Text Only

Two-Factor Authentication (2FA)

Service Overview

Two-factor authentication provides an extra layer of protection for your UMPASS account, and it aims to ensure that you are the only person accessing your account.

Two-Factor authentication ensures secure access to the protected systems as simple as the following steps.

Step 1Step 2Step 3

Enter username and password as usual.

(First Factor)

Use your mobile device/

tablet to verify your identity.

(Second Factor)

Securely logged in

Scope of service

2FA will be used  when you access the protected systems with non-UM network (e.g. outside campus).

Benefits of Two-Factor Authentication

  • Ensure account security: Compared to the traditional login process by using username and password, 2FA provides an additional form of validation. It works together with your personal device to lower the possibility of identity theft by attacker.
  • Ensure data security: By adding an additional layer of authentication, it can minimize the risk of account theft, and thus, protecting the University’s as well as your personal data.

Systems that are protected by 2FA

All systems that use the UMPASS authentication service as the login page are in effect with the 2FA in June 2019. The integration with SSL VPN service is in progress and announcement will be made once integration is completed.

The systems integrated with 2FA
UMPASS Authentication Service

Systems with UMPASS Authentication Service as login page, including but not limited to:

  • General IT Systems
  • Student Information System
  • Human Resources Management System
  • Financial Information System
  • General Business Applications

For more details, please visit here.

Application procedures

If you are interested to use the 2FA service, please follow the following steps to apply: 

  1. Download the “Duo Mobile” app for your mobile device.
  2. Make sure that you are using intranet when you apply for 2FA service.
  3. Login to ICTO Account Information Page to apply the 2FA service. By agreeing the terms and conditions, you will be redirected to the UM 2FA User Device Registration (https://account.icto.umac.mo/#twoFArule) for account activation. You need to complete the on-screen instructions until device registration is finished.
  4. You can refer to “2FA Service User Guide” below to register more than one device after account activation.
    *We recommend you to register two devices for backup purpose. It can save your time in case you change or accidentally lose one registered device. 

Please refer to 2FA User Application Procedures for details.

Supported device

DeviceSupported PlatformsInstall Duo Mobile from
iPhone/iPadiOS 10.0 and greaterApp Store
AndroidAndroid 6.0 and greaterGoogle Play

Authentication method

We support:

  • “Push” Response
  • Passcode (one-time)

We don’t support:

  • Phone call
  • Text Message
“Push” Response
How it works:

After logging in with your UMPASS account, when you choose the Duo Push as the second authentication method, you will get an authentication prompt from your device. And then you need to tap ‘Approve’ on the push notification sent to your device to securely access your application.

How it looks like:

“Passcode” (One-time)
How it works:

After logging in with your UMPASS account, if you select passcode as your second authentication method, you need to tap the icon to get the authentication code from your mobile app to finish the second layer authentication.

Internet or cellular access is not required.

How it looks like: 

Bypass code for emergency login

What if I don’t have my phone on me?

If you lost your device or forget to bring device, you can ask for a bypass code for emergency login. A bypass code can help you to bypass 2FA authentication when you have difficulty to use your device to login. (Please refer to 2FA Changed & Lost Device Guide for details.)

We will provide you a bypass code:

  • If you have lost your device and only registered this device.
  • If you removed the DUO mobile app from a uniquely registered device.
  • If you forget to bring your device and need to login to the application urgently.

*We recommend you to register two devices for backup purpose. It can save your time when you change or lost one registered device.

To get the bypass code, you can either:

  1. Go to ICTO Help Desk with your UM ID card to ask for a bypass code.
    Or
  2. Send an email with your staff/student ID, the first four numbers of your identity card and your justification for getting the bypass code.

Types of bypass code

We provide two kinds of bypass code according to following situations:

TypeAvailabilitySituations
Short periodExpired after 24 hours

Can be re-used for 5 times

– Forget to bring the registered device and need to login to the application urgently.
Long periodExpired after 7 days

Can be re-used for unlimited times

– Lost the registered device and it is the only registered device.

or

– Deleted the DUO Mobile APP from the only registered device.

2FA Self-Service

We provide two ways for your self-service to manage your device and their appearances and steps are identical.

Option 1: UM 2FA Self-Service Page (Intranet Only)

  1. Login to https://2fa.um.edu.mo with your UMPASS without the suffix @um.edu.mo.
  2. Manage your registered devices by tapping “My Settings & Devices” and you will be required to confirm your identity via 2FA.
  • When you are using non-UM network (outside campus), you could login to the protected system directly to manage your device.

Option 2: 2FA Self-Service when using non-UM network (outside campus)

  1. Login to the protected system with your UMPASS.
    For example:

    Login to the system integrated with UMPASS Authentication Service and 2FA.

  2. Manage your registered devices by tapping “My Settings & Devices” and you will be required to confirm your identity via 2FA.

User manual

Learn more

Search

Eligible Users

  • All staff and student

Service Available Hours

  • Mon – Sun
    24 hours

Service Support Hours

  • Mon – Thu
    09:00 – 13:00
    14:00 – 17:45
  • Fri
    09:00 – 13:00
    14:00 – 17:30

Contact