What is Multi-Factor Authentication?

Multi-Factor Authentication (MFA), also known as Two Factor Authentication (2FA), adds an extra layer of security to University of Regina accounts to protect you, your data, and University systems from attacks on your account, which could result in unauthorized access to your accounts. 

Verifying your identity using a second factor, such as your mobile device, prevents others from accessing your accounts, even if they know your password.  

Systems and users configured for MFA will require two forms of authentication to verify your identity when logging into University of Regina services:

• Something you know: your Uregina.ca username and password.
• Something you have: a physical device (such as mobile phone, tablet, backup code, or hardware token).  This is the proof required to access your account beyond that of a password.

The "something you have" is the second factor used for authentication, and why MFA is also called two-factor authentication.  

By requiring you to verify your identity with something in your possession, MFA adds another layer of security in front of the information, accounts, and assets you access online (even in the event your password is stolen). Once enrolled, you will be able to deny access to your accounts if someone else is trying to sign in as you.

What About Passwords?

MFA is required as passwords are no longer sufficient, by themselves, to ensure accounts remain secure.  Unfortunately, account breaches due to compromised credentials are becoming more common.

With an increasing number of passwords to remember, people are prone to re-use the same passwords for many accounts or use weak passwords, which can easily be guessed. When other non-University services (social networks, websites, etc.) have breaches, these, in turn, can lead to your credentials being compromised and used to access University information.  

Even with strong passwords, attackers continue to launch targeted phishing attacks designed to steal passwords regardless of length and strength. 

Passwords, when partnered with MFA, provide much stronger protection to your accounts. Password + Proof = Secure Access. 

How Does MFA Work?

Once a user is enrolled in MFA, an authentication against an MFA enabled application happens like this:

1. The user logs in to the University of Regina website or service with their username and password.
2. The password is validated by an authentication server, and if correct, the user becomes eligible for the second factor.
3. The authentication server sends a unique push to the user’s second-factor device. 
4. The user confirms their identity by approving the additional authentication from their second-factor device. If you approve the authentication, you are automatically logged in. Importantly, you will be able to deny access to your accounts (on your Duo-enrolled device) if someone else is trying to sign in as you.

This process takes just seconds!

Most authentications will use this process, but there are other types of MFA transactions that may use a code (from the Duo Mobile App, a hardware token or a bypass code).

What is Duo?

Duo Security is the solution used for MFA at the University of Regina for secure authentication to MFA-enabled systems. You may also hear MFA referred to as Duo.

Duo is a leader in MFA technology, and is the most widely used product in the higher education space for MFA.  Hundreds of universities and millions of accounts use Duo. Duo is engineered to provide a simple, streamlined login experience while boosting security.

Duo's service can use a mobile app or hardware token to authenticate you. It can be combined with other authentication factors like username and password authentication to create multifactor authentication. Most people use Duo via Duo Mobile (the mobile app), which runs on a variety of smartphones and tablets. 

To learn more about Duo MFA, you can visit the vendor's website: Duo Multifactor Authentication.

To review information about what data is used by Duo, and how it is protected, please see Duo Mobile Privacy Information and Duo Privacy Data Sheet.