Multifactor Authentication (MFA)
Multifactor authentication (MFA) adds an extra layer of security to our college logins to protect you, your personal information, and college systems from unauthorized access and phishing attacks. Verifying your identity using a second factor such as a mobile device or YubiKey hardware token prevents others from accessing your accounts, even if they guess or steal your password! MFA is now required on all college accounts as of March 2022.
Cisco Duo - how can it be used?
Assiniboine Community College has selected Duo Security as our MFA provider. Duo is the current market leader and the most widely used product in the higher education space for MFA. This short video will introduce you to Duo MFA and the FAQs below will help you secure your account with Duo.
Duo video from Information and Technology Services:
Duo Video from Cisco Duo:
Duo at Assiniboine protects the following systems and logins:
- Webmail (https://webmail.assiniboine.net)
- Office 365 (https://login.microsoftonline.com/?whr=assiniboine.net) (SharePoint, Teams, Email, and OneDrive)
- MyACC (https://myacc.assiniboine.net)
- Moodle (https://online.assiniboine.net )
- Colleague UI (Staff)
- Staff VPN
- Remote Desktop System (https://rd.assiniboine.net)
Please complete the enrollment process and do not stop part way through, you will need to get to the stage of scanning the QR code with the Duo app on your mobile!
We recommend using a mobile device and the Duo mobile app. This offers the most flexibility and ease of access when logging into to college applications.
Download the Duo mobile app:
Frequently Asked Questions
Is Duo accessible for people with disabilities?
"We test for accessibility in a number of ways. For our visually impaired users, we test our software manually by using both magnification and screen readers, specifically Nonvisual Access’ NVDA screen reader and Apple’s VoiceOver. We also ensure users can successfully authenticate only using a keyboard by testing font colors and backgrounds against contrast checkers and improving contrast for keyboard focus."
Read more about Duo's accessibility options:
Why is app push the best authentication method?
The app is free!
The Duo Mobile app is free to use, and easy to setup and install.
Convenience, security and ease of use
Duo Push is as simple as approving a notification on your smartphone. You can use the mobile app push when using a computer, tablet, or phone to access protected services.
It’s more secure
Duo Push uses end-to-end encryption that SMS and phone calls can’t.
The Duo Push screen displays detailed information about the application and source device that initiated the authentication request.
I can't use the mobile app. Are there other authentication options?
Yes. Other authentication options include:
- You can log in using a passcode that is generated by a hardware token. A hardware token is a thumb-drive sized fob that you must carry with you. We recommend the YubiKey 5 NFC. Staff can request a YubiKey from Information and Technology Services, and Students can purchase a YubiKey directly from the bookstore at 1430 Victoria Avenue East (Assiniboine Community College Bookstore ), the manufacturer Yubico (For education | YubiKey strong two-factor authentication | Yubico), and Amazon.ca. You should ensure you order a YubiKey 5 NFC with the correct USB port for your laptop or tablet. There are YubiKey 5 NFCs for USB-A, USB-C, and even lightning port. If your program uses ACC campus computers, you should buy a USB-A compatible token like the YubiKey 5 NFC. Other hardware token options are available and may work, but full support and testing has been completed with YubiKey 5 NFCs.
Phone call or SMS Text
Phone calls and text messages are disabled at this time for improved security. Only the Duo mobile app or hardware token can be used to authenticate.
What are the mobile device requirements for using Duo?
How do I get started?
You can enroll yourself in Duo using the procedure in this video (MFA Video ITS - YouTube). Please ensure you complete the entire process including scanning the QR code with the Duo mobile app. And do not delete the app after! You will need it for every time you login to Assiniboine websites or services.
Duo on your mobile phone
Is the Duo mobile app free?
Why should I use my personal phone for this?
Mobile phones are the most popular choice for multifactor authentication because of the convenience. People rarely go anywhere without one. If using a mobile phone isn’t an option for you (employees) please contact the ITS Service Desk to discuss other options and read about the alternatives available in the "Getting started – Hardware Token" section.
Students can purchase YubiKeys from the locations in the “Getting Started – Hardware Token” section. General concerns about the use of a mobile phone for your job, should be discussed with your supervisor.
Will multifactor authentication work on my cell phone if I don't have cellular coverage or Wi-Fi access?
Yes. You won't be able to receive push notifications so when you are logging in choose, "Enter a Passcode." Then open the Duo app and tap on the logo. It will give you a six-digit code to enter for authentication. You do not need an internet connection or a cellular signal to generate these passcodes.
What happens if I change SIM cards in my phone?
SIM card with same phone number:
If the Duo app is already installed on your phone and the new SIM card uses the same phone number as the previous SIM card, Duo should work as normal.
SIM card with different phone number:
If you have the Duo app on your phone and change to a SIM card with a different phone number:
- Push notifications in the app — Changing SIM cards should not have any effect.
More information is available in this Duo help guide.
If you encounter any difficulties when changing phones, please email the ITS Service Desk or call us 204-725-8700x6765 for assistance.
What happens if I lose my phone?
If your phone is lost or stolen, contact the ITS Service Desk immediately for assistance.
Devices can be added or removed in the Duo settings in the login prompt.
How much data does a Duo Push use?
Not much at all! 500 pushes to your device will use 1 MB of data in total. This is roughly equivalent to loading one single webpage on your mobile device.
What if my push alerts aren’t coming through?
Multiple devices or new device received
Can I have Duo on multiple devices?
Yes, you can configure several devices on your Duo account from the Duo prompt by selecting Add a new device, under settings. Multiple devices of the same type can be added.
For detailed instructions see: Adding a new device
*Note – staff will only be provided one YubiKey when requested*
I’ve switched devices and/or need to reactivate Duo mobile.
If you get a new phone, or if you’ve re-installed the Duo Mobile app, you'll need to re-activate Duo Mobile. You may enrol your new device yourself from the Duo prompt. You can view the self-service reactivation guide here: IT Service Desk (assiniboine.net)
You will need to log in using an MFA device already configured to your account. If the device you are replacing is your only MFA device and you no longer have access to it, email the ITS Service Desk or call us 204-725-8700x6765.
Duo app security and privacy
What should I do if I receive a push notification in Duo that I didn’t initiate?
It may be that someone is trying to illegally access your account:
- First, choose “Deny” in the Duo app to block the request, then
- Call the ITS Service Desk at 204-725-8700x6765 and report it to us!
Does the Duo app on my phone give ACC or Duo control or access to my phone?
Where can I find Duo’s privacy and security information?
Please see Duo's Privacy Data Sheet.
Where can I get help with Duo / I have further questions?
What do I do if I forgot my phone/token and need to login?
Please contact ITS to request a Bypass code that will allow you to login.
- Email us at firstname.lastname@example.org
- Call the ITS Service Desk at 204-725-8700x6765
How do I contact ITS with questions about MFA and Duo?
I enrolled in Duo, is there anything else I should know?
- The built-in e-mail apps on both IPhones and Androids are not recommended for MFA enabled users. We recommend the Outlook for mobile app, you can read about installing it in our KB Article: https://itservicedesk.assiniboine.net/kb/faq.php?id=143
- Please do not delete the app from your phone after enrollment, you will be unable to login if you do so!
- This is not a one-time use app, every time you login to Assiniboine services you will need the Duo app for the push notification.