FAQ

1. Why do I need to use Duo & MFA?
   The University is relying on Duo multi-factor authentication (MFA) to better protect their services, data, and to meet compliance requirements. This provides an additional layer of protection, making it harder for an attacker to login as you. Threat actors are more frequently able to gain access to accounts protected only by a password because of password reuse and compromise of login information used on non-SJNY services. Instead of logging in with just your username and password, MFA requires secondary confirmation of your identity at login, usually using your phone. This greatly enhances SJNY’s security even if the attackers are able to guess or gain access to an account password.
   
   

2. How do I enroll into MFA & Duo?
   You'll be prompted the first time you login to a protected application or website like the MySJNY portal.
   
   

The enrollment itself is a relatively straightforward process that involves installing the Duo Mobile app on your phone (preferred) and scanning a QR code to activate it. Alternatively, you can enroll your mobile phone number for MFA through text messaging (not recommended). Please note: your mobile phones have to be protected with a lockscreen in order for this to work. See the following First-time Enrollment in Duo guide for a quick enrollment video as well as more detailed information.

1. I don’t want to lock my phone, I don’t have anything on my phone that I care about protecting.
   We need to ensure you are the one approving the second factor and not an unauthorized user when the device is left unattended or lost/stolen. Some of the information on your phone that may be worth protecting:

1. SJNY email on your phone

2. Personal email on your phone (often a gateway to all other account access)

3. Banking applications

4. Passwords

5. Photos

2. I’m concerned that when teaching multiple courses per day I will have to MFA multiple times per day or in areas with poor cell phone coverage.
   Faculty in classrooms are exempt from the MFA requirement and will not be prompted with Duo.
   
   

3. Why is MFA required internally?

We can no longer assume that the internal network is fully secure. There are insider and undetected threats, guest WiFi access, cleaning staff, and open computer labs on campus, etc.

6.  I have an old phone that doesn’t support the Duo Mobile app / I don't have a cell phone.  How can I use Duo/MFA?

You can use SMS text messages to get a passcode instead of using the Duo mobile app until you get a phone or another device that supports the Duo Mobile app. We highly recommend the use of Duo Push and the Duo Mobile app as it is the most secure and convenient MFA method available at SJNY.

If you don’t have a cell phone you can alternatively request a hardware token that generates a code which you would need to carry. Hardware tokens need to be requested with IT and approved and funded by the employee's department/division.

7.  Why can’t Duo e-mail me the passcode instead of using Duo Mobile?
   One of the most important applications that we need to protect using MFA is your SJNY e-mail and as a result we can’t send a code to a protected application which you may also need another factor to access. We also can’t use personal emails for this purpose for security reasons. By definition MFA requires that another factor aside from something that you know (your password) is in use, this can to be something you have (your phone - the simplest and easiest) or something you are (biometrics - not available on all devices)
   
   

8.  How often will I have to use MFA & Duo?
   If using the same computer and web browser (Chrome, Safari, Edge, Firefox etc) you should only need to MFA once per day. You would need to MFA again if using a different computer or browser that same day.
   
   

9.  What applications require Duo?
   Most SJNY applications require Duo MFA ex. MySJNY Portal, Google Workspace & Gmail, Slate, Colleague, Canvas etc.
   
   

10.  Can I have multiple devices enrolled in Duo and how do I manage them?
    Yes, we highly encourage you to enroll more than one device into Duo to have in case one of the devices is not available or not functioning properly. You can enroll another device or manage existing devices by selecting “Other Options” during any Duo authentication prompt or by logging into the  SJNY MFA Central and selecting “Manage Devices”.

    • Click “Other options” during any MFA/Duo authentication prompt

    • Select “Manage Devices” on the bottom

    • Click “Add a device” and follow enrollment instructions tailored for the device type you would like to add
      
      

11.   What happens if I change my Duo device/phone number or it was lost/broken/stolen?

If you are still in possession of the old device/phone number you can follow the steps from the previous question to add the new device to Duo. If that is not the case please contact the ITS Help Desk for assistance.

If your device was lost/broken/stolen, please contact the ITS Help Desk as soon as possible. ITS staff will disable the device for MFA and help you log in using another device after verifying your identity.

12.  What do I do if I forget my phone and don’t have another device with Duo available?

Please contact the ITS Helpdesk who will assist you after verifying your identity.