Two-Factor Authentication (2FA)
Two-factor authentication provides an extra layer of protection for your UMPASS account, and it aims to ensure that you are the only person accessing your account.
Two-Factor authentication ensures secure access to the protected systems as simple as the following steps.
|Step 1||Step 2||Step 3|
Enter username and password as usual.
Use your mobile device/
tablet to verify your identity.
Securely logged in
Scope of service
2FA will be used when you access the protected systems with non-UM network (e.g. outside campus).
Benefits of Two-Factor Authentication
- Ensure account security: Compared to the traditional login process by using username and password, 2FA provides an additional form of validation. It works together with your personal device to lower the possibility of identity theft by attacker.
- Ensure data security: By adding an additional layer of authentication, it can minimize the risk of account theft, and thus, protecting the University’s as well as your personal data.
Systems that are protected by 2FA
All systems that use the UMPASS authentication service as the login page are in effect with the 2FA in June 2019. The integration with SSL VPN service is in progress and announcement will be made once integration is completed.
|The systems integrated with 2FA|
|UMPASS Authentication Service||Systems with UMPASS Authentication Service as login page, including but not limited to:|
For more details, please visit here.
If you are interested to use the 2FA service, please follow the following steps to apply:
- Download the “Duo Mobile” app for your mobile device.
- Make sure that you are using intranet when you apply for 2FA service.
- Login to ICTO Account Information Page to apply the 2FA service. By agreeing the terms and conditions, you will be redirected to the UM 2FA User Device Registration (https://account.icto.umac.mo/#twoFArule) for account activation. You need to complete the on-screen instructions until device registration is finished.
- You can refer to “2FA Service User Guide” below to register more than one device after account activation.
*We recommend you to register two devices for backup purpose. It can save your time in case you change or accidentally lose one registered device.
Please refer to 2FA User Application Procedures for details.
- “Push” Response
- Passcode (one-time)
We don’t support:
- Phone call
- Text Message
|How it works:|
After logging in with your UMPASS account, when you choose the Duo Push as the second authentication method, you will get an authentication prompt from your device. And then you need to tap ‘Approve’ on the push notification sent to your device to securely access your application.
|How it looks like:|
|How it works:|
After logging in with your UMPASS account, if you select passcode as your second authentication method, you need to tap the icon to get the authentication code from your mobile app to finish the second layer authentication.
Internet or cellular access is not required.
|How it looks like: |
Bypass code for emergency login
What if I don’t have my phone on me?
If you lost your device or forget to bring device, you can ask for a bypass code for emergency login. A bypass code can help you to bypass 2FA authentication when you have difficulty to use your device to login. (Please refer to 2FA Changed & Lost Device Guide for details.)
We will provide you a bypass code:
- If you have lost your device and only registered this device.
- If you removed the DUO mobile app from a uniquely registered device.
- If you forget to bring your device and need to login to the application urgently.
*We recommend you to register two devices for backup purpose. It can save your time when you change or lost one registered device.
To get the bypass code, you can either:
- Go to ICTO Help Desk with your UM ID card to ask for a bypass code.
- Send an email with your staff/student ID, the first four numbers of your identity card and your justification for getting the bypass code.
Types of bypass code
We provide two kinds of bypass code according to following situations:
|Short period||Expired after 24 hours|
Can be re-used for 5 times
|– Forget to bring the registered device and need to login to the application urgently.|
|Long period||Expired after 7 days|
Can be re-used for unlimited times
|– Lost the registered device and it is the only registered device.|
– Deleted the DUO Mobile APP from the only registered device.
We provide two ways for your self-service to manage your device and their appearances and steps are identical.
- When you are inside campus, you can go to our UM 2FA Self-Service Page (https://2fa.um.edu.mo).
- When you are using non-UM network (outside campus), you could login to the protected system directly to manage your device.
- Is it necessary to input my phone number during 2FA registration?
- What kind of device can be registered for 2FA service?
- What is the difference between “Mobile” and “Tablet” during 2FA registration?
- How many devices can be enrolled for 2FA service?
- Can I opt-out DUO after my 2FA account activation?
- What should I do if I change my 2FA registered phone?
- What should I do if I lost my 2FA registered phone?
- What should I do if I plan to travel oversea and want to use 2FA service?
- What should I do if I cannot access Google Play Store in China for 2FA service?
- What should I do if I receive any unexpected 2FA notification?
- What should I do if I cannot receive Duo’s Push notification of 2FA service?