MFA portal, then press approve on your smartphone app notification
    • Duo App Code: In cases where your app fails to push a notification, or the push fails to authenticate, you can open the app for a rotating code and use it in the next step
  5. To use the Key Fob or Duo App code
    • Click ‘Enter a Passcode’ in the MFA portal
    • Click the Green Button on your key fob, or open the app on your smartphone and select UW Madison NetID Login
    • A 6 digit code will appear. This code changes every 30 seconds based on a universal clock, and you must enter it before the code expires
    • Enter the code into the MFA portal, and click ‘Log In’
    • If you code expires before you can enter it in the MFA portal, you may need to refresh the code and try again
  6. In the MFA portal, you have the option to ‘Remember me for 12 hours’. This is a good tool for those that often access NetID protected systems from a secure desktop, however this should not be selected at any publicly used computer.

Duo Key Fobs

Key Fobs are small electronic devices that attach to your key ring and generate a secure 6 digit code that changes every 30 seconds. To generate a code, press the large green button on the key fob. Pressing the button repeatedly will not produce new codes, as they are based on the current time and will change once it’s 30 second life is complete. The University will provide key fobs as needed, however additional and lost key fobs are charged to the department. Please be responsible with the provided key fobs, and contact the BCG for any defects or replacements.

The BCG will be sending out additional information via departmental email regarding when and how Key Fobs will be distributed.

Duo Mobile Smartphone Application

The ‘Duo Mobile’ smartphone app is available to all Android and iOS smartphones. It can be used instead of the key fob, and is free to use. You can download it free from the Google Play Store or Apple App Store.

Setup and Configuration Instructions

To configure your Duo Mobile smartphone app
To configure your Duo key fob

Multi-factor Authentication FAQ

UW DoIT Multi-Factor Authentication FAQ

  1. Help! What do I do if I’ve left my phone or key fob at home, and can’t login without it?
    A: If you have lost or forgotten your MFA device, and do not have an alternative, you can request a temporary MFA Passcode to login with. Instructions on how to complete this can be found on DoITs page here.
  2. What should I do if I believe my Duo MFA is compromised, or have reason to believe someone is trying to use my account?
    A: If you have reason to believe your MFA device or NetID account has been compromised, contact the BCG and DoIT help desk immediately. We will be able to assist in removing your MFA access and changing passwords until security can be confirmed.
  3. By using the multi-factor authentication app (by Duo) on my personal device, will my personal communications or data be subject to Wisconsin’s Public Records Law?
    A: No, your personal communications (texts, emails, voice messages) or data are NOT subject to the Wisconsin Public Records Law, as long as you are simply using the app to verify your identity. Your personal communications ARE subject to the Wisconsin Public Records Law if you are conducting any UW–Madison business (such as responding to emails, texting a colleague about a work-related issue or leaving or receiving voice messages on work related subjects, or accessing UW–Madison digital assets).
  4. Why do we need to use Mutli-Factor Authentication?
    A: UW System has mandated that UW-Madison implement a multi-factor authentication system across campus in an effort to increase security. After an RFP was concluded in 2017, industry-standard Duo Security was selected. Other higher-education institutions Duo serves include Harvard, Michigan, Villanova, Syracuse, University of South Florida and more. Duo has worked well for these institutions.
  5. Does installing and using the Duo Mobile app on my smartphone require acceptance of the UW Secure Management software and allow the UW to wipe my phone at will, similar to current mobile apps like Outlook?
    A: No, the Duo Mobile app and MFA system does not require you to accept or abide by the UW Secure Management policies, which include granting the university remote access to your device. This policy only applies to devices accessing and storing data locally like Outlook or OneNote. Since the Duo Mobile app is only used as a supplemental authentication method and does not access UW owned data directly, your phone remains independent from UW policy in regards to the Duo Mobile app.