Device Overview and Recommendations
It is recommended that you enroll at least two devices to use with MFA. Imagine this scenario. You usually have your mobile devices with you to authenticate and this is your only method. If your mobile device is not with you or broken how will you authenticate? You can add another mobile device, or another authentication method, which will allow you to authenticate if such an event were to occur.
- The recommended method of authentication is via the Duo Mobile application on a smartphone or tablet here is why
- It is faster than any other method
- It works on wifi so not to affect limited mobile text or call minutes
- It is single button approval for push vs typing in a code
- It is more secure than phone calls and standard text messages. (Did you know in the US in 2022 60% of data breaches related to Cybersecurity were via user account compromise?)
- A duo push if on a cell uses very little data. In fact 500 authentications will use 1MB of data which is equivalent to loading one webpage on your phone
- The Duo app can generate an authentication code to allow you to authenticate when you have no or poor wifi
- Since the mobile app can run on Wifi it works internationally as a call or text is not required
- Duo Mobile has no access to change settings on your phone. Duo Mobile cannot read your emails, it cannot see your browser history, and it requires your permission to send you notifications. Lastly, Duo Mobile cannot remotely wipe your phone. The visibility Duo Mobile requires is to verify the security of your device, such as OS version, device encryption status, screen lock, etc. We use this to help recommend security improvements to your device and you always are in control of whether or not you take action on these recommendations.
- Why does the Duo Mobile app need to access my camera? ► Duo Mobile only accesses your camera when scanning a QR code during activation.
- The University of California has a systemwide agreement with DUO (Cisco) to ensure that UC privacy and confidentiality policies are honored
All Authentication Options by device
- Smartphone: Duo Mobile App with text code or single button approval. Can also be called as a phone or used as a text code (SMS) passcode generator.
- Cell Phone: Can be called as a phone or used as a text code (SMS) passcode generator.
- Landline: A telephone call to any landline phone will prompt approval or denial of the authentication attempt. Any touch tone enabled phone is eligible to be enrolled.
- Tablet: Enroll your tablet and receive Duo push notifications and passcodes to MFA through the Duo Mobile app.
- Token: These hardware tokens will generate a passcode that will allow you to access Gold password systems. These tokens are pre programmed for UCSC and can be purchased at the Baytree bookstore and easily associated with your CruzID. Alternatively if you have no other way to MFA a request process for an ITS provided token can be started via a Slughub ticket.
- YubiKey: Already have your own token? If you’re prepared to do a little extra legwork and program your own YubiKey, follow the ITS self-service guide to enroll.