Two-Factor Authentication (2FA)
Posted By jeffreychoi Choi Io Teng On In | Comments Disabled
Two-Factor Authentication (2FA)
Service Overview
Two-factor authentication provides an extra layer of protection for your UMPASS account, and it aims to ensure that you are the only person accessing your account.
Two-Factor authentication ensures secure access to the protected systems as simple as the following steps.
| Step 1 | Step 2 | Step 3 |
Enter username and password as usual. (First Factor) |
Use your mobile device/ tablet to verify your identity. (Second Factor) |
Securely logged in |
Scope of service
2FA will be used when you access the protected systems with non-UM network (e.g. outside campus).
Benefits of Two-Factor Authentication
- Ensure account security: Compared to the traditional login process by using username and password, 2FA provides an additional form of validation. It works together with your personal device to lower the possibility of identity theft by attacker.
- Ensure data security: By adding an additional layer of authentication, it can minimize the risk of account theft, and thus, protecting the University’s as well as your personal data.
Systems that are protected by 2FA
All systems that use the UMPASS authentication service as the login page are in effect with the 2FA.
| The systems integrated with 2FA | |
| UMPASS Authentication Service
|
Systems with UMPASS Authentication Service as login page, including but not limited to:
For more details, please visit here. |
Application procedures
If you are interested to use the 2FA service, please follow the following steps to apply:
- Download the “Duo Mobile” app for your mobile device.
- Make sure that you are using intranet when you apply for 2FA service.
- Login to ICTO Account Information Page to apply the 2FA service. By agreeing the terms and conditions, you will be redirected to the UM 2FA User Device Registration (https://account.icto.umac.mo/#twoFArule) for account activation. You need to complete the on-screen instructions until device registration is finished.
- You can refer to “2FA Service User Guide” below to register more than one device after account activation.
*We recommend you to register two devices for backup purpose. It can save your time in case you change or accidentally lose one registered device.
Please refer to 2FA User Application Procedures for details.
When your mobile device does not support Duo Mobile APP, you may borrow a DUO hardware token from ICTO. Please bring your UM staff/student ID card and your mobile phone to ICTO Help Desk for required procedure.
Supported device
| Device | Supported Platforms | Install Duo Mobile from |
| iPhone/iPad | iOS 14.0 and greater | App Store |
| Android | Android 10 and greater | Google Play
or |
*DUO currently supports for iOS and Android, and does not support non-standard customization (such as OnePlus, LineageOS or ColorOS) and other platforms (such as Hongmeng, HyperOS, etc.), users are advised to check with the manufacturer before purchasing a mobile device.
Authentication method
We support:
- “Push” Response
- Passcode (one-time)
- Hardware Token
We don’t support:
- Phone call
- Text Message
| “Push” Response | |
| How it works:
After logging in with your UMPASS account, when you choose the Duo Push as the second authentication method, you will get an authentication prompt from your device. And then you need to tap ‘Approve’ on the push notification sent to your device to securely access your application. |
How it looks like:
|
| “Passcode” (One-time) | |
| How it works:
After logging in with your UMPASS account, if you select passcode as your second authentication method, you need to tap the icon to get the authentication code from your mobile app to finish the second layer authentication. Internet or cellular access is not required. |
How it looks like:
|
| Hardware Token | |
| How it works:
After logging in with your UMPASS account, please follow the on-screen instruction and then press the green button on the hardware token to get the passcode as your second authentication method to complete the authentication. Token lost
|
How it looks like:
|
Bypass code for emergency login
What if I don’t have my phone on me?
If you lost your device or forget to bring device, you can ask for a bypass code for emergency login. A bypass code can help you to bypass 2FA authentication when you have difficulty to use your device to login. (Please refer to 2FA Changed & Lost Device Guide for details.)
We will provide you a bypass code:
- If you have lost your device and only registered this device.
- If you removed the DUO mobile app from a uniquely registered device.
- If you forget to bring your device and need to login to the application urgently.
*We recommend you to register two devices for backup purpose. It can save your time when you change or lost one registered device.
To get the bypass code, you can either:
- Go to ICTO Help Desk with your UM ID card to ask for a bypass code.
Or - Send an email with your staff/student ID, the first four numbers of your identity card and your justification for getting the bypass code.
Types of bypass code
We provide two kinds of bypass code according to following situations:
| Type | Availability | Situations |
| Short period | Expired after 24 hours
Can be re-used for 5 times |
– Forget to bring the registered device and need to login to the application urgently. |
| Long period | Expired after 7 days
Can be re-used for unlimited times |
– Lost the registered device and it is the only registered device.
or – Deleted the DUO Mobile APP from the only registered device. |
2FA Self-Service
We provide two ways for your self-service to manage your device and their appearances and steps are identical.
- When you are inside campus, you can go to our UM 2FA Self-Service Page (https://2fa.um.edu.mo).
Option 1: UM 2FA Self-Service Page (Intranet Only)
- Login to https://2fa.um.edu.mo with your UMPASS without the suffix @um.edu.mo.
- Manage your registered devices by tapping “My Settings & Devices” and you will be required to confirm your identity via 2FA.
- When you are using non-UM network (outside campus), you could login to the protected system directly to manage your device.
Option 2: 2FA Self-Service when using non-UM network (outside campus)
- Login to the protected system with your UMPASS.
For example: Login to the system integrated with UMPASS Authentication Service and 2FA.
- Manage your registered devices by tapping “My Settings & Devices” and you will be required to confirm your identity via 2FA.
User manual
Learn more
- 2FA Introduction Video
- Is it necessary to input my phone number during 2FA registration?
- What kind of device can be registered for 2FA service?
- What is the difference between “Mobile” and “Tablet” during 2FA registration?
- How many devices can be enrolled for 2FA service?
- Can I opt-out DUO after my 2FA account activation?
- What should I do if I change my 2FA registered phone?
- What should I do if I lost my 2FA registered phone?
- What should I do if I plan to travel oversea and want to use 2FA service?
- What should I do if I cannot access Google Play Store in China for 2FA service?
- What should I do if I receive any unexpected 2FA notification?
- What should I do if I cannot receive Duo’s Push notification of 2FA service?
- What is the “remember me” in 2FA?
- How do I remember 2FA login credential for 15 days in my devices?
- What prevent 2FA “remember me” from working correctly?
- Why Safari browsers does not work for 2FA Remember My Device for 15 days?
- How do I reset 2FA “remember me” on a browser when I no longer use?
- How long does “remember me” option in 2FA last?
- Can Duo’s “remember me” feature work if third-party cookies are blocked?
Eligible Users
- All staff and student
Service Available Hours
- Mon – Sun
24 hours
Service Support Hours
- Mon – Thu
09:00 – 13:00
14:00 – 17:45 - Fri
09:00 – 13:00
14:00 – 17:30
Contact
- ICTO Help Desk
- Location : Room 2085, 2/F, Central Teaching Building (E5)
- Telephone : 8822 8600
- Email : @