Use our instructions "How to replace a phone in Duo". We have a tool that helps you create a new token.
Starting in Summer 2020, the lockout will only last 30 minutes and will come off automatically. If it's been 30 minutes and you're still locked out, please open a ticket and make sure to provide your mobile number in your request. If you're unable to open a ticket, you can email us at oit@uci.edu or give us a call at 949-824-2222. For your security, we'll need to speak with you to verify your identity before we can assist.
If you have previously generated and saved your Emergency Backup Codes, you can use one of your codes.
If you don't have an emergency backup code, we can still help. Please open a ticket and provide a phone number where you can be reached. If you're unable to open a ticket, you can email us at oit@uci.edu or give us a call at 949-824-2222. For your security, we'll need to speak with you to verify your identity before we can assist.
See video for help: https://youtu.be/XOrWGFcdLeY?t=148
If you forget your MFA-enabled device, you can use one of your emergency backup codes to log in.
You've probably heard that you shouldn't write down your password, but these backup codes are an exception. You should definitely print these or write these down and keep them handy in a place where you can find them in an emergency, like your wallet, pocketbook, or purse. These are single-use codes, so after you use a code it cannot be used again.
In the event you misplace or replace your mobile device or hardware token (or if you just left it at home), you can use one of your emergency backup codes. Here's how:
Don't forget to cross this code off your list because each code can only be used once.
Yes. All users with iCloud Keychains enabled will automatically backup. When you activate a new iOS device, Duo Mobile will automatically connect to iCloud Keychain, iCloud Drive, and Duo’s cloud service to reactivate at first launch of the application.
Visit this Apple Support link to learn how to enable iCloud Keychain.
Passwords are becoming increasingly easy to compromise. They can be stolen, “phished”, guessed, and hacked. New technology and hacking techniques combined with the limited pool of passwords most people use for multiple accounts increase vulnerability.
UCI supports a range of electronic devices including:
For those of you who don't have a smartphone, the campus has funded independent Duo tokens for your use. Tokens will be distributed to your department's security coordinator.
Sometimes a Duo push might not be received in a timely manner (or at all) on a user’s phone for any of a number of reasons, namely a weak network connection or an upstream problem that is out of OIT’s and Duo’s control. The reasons include:
The UCI Multifactor Login screen (which is where you tell Duo to send you a push or to enter a passcode) will appear blank if you are running certain 'ad blocker' browser plugins, such as Adblocker Plus and uBlock Origin. The ad blockers are misinterpreting the Duo page as a 'pop up'.
There are a few ways to resolve this:
If you're seeing the following error in red... "Access Denied. The username you have entered cannot authenticate with Duo Security. Please contact your system administrator.' ...it's because you've recently replaced your phone, or performed a factory reset on your phone. The old token is no longer valid and must be replaced. Please open a ticket and provide a phone number where you can be reached. If you're unable to open a ticket, you can email us at oit@uci.edu or give us a call at 949-824-2222. For your security, we'll need to speak with you to verify your identity before we can assist.
Open the Duo Mobile app and use the 6-digit passcode that appears on your screen.
Please open a ticket and make sure to provide your mobile number in your request. We'll need to speak with you during business hours to resync your token. If your hardware token needs to be replaced and you work for OIT, we can open a ticket with the Security team so they can furnish you with a new one. If you do not work for OIT, please partner with whoever in your department who provided you with the hardware token. Alternatively, you can ask your local IT Support.
Yes. If you have a Yubikey, you use it to enroll. Enroll my Yubikey.
Make sure your Yubikey is plugged into your computer's USB port before proceeding.
After you log in to WebAuth, you'll arrive on the UCI Multifactor Login page. Select the "Enter a Passcode" option and then press the button on your Yubikey.
The Yubikey will generate a unique 6-digit code, automatically add it to the passcode field, and will then automatically log you in.
If you tap the "Deny" button on a push request, even if by accident, the system will send you and the Duo Admins an email. If you tapped the "Deny" button in error, you can safely disregard the email. If you did not, please forward the email to oit@uci.edu and include a note.
No, if your application uses WebAuth, it will automatically include Duo MFA for those who are enrolled.
You'll see this error if you were 'opted-in' to the Duo + WebAuth service but you have not yet enrolled your mobile device in Duo. Please open a ticket with the Help Desk and ask us to opt you out.
When you attempt to RDP into a Windows workstation that requires Duo, you will receive a prompt to authenticate with Duo. However, this prompt may default to the using your mobile phone option.
In the case where you'd like to authenticate with your hardware token instead, you may simply enter the code it generates into the passcode field that is available. Despite this being labeled under the mobile phone, it will still accept a passcode generated from any of your active Duo devices.