³Ô¹ÏÍø

Skip to main content
People Departments Maps Buildings Rooms A-Z
University
of Victoria
Apply Library
Sign in Online tools Sign out
NetLink ID

Multi-factor authentication

Multi-factor authenticator (MFA) is an important security feature that requires you to use 2 pieces of evidence to prove your identity when you sign in to your UVic account. The first is always your passphrase. Most people use an authenticator app on their phone as the second one, though there are other options.

MFA is one of the best ways to keep your account secure, even if your passphrase has been compromised. MFA is mandatory for all UVic students and employees.

Get started with MFA

If you're new to UVic and need to set up MFA for the first time, go to turn on multi-factor authentication. This page covers managing and troubleshooting MFA once you're using it.

Details

For
Students & employees
Website
Your profile > Manage Duo multi-factor authentication
Privacy
UVic data privacy information for Duo MFA

Restrictions

  • The weakest verification methods, SMS and email, aren't available.

If you’re travelling or living outside Canada, you can still use UVic MFA. You can still use Duo Mobile without data or Wi-Fi.

You can also swap SIM cards in your phone. The Duo Mobile app is tied to your phone’s hardware security module (HSM), so picking up different SIM cards in other countries won’t disable your UVic MFA access.

There are some specific countries or regions where the Duo Mobile app is blocked due to economic and trade sanctions enforced by the U.S. Office of Foreign Assets Control. These restrictions also include other online services through UVic, like Microsoft 365 and Remote VPN access.

If you’re travelling to a restricted country or region, please contact IT support before you leave. This list of countries or regions currently includes:

  • Cuba
  • North Korea
  • Iran
  • Sudan
  • Syria
  • Crimea region
  • Sevastopol region
  • Donetsk region
  • Luhansk region

Accessibility

Duo Mobile is compatible with screen readers and many other adaptive technologies, but the software and process we've described here don't work for everyone. If you need something different, either because of a disability or access to devices, accommodations are available.

You don't need to be registered with CAL to request an accommodation.

Request an accommodation

Manage MFA

You can manage your own MFA devices, tokens and bypass codes in Your profile > Manage duo multi-factor authentication.

Manage devices

Use the Duo device management portal to:

  • rename your authenticator devices
  • migrate to a new phone (with the same number)
  • add a new device (with a different number or without cellular service)
  • remove an authenticator device

To make the switch easy, add your new device to MFA before you reset or dispose of your old one. Alternately, you can do it afterwards if you have a bypass code you can use.

If you don't have access to your old device or a bypass code, contact IT support for help. 

You can update your enroled devices online.

Once you’re in the device management settings, you can remove your old phone and add a new one. If your new phone has the same phone number, you can Reactivate Duo Mobile.

You’ll need to install the Duo Mobile app on your new phone to complete the reactivation.

Deleting the app won’t remove UVic MFA from your NetLink ID, but it can lock you out of your account. Try to make sure you have another device added or a bypass code before deleting the app. If you deleted the app without one, contact IT support.

If you do have a second device or a bypass code, you can reactivate your device. You’ll need to reinstall the Duo Mobile app first.

There are a few ways to access your UVic account if you lose your phone or Duo hardware token:

  • If you’ve added another device to your Duo account, you can use that to sign in.
  • If you made bypass codes, you can use one to sign in.
  • If you don’t have a second device or bypass codes, you can contact IT support.

Once you’ve signed in, you can unenrol the lost phone or hardware token to remove it from your Duo account. You can always re-add your lost device if you find it later.

There are a few reasons why you might not be getting push notifications on your phone:

  • The Duo Mobile app isn’t responding. Try restarting the app and you should see an approval request waiting for you.
  • Notifications are turned off. Double check your notification settings. You might have them turned off or they’re being blocked by Focus mode or Do not disturb.
  • You don’t have Wi-Fi or cell service. If your phone has a weak connection, you can use the Duo Mobile app to generate one-time use codes like the Duo hardware token.

Duo has more notification information for  and  on their support site.

If you receive a Duo push notification when you aren’t trying to sign in to a UVic service, someone might be trying to access your account. Deny the push notification. When Duo asks, “Was this a suspicious login?”, press Yes. This will stop the other person’s sign in attempt.

You should change your NetLink ID passphrase immediately.

Manage authenticator tokens

Use token management tools to:

  • add a Duo hardware token from the UVic bookstore
  • add a TOTP-based authenticator app
    • we've tested Microsoft Authenticator, Google Authenticator and Twilio Authy
      • we expect others will work
    • if you need longer than 30 seconds to finish authenticating, select Authenticator app - extended time

There are a few ways to access your UVic account if you lose your phone or Duo hardware token:

  • If you’ve added another device to your Duo account, you can use that to sign in.
  • If you made bypass codes, you can use one to sign in.
  • If you don’t have a second device or bypass codes, you can contact IT support.

Once you’ve signed in, you can unenrol the lost phone or hardware token to remove it from your Duo account. You can always re-add your lost device if you find it later.

Hardware tokens generate codes for you when the button is pushed. Each code lasts long enough for you to use it while signing in. If the button gets pressed too many times without the code getting used, it can get out of sync with the UVic MFA service. This can also happen if the battery is failing or if the token is damaged.

You can re-sync your token online. You will need to approve a Duo prompt to make any changes to your devices, so make sure you have another device or bypass code handy. If you don’t have one, contact IT support.

Manage bypass codes

Use bypass code tools to:

  • delete your active codes
  • generate 10 single use codes, no expiration date
  • generate one 24-hour, multi-use code

You should delete or refresh your codes if you lose the codes you have or if someone else might have taken or copied them.

A 24-hour multi-use code is most useful if your job or classes require you to sign in to MFA several times a day.

Get help now

Contact IT support for:

  • help managing your MFA settings
  • help migrating to a new device if you've lost access to your old one
  • a temporary bypass code, if you don't have access to your device or bypass codes you've made
Get help now