Two Factor Authentication (2FA)

What is Two-Factor Authentication (2FA)?

Two-factor authentication (2FA) is an enhanced logon process. After entering your password, you will need to confirm your access by using a designated device (e.g. your mobile).  This prevents unauthorized access to sensitive data even if your password is stolen. In HKUST, we employ an application named Duo and you may refer to our web page Duo Security for more information.

How it works

When access to applications supporting 2FA e.g. Central Authentication Service (CAS) login

  1. Enter username and password
  2. Use your physical device to verify your identity e.g. your mobile phone or tablet
  3. You are securely logged in

After you have enrolled for two-factor authentication and access to applications supporting 2FA, you will need to login using your username / password and then use your device to verify your identity, either by

You may want check the 'Remember me for … days' option if you are working on trusted devices and you won't need to perform Duo second-factor authentication again for the duration specified. Please refer to How does 2-factor authentication work in HKUST for more information.

Please note that 2FA is only available to staff and enrolling students. The personal information registered for 2FA will be removed when a staff member or student leaves the University.

[Under circumstances when you cannot access your mobile device, you can also obtain a one-time Duo Bypass Code (not the one-time passcode) to access a 2FA application.]

Getting Started

Application Readiness (enabled with 2FA)

For Student For Staff

1. Remote Access Tools

2. Teaching and Learning Resources

3. Research IT Resources

  • High Performance Computing Clusters (when access outside campus)

4. Administrative Systems

5. Collaboration and Productivity Tools

1. Remote Access Tools

2. Teaching and Learning Resources

3. Research IT Resources

  • High Performance Computing Clusters (when access outside campus)

4. Administrative Systems

5. Collaboration and Productivity Tools

When accessing the above 2FA supported applications, please remember to have your mobile device around to respond the Duo PUSH notification sent to your mobile device. In case there is no network connection, you can use one-time passcode  (obtain from your Duo Mobile App).

Log on to the Duo Self-Service Portal if would like to activate / manage your account. See Enrollment for 2FA  (or view video) for the details.
 

  Duo Self-Service Portal  

Please response to the Push Notification using your mobile device when you need to access applications supporting 2FA e.g. VPN, OWA etc. Besides, you can use one-time passcode in case you cannot receive the Push due to network connection issues.

You can obtain a Duo Bypass Code in case you cannot access to your mobile device (e.g. no battery, lost / change mobile):

  Duo Bypass Code  

  Lost / Change Mobile