Multifactor Authentication: Frequently Asked Questions
What is multifactor authentication?
Multifactor authentication is an additional layer of security designed to prevent unauthorized access to your information and University data, including confidential retirement account details, pay statements, or direct deposit information. It helps protect your privacy regardless of what type of device you use to access Pitt Passport services (for example, a desktop computer, laptop, tablet, or smartphone) and regardless of whether you access Pitt Passport services while connected to the University’s wired network, the University’s wireless network, or an external network. The University’s multifactor authentication solution provides several options for your second authentication factor, including options that enable you to use multifactor authentication when you are in an area without wireless access or cell phone service (see Frequently Asked Questions for details).
Will I need to use multifactor authentication to log in to the workstation in my office?
- No. Multifactor authentication is required only for services that leverage Pitt Passport, the University’s Single Sign-On service. You will not need to use multifactor authentication to log in to your workstation.
What do I do if I receive a push notification or phone call when I have not tried to log in to a service?
- You should deny the request and report it to the Technology Help Desk at 412-624-HELP . Someone may have compromised your password and may be trying to use it to log in to services.
Should I register more than one smartphone, cell phone, tablet, or landline?
- Yes. In addition to your primary smartphone or mobile device, you should register a second tablet, smartphone, cell phone, or landline so that you can still log in if you leave your primary device at home or lose it. For instance, you might register your mobile phone as your primary device and your landline (office phone) as your secondary device.
I sometimes stop receiving push notifications on Duo Mobile. Why?
- You may have trouble receiving push requests if there are network issues between your phone and Duo’s service. Many phones have trouble determining whether to use the WiFi or cellular data channel when checking for push requests. If you experience issues receiving a Push request, try one of these steps to resolve it:< >Turn your phone to airplane mode and back to normal operating mode again. This will often resolve the issue if there is a reliable internet connection available.Turn off the WiFi connection on your device and try using the cellular data connection.Check the time and date on your phone and make sure they are correct. If the date and time on your phone are manually set, try changing your device's configuration to sync date and time automatically with the network.Yes. If you have a smartphone, you can generate a passcode by opening the Duo app and tapping the key icon, even if you are in a location without cell phone service or wireless access. Cell phone service is required if you have a non-smartphone and want to use the SMS (text) or Call Me option to log in.
Once I log in to a Pitt Passport service with multifactor authentication, do I need to continue to use multifactor authentication every time I access another service that leverages Pitt Passport?
- No. As long as you leave a Web browser open after you log in to a Pitt Passport service, then you should only be prompted to use multifactor authentication once every 12 hours. However, if you close your browser session (or if you access a Pitt Passport service from a different browser or different device), then you will be prompted to use multifactor authentication again.
What University services leverage Pitt Passport and therefore require multifactor authentication?
- A growing number of University services are taking advantage of the security provided by the University’s single sign-on service, Pitt Passport. The list of enterprise services that use Pitt Passport includes, but is not limited to: My Pitt, Office 365 (including Exchange), CourseWeb, My Pitt Video (Panopto), the Student Information System (PeopleSoft), Prism, pitt.box.com, EZ Proxy, Pitt PS Mobile, the Account Management site (accounts.pitt.edu), PittPAY, Blackboard e-accounts, Career Development, Enterprise Lab Notebooks (Lab Archives), Docusign, Ask Cathy, Collegiate Link, PittSource, TIAA-CREF, lynda.pitt.edu, Parchment, Image Now, Suitable, Microsoft Imagine (formerly DreamSpark), PittServes Volunteer Portal, MyHealth OnLine, Tableau, Faculty Information System (Elements), the Pitt App Store, and Gartner.
What do I do if I don’t have my device with me and need to log in?
- You should always register more than one device. If you do not have either device with you and you need to log in, call the Technology Help Desk at 412-624-HELP  for assistance.
I got a new phone. What do I need to do to enable it for multifactor authentication?
- If you get a new phone and you keep the same phone number, you will need to re-activate Duo Mobile on that phone (see the Add, Change, or Remove a device section for instructions). If you get a new phone with a different number, you will need to add it as a new device. You should remove the previous device if you are no longer using it. See the Add, Change, or Remove device section for instructions.
I lost my phone. What should I do?
- If you have registered a second device, you should log in with that device and remove the device you have lost from your list of registered devices (see the Add, Change, or Remove a device section for instructions).
I do not have a smartphone or cell phone and I do not want to use my landline as my multifactor authentication device. What options are available to me?
- If you do not have a device to use with multifactor authentication, you may obtain a hardware token. A hardware token is a physical device that generates a passcode when you press a button. The passcode can be used as your second factor of authentication. You will press a button on the hardware token to generate a passcode that can be entered on the login screen. To request a hardware token, contact the Technology Help Desk at 412-624-HELP  or submit a request online. The Help Desk will explain where to pick up your hardware token. Note that you will need to pick up your hardware token in person and bring with you a valid form of identification.
I work in a location with a shared landline (for example, a lab). What options are available to me?
- If you cannot register a smartphone or cell phone and you only have access to a shared landline, the best option is to obtain a hardware token to use with Duo multifactor authentication. Please refer to the previous question for details.
I am setting up multifactor authentication, but when I scan the barcode, I receive a message that says "Activation Link Expired". What should I do?
- You will need to reactivate Duo Mobile on your device. To do so, log in to accounts.pitt.edu. You will need to use multifactor authentication on your second (backup) device to log in. If you do not have a second device registered for multifactor authentication, please call the Technology Help Desk at 412-624-HELP  for assistance. When the multifactor authentication screen displays, click My Settings & Devices in the left-hand column, choose your secondary device, and choose an authentication method. Once you have successfully logged in, click Device Options next to the device you want to reactivate, and click Reactivate Duo Mobile. Complete the steps in the activation wizard to reactivate your device.
Where can I find additional instructions and help documentation?
- Duo, the vendor for Pitt’s multifactor authentication service, has additional help documentation available on their Web site.