Multi-Factor Authentication (MFA)


UPDATE: By October 2019, Multi-Factor Authentication (MFA) will become mandatory for key UCSC services. These include but are not limited to UCPath, Google Apps, MyUCSC, Canvas and CruzPay. ITS will begin a phased MFA roll-out over nine months beginning February 2019. More Details

Passwords are becoming increasingly easy to compromise. They can be stolen, guessed, and hacked. New technology and hacking techniques combined with the limited pool of passwords most people use for multiple accounts increases vulnerability.

Multi-Factor Authentication (MFA) is a method of system access control in which a user is only granted authorization after successfully providing a second authentication method beyond the basic username/password. MFA combines knowledge (something you know) with possession (something you have).

At UCSC, MFA will combine CruzID+Gold password with cell phone, landline phone or one time use passcode. Duo Security is the vendor facilitating the passcodes for the ‘possession’ half of MFA at UCSC.

Features and Functions:  Based on preferences and device availability, there are several convenient authentication methods. Visit the Device Overview for additional information on each authentication method.

  • Push Notification via Duo Mobile App: If the Duo Mobile App is installed on a smartphone or tablet, a push notification is received to either approve or deny the authentication attempt. No manual entry of a passcode is required at login. 
      * This is the most popular method using only a single button to MFA (vs. typing a passcode per login).
  • Text Message (SMS): A batch of one-time use passcodes is sent via text message. An unused passcode is then entered into the ‘Second Password’ field of Cisco AnyConnect.
  • Phone call: A telephone call to any cell phone or landline will prompt approval or denial of the authentication attempt.
  • Passcodes via Duo Mobile App: If the Duo Mobile App is installed on a smartphone or tablet, a single passcode is retrieved by tapping the key image next to "University of California Santa Cruz" in the mobile app. This passcode is then entered into the ‘Second Password’ field of Cisco AnyConnect.

Instructions for using each method (after enrollment) can be found in the Quick Guide.

Supported Devices:  UCSC supports a range of electronic devices including:

  • iOS smartphones and tablets
  • Android smartphones and tablets
  • Blackberry devices
  • Windows phones
  • Basic cell phones with and without text message capabilities
  • Landlines (Desk Phones)
  • Hardware tokens

Availability:  MFA is required for Data Center VPN (DC VPN) Cisco AnyConnect users. Users will be required to enroll in MFA through CruzID Manager before gaining access to DC VPN. Changes to MFA device enrollment/settings can be completed in CruzID Manager

Get Help:  MFA is an ITS supported service. Contact the Support Center ( or 831-459-4357) for assistance.

  • FAQs
  • Self Service: Users are able to enroll and manage device preferences through CruzID Manager.
  • Support Center: If all authentication devices connected to the account are unavailable, contact the Support Center ( or 831-459-4357) during business hours for a temporary one-time passcode.