Skip to main content

Student Two-Factor Authentication (2FA)

two-factor-authentication

In our current environment where everything is online, it is easier than you think to expose your passwords and subsequently, all your private information.

Montgomery College is seeing a rise in the number of cyber attackers targeting students. As a result, we are requiring all MC students to enroll in Two-Factor Authentication (2FA) by October 3, 2022 to protect against account compromise.  Even if a hacker gains access to your MyMC ID and password, 2FA will help protect your email and Office 365 accounts.


ENROLL HERE


Need help getting started? Access the 2FA enrollment guide below. 
Need additional help? Contact our IT Service Desk 24/7/365!

ENROLLMENT GUIDE


Frequently Asked Questions

Overview

Two-Factor Authentication (2FA) adds a second level of security during the login process to help prevent anyone other than you from accessing systems storing sensitive data. This is accomplished using 2 layers of security to verify your identity when logging into a system:

1. Enter your username (your MyMC ID) with your password
2. Use a physical device such as your cell phone or tablet to confirm your identity
The device that is most convenient for this purpose is a cell phone with the Duo Mobile app installed on it. Alternatively, a text message can be sent with a series of one-time passcodes for you to type in.

MC has decided to implement 2FA in response to multiple recent phishing scams and other vulnerabilities faced by the College and other organizations worldwide. 2FA provides much stronger insurance that information is only accessible to the intended people, and that the systems remain highly available. MC has chosen the vendor Duo for its 2FA needs and you will see the name of this organization when you enroll or log into certain College services.

Yes. Faculty, staff, and some students have been using 2FA since 2017. It became a requirement for all employees in October 2019.

2FA will strengthen your MC account security, greatly reducing the chances of your account and data being breached.

You can go directly to the Enrollment Pagenew window or, if you need help, access the Student 2FA enrollment guide (PDF, Get Adobe Acrobat PDF Reader.-Link opens in new window.) .

No. Duo Mobile cannot read your emails or track your location, it cannot see your browser history, and it requires your permission to send you notifications. Lastly, Duo Mobile cannot remotely wipe your phone.

Although the Duo Mobile app is the most convenient 2nd factor option, you are not required to install it on your device.

Duo Mobile is a very small application, taking up little room on your phone, and it is meant for individual consumer use. It is free, and its use does not result in any charges if you use the push or passcode options from the app itself. You may also receive a text message, or if you forget your device, you can always contact the IT Service Desk for a one-time bypass code.

There is no limit to the number of devices you may enroll in Duo. It is recommended that you have at least two devices. Smart phones, tablets, and even the Apple Watch can be added.  

Duo Mobile only accesses your camera when scanning a QR code during activation.

Duo provides detailed information on what data is collected while using Duo Mobile and how user's may opt-out of their usage analytics.  Review the Duo Mobile Privacy Information and the Duo Services Privacy Notice

authentication methods

The following devices can be enrolled with Duo:

iPhone or iPadnew window (using the Duo app from the Apple App Store) 
Androidnew window (using the Duo app from the Google Play Store) 
Other types of cell phones (using a text message)

TIPS:
Keep in mind that you will need your registered device near you any time you want to login to MyMC, Office 365, or any future applications protected by 2FA.
We strongly recommend setting up at least two devices with Duo in case you are not near the original device you setup in Duo. You can add as many devices as you wish by following the directions.
You will need to authenticate each time you login, unless you check the "Remember me for 7 days" checkbox at the Duo prompt. This will apply to the same application in the same browser.

Manage your Devicesnew window

After entering your usual password information, you can authenticate your login through one of the three options:

  • Send me a Push: Recommended! Receive a notification on your phone to approve or deny the authentication using the Duo mobile app
  • Mobile App: Enter a passcode from the Duo mobile app on your phone
  • Text message
  • Previously saved text message

It’s quicker than a text:

  • Authenticating with a text message requires waiting to receive the text, and the extra step to type in a passcode.
  • Duo Push is as simple as approving a notification on your smartphone.

It's more secure:

  • Duo Push uses cutting-edge end-to-end encryption that text messages cannot.
  • The Duo Push screen displays detailed information about the application and source device that initiated the authentication request.
  • Duo Push allows you to report a fraudulent attempt to access your account.

Yes. In fact, it is recommended that you register more than one phone or device, in case you lose the primary one.

You will need to authenticate using 2FA every time you sign in using your MC login. However, you may select “remember me” when signing in to require authentication only once every seven days. Do NOT select "remember me" on a public computer. Only  use the “remember me” option for your own computer.

Please note: you must have cookies enabled on whichever browser you use in order to have the browser remember your 2FA authentication for 7 days. 

You can manage your devices by visiting the 2FA enrollment websitenew window

To add a new device: Click on “Add a new device”.  In order to add a new device, the service will first need to confirm your identity by authenticating you based on your current settings. Once confirmed you may add a new device.

To choose your default device or authentication method:  Click on “My Settings & Devices” and select your desired options.

You have a few options:

Use an alternative device:
If you enrolled a second device, such as your tablet, you can select that alternative device in the dropdown menu and then select the Duo push option.

Bypass code:
You can call the IT Service Desk and request a one-time bypass code.

Request Passcodes in Advance:
Ideally, in advance of leaving your phone at home, if you set up your mobile phone as a mobile phone in Duo, you can request Passcodes sent to it via text messaging (SMS).  Duo will send 10 one-time use codes in a text message, and they do not expire until used. To request 10 one-time passcodes, log in to the 2FA enrollment website new windowchoose, “Enter a passcode”, and select “Text me new codes” in the blue bar that appears.

If a mobile device is lost and was setup for 2FA, it needs to be removed from Duo as soon as possible. Email the IT Service Desk for help. 

If you have multiple devices registered, you can remove the lost/stolen device by visiting the 2FA enrollment websitenew window.

Click on “Add a New Device” to manage your devices. Keep in mind that even if you have received a replacement phone with the same phone number, the new phone is not synced with Duo just because it has the same phone number. The trust relationship has to be reestablished through the "Add a New Device" process or call the IT Service Desk to "Reactivate Duo mobile" for the new phone at the same number.

Yes, however you must install Duo Mobile on your iPhone first and register it with Duo. Then on your MyWatch app, navigate to the Duo Mobile app setting and set the option "Show App on Apple Watch" to ON. The caveat to this feature is that your iPhone has to be unlocked to receive the message on your Apple Watch. Otherwise, the push notification will go to your phone.

Almost none. 500 pushes to your device will use 1 MB of data in total. This is roughly equivalent to loading one webpage on your smartphone.

troubleshooting and common issues

There is a known issue with Microsoft O365 where a user clicks “Sign Out” and the user isn’t signed out. Instead the web browser reloads the current web page, with the authentication happening in the background. 2FA may be invoked as if it is a new session.

To resolve this, there are a few options:

Close your browser. Then reopen and go to O365 to ensure you are no longer logged in.
If you are still logged in, or presented with the 2FA prompt, clear the cookies in your browser and then try signing out again.
If you are still logged in, you may be signed in to another Microsoft online service, and this may be preventing you from signing out. If this is the case, sign out of all Microsoft online services. To do this, follow these steps:
Go to https://login.microsoftonline.com/logout.srf, and then sign out (if you aren't already signed out).

Go to https://login.live.com/logout.srf, and then sign out (if you aren't already signed out)

Try these easy troubleshooting steps for iOS, Android, Windows Phone.
Still not working? Reactivate Duo Mobile or contact the IT Service Desk.

No problem. Tap the key icon in the Duo Mobile app to generate an authentication passcode. You do not need an internet connection or a cellular signal to generate these passcodes.

You must enroll your new phone in Duo even though you have the same number.

You will need to select the “Passcode” option to verify your identity.

Locate your phone number in the list of devices, click the “Device Options” button, and select “Reactivate Duo Mobile.”

Follow the prompts and your new phone will be enrolled with your old phone number. Push notifications should function normally.

If you continue experiencing problems, contact the IT Service Desk.

There are several ways you can still access College resources enabled with Duo when you are traveling or may not have internet access.

Use Passcodes from the Duo app, even without an internet connection. The Duo Mobile app for Android and iOS also works without an internet connection by giving you passcodes. Just tap the key button to generate a passcode. This works anywhere, even in places where you don’t have an internet connection or can’t get cell service.

Send text messages to your phone before you leave. If you set up your mobile phone as a mobile phone in Duo, you can request Passcodes sent to it via text messaging (SMS).  Duo will send 10 one-time use codes in a text message, and they do not expire until used.  To request 10 one-time Passcodes, log in to the 2FA enrollment websitenew window choose, “Enter a passcode”, and select “Text me new codes” in the blue bar that appears.

You can use a tablet to authenticate if you do not have a mobile phone. Duo lets you link multiple devices to your account, so you can use your mobile phone , two different mobile devices, etc. If you don’t have  any mobile devices, please contact IT Service Desk for help.

The Duo Mobile App passcode generator works without cell or Internet service.

Travel to countries where phones may be subject to search and seizure, please contact the IT Service Desk for assistance.

Chrome, Firefox, Safari, Edge, Opera, Internet Explorer 8 or later.
For the widest compability with Duo's authentication methods, Duo recommends using the most recent versions of Chrome or Firefox.

A physical device that a user carries to authenticate their identity and authorize access to a network. Push a button on the device and it generates a passcode to enter at the Duo prompt.

CLASSROOM CONSIDERATIONS 

Carrying the 2nd factor device is required, and supported by the College’s Academic Leadership.

The Duo Mobile app generates a passcode that works without internet or cell service. Use the "Enter a Passcode" option on the Duo prompt.