If you are having trouble with entering a Duo mobile code into the app, first attempt to use Duo push instead.
If Duo push is not working ensure that:
If Duo push is still not working try updating your Duo mobile application to version 4.49 or later via these instructions. After updating you may again try inputting the code as well as Duo push.
You may also add another device and try using duo push on that device.
If you are still having trouble, contact OIT Help Desk at oit@uci.edu or give us a call at 949-824-2222.
Use our instructions "How to replace a phone in Duo". We have a tool that helps you create a new token.
The lockout will only last 30 minutes and will come off automatically. If it's been 30 minutes and you're still locked out, please open a ticket and make sure to provide your mobile number in your request. If you're unable to open a ticket, you can email us at oit@uci.edu or give us a call at 949-824-2222. For your security, we'll need to speak with you to verify your identity before we can assist.
If you have previously generated and saved your Emergency Backup Codes, you can use one of your codes.
If you don't have an emergency backup code, we can still help. Please open a ticket and provide a phone number where you can be reached. If you're unable to open a ticket, you can email us at oit@uci.edu or give us a call at 949-824-2222. For your security, we'll need to speak with you to verify your identity before we can assist.
Your login instance will be remembered for 24 hours after you initially authenticate. After 24 hours you will need to authenticate again.
If you forget your MFA-enabled device, you can use one of your emergency backup codes to log in.
You've probably heard that you shouldn't write down your password, but these backup codes are an exception. You should definitely print these or write these down and keep them handy in a place where you can find them in an emergency, like your wallet, pocketbook, or purse. These are single-use codes, so after you use a code it cannot be used again.
In the event you misplace or replace your mobile device or hardware token (or if you just left it at home), you can use one of your emergency backup codes. Here's how:
Don't forget to cross this code off your list because each code can only be used once.
Yes. All users with iCloud Keychains enabled will automatically backup. When you activate a new iOS device, Duo Mobile will automatically connect to iCloud Keychain, iCloud Drive, and Duo’s cloud service to reactivate at first launch of the application.
Visit this Apple Support link to learn how to enable iCloud Keychain.
Passwords are becoming increasingly easy to compromise. They can be stolen, “phished”, guessed, and hacked. New technology and hacking techniques combined with the limited pool of passwords most people use for multiple accounts increase vulnerability.
UCI supports a range of electronic devices including:
For those of you who don't have a smartphone, the campus has funded independent Duo tokens for your use. Tokens will be distributed to your department's security coordinator.
Duo will automatically send a push notification to your most recently authenticated device. If you would like to change the default device, simply prompt a Duo push and open the Duo app on the desired device. After you authenticate on that device, the next authentication will default to that device.
Sometimes a Duo push might not be received in a timely manner (or at all) on a user’s phone for any of a number of reasons, namely a weak network connection or an upstream problem that is out of OIT’s and Duo’s control. The reasons include:
The UCI Multifactor Login screen (which is where you tell Duo to send you a push or to enter a passcode) will appear blank if you are running certain 'ad blocker' browser plugins, such as Adblocker Plus and uBlock Origin. The ad blockers are misinterpreting the Duo page as a 'pop up'.
There are a few ways to resolve this:
If you're seeing the following error in red... "Access Denied. The username you have entered cannot authenticate with Duo Security. Please contact your system administrator.' ...it's because you've recently replaced your phone, or performed a factory reset on your phone. The old token is no longer valid and must be replaced. Please open a ticket and provide a phone number where you can be reached. If you're unable to open a ticket, you can email us at oit@uci.edu or give us a call at 949-824-2222. For your security, we'll need to speak with you to verify your identity before we can assist.
If you're seeing a push notification on your phone or computer browser and you did not prompt it, there could be a few reasons. Sometimes services like office 365 or background services can prompt it when booting up your device. You could also have another tab open that is prompting duo without your knowledge. If you believe there is suspicious activity related to a duo notification, please contact OIT Help Desk at oit@uci.edu or give us a call at 949-824-2222.
Open the Duo Mobile app and use the 6-digit passcode that appears on your screen.
Please open a ticket and make sure to provide your mobile number in your request. We'll need to speak with you during business hours to resync your token. If your hardware token needs to be replaced and you work for OIT, we can open a ticket with the Security team so they can furnish you with a new one. If you do not work for OIT, please partner with whoever in your department who provided you with the hardware token. Alternatively, you can ask your local IT Support.
If you don’t have a mobile device, the campus has funded independent Duo tokens for your use, free of charge.
Please email oit@uci.edu to request for a Duo hardware token. Please include your UCInetID in the email.
Alternatively, students and employees can purchase a third-party hardware token from vendors like Yubikey. If you have a Yubikey, enroll it now.
If you tap the "Deny" button on a push request, even if by accident, the system will send you and the Duo Admins an email. If you tapped the "Deny" button in error, you can safely disregard the email. If you did not, please forward the email to oit@uci.edu and include a note.
No, if your application uses UCI Single Sign-on, it will automatically include Duo MFA for those who are enrolled.
You'll see this error if you were 'opted-in' to the UCI SSO service but you have not yet enrolled your mobile device in Duo. Please open a ticket with the Help Desk and ask us to opt you out.
When you attempt to RDP into a Windows workstation that requires Duo, you will receive a prompt to authenticate with Duo. However, this prompt may default to the using your mobile phone option.
In the case where you'd like to authenticate with your hardware token instead, you may simply enter the code it generates into the passcode field that is available. Despite this being labeled under the mobile phone, it will still accept a passcode generated from any of your active Duo devices.