By December 4, 2017, all UMD faculty members (including GAs) and campus leaders (including deans, directors, department heads, and above) must use multi-factor authentication to log into all university resources that use the Central Authentication System (CAS). You can opt in at any time, but on December 4, it will become required, and you will not be able to log in until you have enabled MFA.
What is multi-factor authentication? Multi-factor authentication requires the use of two of the three authentication factor categories: something you know, something you have, and something you are. This adds a layer of security because hackers will need more than just a password to use your accounts. In order to log in, you will need:
- Your Directory ID and password
- Either a mobile device, a hardware token, a phone that can receive voice calls, or a one-time use code
Here's how to enroll in multi-factor authentication:
1. Enroll a device and a backup device/print one time use codes:
- Mobile device (iPhone, Android, Windows phone, tablet)
- Hardware token
- Phone that can receive voice calls
- One-time use codes
This video shows the setup process for a mobile device:
Future MFA Requirements
Planning is in progress for requiring MFA for other UMD groups.
- Emeritus Faculty: February 5, 2018
- All Staff: March 5, 2018
- Students: TBD
Frequently Asked Questions
- G Suite for Education (Gmail, Drive, etc.)
- Any other system that uses CAS (Central Authentication Service)
- Enroll a phone that can receive voice calls and use Duo's callback feature.
- Acquire a hardware token that you will need to keep with you. It will generate a single-use six-digit code every time you need to authenticate. Tokens are $20, and they can be purchased at Terrapin Tech (1221 McKeldin). Speak with your department’s business manager about whether your department will fund this purchase for you.
- Generate one-time use codes.
To enroll using one-time use codes, please go to Terrapin Tech in person. A technician will assist you with enrollment and permissions to print one-time use codes (they will print the first 10 for you). Please remember to generate a new list of one-time use codes before you use your last code. If you run out of codes, you will not be able to log into systems utilizing CAS until you contact the Service Desk to verify your identity. See these instructions to print more one-time use codes. Please protect your codes like you would secure any other important personal information -- keep them in your wallet or in a safe and secure place.