Multi-Factor Authentication (Duo) FAQ

What is multi-factor authentication (MFA)?

Multi-factor authentication, also sometimes referred to as two-step or two-factor authentication (2FA), is a security method that requires an individual to provide two or more forms (also called factors) of authentication to verify their identity in order to access a particular resource. These forms of verification can be a password, a code sent via text, or a code sent via telephone.

How does MFA work?

MFA is commonly used for resources like email or online banking, that contain sensitive or private information. Each time an individual logs in to an account with MFA, they must first provide their username and password (one form of authentication), then follow a prompt to send a code by telephone or text to the mobile device they have on file (second form of authentication). This method verifies that the person who entered the username and password is actually the owner of the email or bank account and should be allowed to access it.

How is MFA used at Cal Poly?

Cal Poly student, faculty and staff are required to verify their identities with Duo when logging in to any web-based resource that requires a username and password, including My Cal Poly Portal, Canvasemail and calendar, and more. If you have not already set up MFA, you will be prompted to do so next time you try to access any resources behind a Cal Poly login. MFA is not required for emeritus, club or department accounts.

Do I have to use MFA every single time I log-in to email and the Portal?

No. When you log in to Cal Poly resources and authenticate with Duo, then select “remember me,” you won’t be prompted to authenticate again for 30 days. If you can't see the "remember me" checkbox, you may have to check your browser settings.

How do I set up Duo MFA?

Check out our article, Set Up Multi-Factor Authentication (Duo), to walk through the process of getting started with Duo and enrolling the device you want to use to authenticate.


What kinds of devices can I use with Duo to verify my identity?

You can use a mobile phone, a tablet, a landline, or a token with Duo. The device you choose to authenticate with must first be set up through the My Cal Poly Portal. If at any point you need to change the device you use to authenticate with Duo, you must update your authorized device in the My Cal Poly Portal.

I don’t have a mobile device, what are my options?

Any member of the Cal Poly community can request and receive a token to use with Duo. Tokens generate an authentication code without an internet connection or cell signal. You can request a token online via Support CenterTokens are sent by mail and may take up to five days to be delivered to you.

How does MFA make Cal Poly accounts more secure?

Passwords are becoming increasingly easy to compromise. MFA adds another layer of protection to Cal Poly accounts, making it much more difficult for unauthorized people to gain access. While they may know your password, they won’t be able to recreate a second authentication factor, like your text code. Using MFA is now standard practice at most universities, including all 23 California State University campuses.

How will I be able to share my Cal Poly log-in with my parents?

Educational records are private and protected under the Family Educational Rights and Privacy Act (FERPA). Students can share their Cal Poly information with trusted recipients, such as parents or scholarship donors, using Share My Info. Share My Info is a Cal Poly web application that lets a student grant access to specific records or information to one person or a group of people.