skip to Main Content
Montgomery College Maryland logo

Overview

What is 2FA?

Two-Factor Authentication (2FA) adds a second level of security during the login process to help prevent anyone other than you from accessing systems storing sensitive data. This is accomplished using 2 layers of security to verify your identity when logging into a system:

  1. Enter your username (your MyMC ID) with your password
  2. Use a physical device such as your cell phone, tablet or landline phone to confirm your identity

The device that is most convenient for this purpose is a cell phone with the Duo Mobile app installed on it. Alternatively, a text message can be sent with a series of one-time passcodes for you to type in or you can receive a phone call.

 

What does that mean for me?

Previously, if you wanted to remotely connect to Montgomery College (MC) resources, such as MyMC, Office 365, or VPN software, you would log in with your username and password. When you are enrolled in Duo 2FA, you will be prompted for the 2nd factor when connecting to MyMC, Office 365 or VPN.

Why use 2FA?

MC has decided to implement 2FA in response to multiple recent phishing scams and other vulnerabilities faced by the College and other organizations worldwide. 2FA provides much stronger insurance that information is only accessible to the intended people, and that the systems remain highly available. 2FA will be used in the future by an increasing number of MC services, or by designated users of a given service such as VPN. MC has chosen the vendor Duo for its 2FA needs and you will see the name of this organization when you enroll or log into certain College services.

Who can use 2FA?

 2FA is currently only for Montgomery College faculty, staff, and students.

 

How does 2FA work?

After entering your usual password information, you can authenticate your login through one of the three options:

  • Send me a Push: Recommended!
    • Receive a notification on your phone to approve or deny the authentication using the DUO mobile app
  • Enter a passcode:
    • From the DUO mobile app on your phone
    • From a text message
    • From a previously saved text message
  • Phone Call:
    • Receive a call on your enrolled phone to approve or deny the authentication

 

How do I get started with 2FA?

Follow the steps in the Enrollment Guide to get your device registered.

Does installing the Duo Mobile app give up control of my phone?

No. Duo Mobile cannot read your emails or track your location, it cannot see your browser history, and it requires your permission to send you notifications. Lastly, Duo Mobile cannot remotely wipe your phone.

Why does the Duo Mobile app need to access my camera?

Duo Mobile only accesses your camera when scanning a QR code during activation.

 

Where can I review the Duo Mobile Privacy policy?

Duo provides detailed information on what data is collected while using Duo Mobile and how user’s may opt-out of their usage analytics.  Duo Mobile Privacy Information and the Duo Services Privacy Notice may be reviewed here: https://help.duo.com/s/article/4683?language=en_US

 

Authentication Methods

What devices can I use to enroll?

The following devices can be enrolled with Duo:

TIPS:

  • Keep in mind that you will need your registered device near you any time you want to login to MyMC, Office 365, VPN or any future applications protected by 2FA.
  • We strongly recommend setting up at least two devices with Duo in case you are not near the original device you setup in Duo. You can add as many devices as you wish by following the directions.
  • You will need to authenticate each time you login, unless you check the “Remember me for 7 days” checkbox at the DUO prompt. This will apply to the same application in the same browser.

 LINKS:

What are the ways I can use to authenticate a login?

After entering your usual password information, you can authenticate your login through one of the three options:

  • Send me a Push: Recommended!
    • Receive a notification on your phone to approve or deny the authentication using the DUO mobile app
  • Enter a passcode:
    • From the DUO mobile app on your phone
    • From a text message
    • From a previously saved text message
  • Phone Call:
    • Receive a call on your enrolled phone to approve or deny the authentication

 

Why is push the best authentication method?

It’s quicker than a text or a phone call:

    • Authenticating with a text message requires waiting to receive the text, reading a passcode, and then typing it in.
    • Phone calls require actually answering the phone, listening to the recording, and using the dial pad to approve the login.
    • Duo Push is as simple as approving a notification on your smartphone.

It’s more secure:

  • Duo Push uses cutting-edge end-to-end encryption that SMS and phone calls can’t.
  • The Duo Push screen displays detailed information about the application and source device that initiated the authentication request.
  • Duo Push allows you to report a fraudulent attempt to access your account.

Can I register more than one phone with Duo?

Yes. In fact, it is recommended that you register more than one phone or device, in case you lose the primary one.

How often do I need to authenticate?

Each time you authenticate to a Duo enabled application, i.e. MyMC, Office 365, or VPN, you will have to authenticate with Duo, however you may select the “Remember me for 7 days” option which will require you to only authenticate once within that 7 day period for the same application and browser.

How do I make changes to my Duo registration, such as adding or changing my phone number?

You can manage your devices by visiting http://www.montgomerycollege.edu/2FA_enroll

To add a new device: Click on “Add a new device”.  In order to add a new device, the service will first need to confirm your identity by authenticating you based on your current settings. Once confirmed you may add a new device.

To choose your default device or authentication method:  Click on “My Settings & Devices” and select your desired options.

I left my phone at home, how can I authenticate at work?

You have a few options:

  • If you enrolled a second device, such as your landline phone at your desk, you can select that alternative device in the dropdown menu  and select the “Call me” option.
  • You can call the IT Service Desk and request a one-time bypass code.
  • Ideally, in advance of leaving your phone at home, if you set up your mobile phone as a mobile phone in Duo, you can request Passcodes sent to it via text messaging (SMS).  Duo will send 10 one-time use codes in each text message, and they do not expire until used.  To request 10 one-time Passcodes, log in to the montgomerycollege.edu/2fa_enrollchoose, “Enter a passcode”, and select “Text me new codes” in the blue bar that appears.

I lost my phone, how can I authenticate?

If a mobile device is lost and was setup for 2FA, it needs to be removed from Duo as soon as possible. Contact IT Security by emailing itsecurity@montgomerycollege.edu.

If you have multiple devices registered, you can remove the stolen device by visiting http://www.montgomerycollege.edu/2FA_enroll

Click on “Add a New Device” to manage your devices. Keep in mind that even if you have received a replacement phone with the same phone number, the new phone is not synced with DUO just because it has the same phone number. The trust relationship has to be reestablished through the “Add a New Device” process or call the IT Service Desk to “Reactivate DUO mobile” for the new phone at the same number.

Can I use my Apple Watch for Duo multi-factor authentication?

Yes, you can. However, you must install Duo Mobile on your iPhone first and register it with Duo. Then on your MyWatch app, navigate to the Duo Mobile app setting and set the option “Show App on Apple Watch” to ON. The caveat to this feature is that your iPhone has to be unlocked to receive the message on your Apple Watch. Otherwise, the push notification will go to your phone.

How much data does a Duo Push use?

Almost none. 500 pushes to your device will use 1 MB of data in total. This is roughly equivalent to loading one webpage on your smartphone.

Troubleshooting/Common Issues

Why do I get the 2FA prompt when I sign out of O365 on the web (through a browser)?

There is a known issue with Microsoft O365 where a user clicks “Sign Out” and the user isn’t signed out. Instead the web browser reloads the current web page, with the authentication happening in the background. 2FA may be invoked as if it is a new session.

To resolve this, there are a few options:

  • Close your browser. Then reopen and go to O365 to ensure you are no longer logged in.
  • If you are still logged in, or presented with the 2FA prompt, clear the cookies in your browser and then try signing out again.
  • If you are still logged in, you may be signed in to another Microsoft online service, and this may be preventing you from signing out. If this is the case, sign out of all Microsoft online services. To do this, follow these steps:

o    Go to https://login.microsoftonline.com/logout.srf, and then sign out (if you aren’t already signed out).

o    Go to https://login.live.com/logout.srf, and then sign out (if you aren’t already signed out)

What if my push alerts aren’t coming through?

What if I don’t have a Wi-Fi connection or cellular reception?

No problem. Tap the key icon in the Duo Mobile app to generate an authentication passcode. You do not need an internet connection or a cellular signal to generate these passcodes.

I received a new phone with the same phone number but I do not receive a push notification like I did prior to upgrading my phone. What do I do?

You must enroll your new phone in Duo even though you have the same number.

Visit http://www.montgomerycollege.edu/2FA_enroll and click the “My Settings & Devices” link.

You will need to select the “Call Me” option to verify your identity.

Locate your phone number in the list of devices, click the “Device Options” button, and select “Reactivate Duo Mobile.”

Follow the prompts and your new phone will be enrolled with your old phone number. Push notifications should function normally.

If you continue experiencing problems, contact the IT Service Desk.

How do I authenticate when I’m off-campus, abroad, or traveling?

There are several ways you can still access College resources enabled with Duo when you are traveling or may not have internet access.

  • Use Passcodes from the Duo app, even without an internet connection.
    • The Duo Mobile app for Android and iOS also works without an internet connection by giving you passcodes. Just tap the key button to generate a passcode. This works anywhere, even in places where you don’t have an internet connection or can’t get cell service.
  • Send text messages to your phone before you leave.
    • If you set up your mobile phone as a mobile phone in Duo, you can request Passcodes sent to it via text messaging (SMS).  Duo will send 10 one-time use codes in each text message, and they do not expire until used.  To request 10 one-time Passcodes, log in to the montgomerycollege.edu/2fa_enroll choose, “Enter a passcode”, and select “Text me new codes” in the blue bar that appears.
  • Forward your office phone to your mobile phone.
    • When Duo calls your office phone, the call will be passed along to the phone you forwarded it to and you can authenticate.

I don’t have a mobile phone, how can I authenticate?

You can also use a landline or tablet. Duo lets you link multiple devices to your account, so you can use your mobile phone and a landline, two different mobile devices, etc. If you don’t have a landline or any mobile devices, please contact IT Security for help.

What browsers work best with Duo?

Chrome, Firefox, Safari, Internet Explorer 8 or later, and Opera.

For Faculty

Am I required to install an app on my phone?

Duo Mobile is a very small application, taking up little room on your phone, and it is meant for individual consumer use. It is free, and its use does not result in any charges if you use the push or passcode options from the app itself.

Although the Duo Mobile app is the most convenient 2nd factor option, you are not required to install it on your device. You may also receive a phone call or text message, or if you forget your device, you can always call the Service Desk for a one-time bypass code.

Do I have to carry my phone to class?

Carrying the 2nd factor device is required, and supported by the College’s Academic Leadership.

If I install the Duo mobile app will the College have access to my phone?

Through the Duo Management Console, the IT Security staff has visibility into the type of device (mobile phone/landline phone/tablet) registered and the type and version of the operating system installed (Android/ iOS), but no personal data is available to the College by having the Duo Mobile app installed.

What do I do if there is no Internet or cellular service in areas on campus?

The Duo Mobile app generates a passcode that works without internet or cell service. Use the “Enter a Passcode” option on the Duo prompt.

How can faculty be required to bring their phone to class if they do not allow students to have devices in class?

While students are not required to enroll in Duo, they are encouraged to enroll. Faculty need to make the accommodation to allow mobile phone use for authentication purposes and can require students to put it away for the duration of class.

What if I’m travelling internationally without my phone?

The Duo Mobile App passcode generator works without cell or Internet service.

Travel to countries where phones may be subject to search or seizure, please contact the IT Service Desk for assistance.

Back To Top
Close search
Search