Multifactor Authentication at Pitt


MFAMultifactor authentication, provided by Duo Security, adds another layer of security to your online accounts when using Pitt Passport by requiring two “factors” to verify your identity when you log in to a service: something you know (such as your password) and something only you have (such as your mobile phone, on which you will receive a login confirmation notice). 

Threats from phishing scams, malicious software, and compromised passwords are constantly increasing and pose an immediate risk to your privacy and the security of University data. In response, the University has added multifactor authentication to all services that use the University’s single sign-on service, Pitt Passport. When accessing a service you will be prompted to enter your username and password on the Pitt Passport login page and  complete the login process with multifactor authentication.

Multifactor authentication is also required for students, faculty, and staff using the Secure Remote Access service (including the Pulse client, IPSec client, or legacy Network Connect client) to connect to University resources. Multifactor authentication protection is required for students, faculty, staff, for student employees, resource accounts, guest wireless accounts, OSHER accounts, emeritus faculty, and visiting faculty. It is not required for alumni, applicants, and retired staff.

Multifactor authentication is an additional layer of security designed to prevent unauthorized access to your information and University data, including confidential retirement account details, pay statements, and direct deposit information. It helps protect your privacy regardless of what type of device you use to access Pitt Passport services (for example, a desktop computer, laptop, tablet, or smartphone) and regardless of whether you access Pitt Passport services while connected to the University’s wired network, the University’s wireless network, or an external network. The University’s multifactor authentication solution provides several options for your second authentication factor, including options that enable you to use multifactor authentication when you are in an area without wireless access or cell phone service (see Frequently Asked Questions for details). 

To use multifactor authentication, you must:

  1. Register a device (smartphone, tablet, non-smartphone)
    Log in to the Manage My Account service click "Add/Manage Pitt Passport Devices", and complete the steps. 
  2. Log in using the device that you registered
    Log in to a service and select "Send Me a Push", "Call Me", or "Enter a Passcode"

You can refer to the Frequently Asked Questions information for more details. If you need help registering, stop by one of our technical support walk-in locations or contact the Technology Help Desk.

Mutifactor Authentication Benefits

  • Secure: Hackers are constantly searching for ways to compromise passwords using malicious software, phishing scams, and other techniques. If your password is guessed, hacked, or stolen, it can jeopardize your private data as well as University data. Multifactor authentication adds a layer of security to your data by ensuring that your password alone cannot be used to access critical information and services.
  • Efficient: Worried that multifactor authentication will be too time consuming to use? Don't be. You'll be surprised how quick and easy it is.    
  • Convenient: You can choose the multifactor authentication method that works best for you. Maybe you want to receive a login confirmation notice on your smartphone that you can simply tap to accept. Or maybe you prefer to receive a code via text message. Or maybe you want to receive a phone call. Whatever your preference, Pitt's multifactor authentication service has a solution.

Guidelines for Deciding What Type of Devices to Register

You have the option to register a wide variety of devices to use with multifactor authentication. How do you know which device is the best fit? Review our Multifactor Authentication Options help sheet for a quick overview.

You can also consider these general guidelines:

  1. If you have a smartphone, enroll your smartphone for multifactor authentication and select “Send me a Push” when authenticating. A notification will be sent or "pushed" to your smartphone when you try to log in. Tap Approve to complete the login process.
  2. If you have a regular cell phone, then enroll your phone number for multifactor authentication and select either “Call Me” or “Enter a Passcode” when authenticating. “Call Me” will call your cell phone number and prompt you to press 1 to complete the login process. “Enter a Passcode” allows you to text a code to you cell phone, which you will then enter to complete the login process.
  3. If you DO NOT have a cell phone, enroll your office phone and/or home phone for multifactor authentication by completing the steps in “Register a Landline (Office Phone) below. Use “Call Me” when authenticating.
  4. If you DO NOT have a cell phone or a home phone, then stop by the Technical Support Desk at the University Store on Fifth to discuss the use of a hardware token.