For Staff For Staff
For student For student
Not for alumni Not for alumni
Overview

Empowering users to access University IT resources with ease and confidence has always been our priority. As endorsed by IT Committee in December 2016, users requesting for central IT services should be authenticated by Multi-Factor Authentication (MFA).

After elaborate technical evaluation and testing, an advanced MFA solution by Duo has been implemented since 4 January 2018 for staff being the first application with Duo MFA enabled. Starting on 11 February 2019, the following applications will also be protected by Duo MFA:

Services

  • BUniPort
  • Webpages that are protected by Portal Login
  • VPN (for General User and IT Administrator)

Systems

  • Microsoft Office 365 (such as Outlook and OneDrive) for staffRevise to new content
  • BUniPort(starting 11 February 2019)
  • Webpages that are protected by Portal Login(starting 11 February 2019)
  • VPN (for General User and IT Administrator)(starting 11 February 2019)
  • New Financial Information System (New FIS)(starting 30 August 2019)
  • My Library System(starting 30 August 2019)
  • Adobe ID Login(starting 30 August 2019)
  • MathWorks(starting 30 August 2019)
  • VV Impact(starting 30 August 2019)
  • iThenticate(starting 30 August 2019)
  • IT Service Request / Incident Report Management(starting 30 August 2019)
  • System (ITSM)

More central IT services will also be MFA enabled. Announcement will be made in due course.

doc

Register Your First Mobile Device for MFA [View Guideline / Watch Demo Video]

doc

Register Your First Mobile Device Using Computer and Smartphone [View Guideline / Watch Demo Video]

doc
doc
doc

Register / Manage your Device for MFA [Watch Demo Video / Go to Portal]

doc

Get Emergency Access Code without a Mobile Device [View Guideline / Watch Demo Video]

doc
doc
doc

Traditionally, access to University IT resources requires you to provide username and password. While it is an effective way to protect your data, protection with password only is increasingly easy to be compromised. It can often be stolen, guessed or hacked – you may not even know someone is accessing your account.

ap-2fa-ov-01 ap-2fa-ov-01

Multi-Factor Authentication adds a second layer of security to your accounts. Verifying your identity using a second factor (e.g. your smartphone with an app) to approve authentication requests prevents anyone but you from logging in, even if they know your password.

1_Duo login page (PC) 1_Duo login page (PC)

After inputting your login information, you will be asked to either respond to a push message OR enter a one-time passcode to verify your identity – both can be done via your mobile device.

2_Duo login approval (PC) 2_Duo login approval (PC)

You are now securely logged in

Getting Started

Register your mobile device starting 4 January 2018 by following the simple instruction given in the User Guide (refer to ‘Policies & Guidelines’ tab).

It will guide you through for a self-enrollment process to get your mobile device registered as the second authentication factor. The process is very simple and should take only 2 minutes. Please feel free to contact our Customer Service Call Centre if you need further assistance.

If you get a new phone or have reinstalled Duo Mobile app, you will need to re-activate Duo Mobile.
To re-activate your account, please refer to the user guide: ‘Re-activate a Mobile Device

You may try generating a passcode to access your account instead. If you fail to access your account using the generated passcode, please re-activate your mobile device by following the instructions given in the User Guide.

To get Duo Push Notification working, please try the following :

1. If you have registered multiple devices, verify that you have selected the correct one at account verification screen. In addition, if you have set up automatic Duo Push, make sure that you are using the correct device to receive Duo Push.

2. Make sure the Internet connection from your mobile device is stable. For example,
a. Switch the mobile device to airplane mode and back to normal operating mode again
b. Turn off WiFi connection on your device and use cellular data connection

3. Check the time and date on your phone and make sure they are correct.

4. If you still cannot receive Duo Push Notification, please Re-activate your Mobile Device by following the instructions given in the User Guide.

Certainly, and below are a few reminders before you travel abroad:

1. Update your device and make sure everything works

2. Duo Push can function using Wi-Fi connection. That means if you have a pocket WiFi connected, you can receive Duo Push.

3. Duo Mobile app can be used to generate passcodes in remote regions where Duo Push (which requires Internet connection) may not work.

4. Contact ITO Service Call Centre ASAP if you have lost your mobile device.

5. See also ‘Emergency Account Access without a Mobile Device’ section in the User Guide.

 

Please see Emergency Account Access without a Mobile Device in the User Guide. Please also report to ITO immediately if you have lost your mobile device.

You may rename your mobile devices to more recognizable names. Refer to the relevant section in user guide to get started.

Yes, please refer to ‘Add Additional Mobile Device(s)’ section in user guide for detailed instructions.

Yes. Also, after registering your mobile devices, you are recommended to rename the accounts shown on Duo Mobile app for easier recognition. For example:

faq faq

To begin, tap ‘Edit’ button on the top left hand corner of the app (iOS) / tap and hold at the name of the account (Android).

No need. Duo NEVER knows your password.

In some cases, after changing SSOid password users may have problem re-activating even they have entered the correct password in Duo Mobile for verification. In this case, please remove account and add it back again.

If you get a Duo Push notification while you are not intending any account access, your password may have been compromised.

 

• For personal account: decline the request and change your SSOid password immediately.

• For shared account (e.g. departmental account, project account): decline the request, check with colleagues and determine if they have sent out the request by error. Change the account’s password if in doubt.

No. Duo Mobile has no more access to your phone than most other apps. Duo Mobile cannot read your contacts, track your location or see your browser history. It will expressly ask for your permission if access to your camera is needed (just for scanning QR code during activation). Likewise, your permission is needed to send you notifications.

You can simply remove your account from Duo Mobile app and then uninstall the app altogether.

You may borrow a physical "One Time Password Token" from ITO Service Centre at RRS303 with a deposit of HK$200 which will be refunded to you when it is returned to ITO.

 

Whenever you are trying to log in to any system protected by Duo, after you have already entered your SSOid/password and are then prompted for a second factor:

• Choose "Enter a Passcode"

• Press the button on your One Time Password Token to generate a new passcode

• Type in the passcode as the second factor and you will be able to log in

Almost negligible. Five hundred pushes to your device will use 1 MB of data in total, which is roughly equivalent to loading one webpage on your smartphone.

Duo Mobile

Search and install ‘Duo Mobile’ on your smartphone from App Store, Google Play or download the application file here directly for Android device.

doc