Multi-Factor Authentication (MFA), Introduction

Multi-factor authentication (MFA) is a multi-step login process deployed by the University to help ensure the security of Illinois accounts. Multi-factor authentication is sometimes referred to as 2-Factor Authentication (2FA). Current students and staff are required to enroll their accounts in this system before they are allowed to access most University services.

How Multi-Factor Authentication Protects Your Account

Multi-factor authentication works by asking for an additional approval step after your account’s password is accepted when logging in to a University website or service. You will be prompted for approval using a device that you have. This means that even if your password is compromised, your account can be protected. This makes it much more difficult for attackers to compromise University accounts and systems using tactics such as phishing.

Users will see two MFA (Duo) prompts when logging in, depending on which login screen they reach (For Urbana campus users: Identity Management, Urbana Single Sign-On Pages).

  • (Urbana, Chicago, and Springfield applications) Duo Universal Prompt - when logging into Microsoft365 and Shibboleth (Canvas, Box, Zoom, Moodle, etc.) applications.
    • The NetID Center has been upgraded to use the Duo Universal Prompt
  • UI Verify (sometimes known as the AITS Duo iFrame) - when logging into some System-level (AITS) and sites (Banner, HR Reporting, NetID Center, Direct Deposit, etc.).

    Visual Difference
    Duo Universal Prompt AITS Duo iFrame
    Duo Universal Prompt AITS Duo iFrame

How to Use Multi-Factor Authentication

When you log in to a university service protected by MFA, you will be shown a prompt asking for a second step (if you are already enrolled) or guiding you through the enrollment process (if you have not set it up yet).

You can also enroll at any time using the NetID Center website. Detailed instructions for doing so can be found in our article here: Multi-Factor Authentication (MFA), Enrollment. Please note that it is not possible to un-enroll your account once MFA is configured.

If your account is already enrolled, you can see (and change) the phone number you have registered and any other devices you have set up using the NetID Center website. More information about managing devices in the NetID Center can be found here: Multi-Factor Authentication (MFA), Device Management.

If you have trouble signing into your account using multi-factor authentication, see this help article: Multi-Factor Authentication (MFA), Troubleshooting.

If the troubleshooting steps there are not helping, or if you have any other questions about multi-factor authentication, contact the Technology Services Help Desk by email at or by phone at 217-244-7000 for further assistance.

Frequently Asked Questions

Is a smartphone required for MFA?

A smartphone is recommended but not required.  A smartphone will provide the greatest level of security and convenience through the Duo Mobile app.  The Duo mobile app can generate a passcode for login (without a cellular connection) and receive push notifications for one-tap authentication. Any mobile phone will work, but will not include the advantages of the Duo Mobile app.

Do I need to use my personal mobile device for MFA?

You are not required to have a mobile device to use MFA, but it is the most convenient option. Most users prefer to use the Duo mobile app on their smartphones. Instead of a smartphone, you may register with a basic cell phone for text, a tablet with the Duo mobile app installed, or a token. The recommended smart phone option makes MFA extremely easy and cost effective. A token for MFA can be purchased through the WebStore by your unit. See this KB for more information on using hardware tokens: Multi-Factor Authentication (MFA), Hardware Tokens and Security Keys.

What if I lose my phone, or leave it at home? What if I don't have access to my MFA device?

Please see this help article: Multi-Factor Authentication (MFA), Troubleshooting. These can be used if you forget your MFA device at home or have lost it.  They can also be requested if you are going to a testing center and will not be able to take your MFA device with you.  Temporary passcodes are good for 3 days, 100 uses, and you can request 24 per year.

NOTE: Temporary bypass codes are only to be used on an emergency basis.

Can I use multiple devices with MFA?

Yes. We encourage you to register multiple devices in case you misplace or forget your primary device.  Please note, your University phone number can't be used with MFA.

See Also:

Keywords:2FA, 2-factor authentication, Two-factor authentication, Duo, Duo Security, Verify, UI Verify, enrollment, FAQ, Questions, Frequently, AITS, yubikey, NewHire, UI New Hire, lock, locked, lockout, denied, mfa, multi-factor authentication, multi, factor   Doc ID:65971
Owner:ID M.Group:University of Illinois Technology Services
Created:2016-08-10 15:33 CDTUpdated:2023-08-10 18:34 CDT
Sites:University of Illinois System, University of Illinois Technology Services
Feedback:  0   9