Deakin University's Multi-Factor Authentication Policy


Table of Contents

What is the staff Multi-factor Authentication (MFA) policy at Deakin?

All Deakin systems (protected by Single-Sign-On) will require you to authenticate via Multi-Factor Authentication (MFA). 

All staff with a University issued smartphone are expected to install the Duo Mobile app and use their device as a second authentication factor. A University issued smartphone must be updated to the latest version so that the Duo Mobile app. More information on the current versions of smartphones that the Duo Mobile App supports can be found here for Android and iOS devices. 

If a staff member has an outdated University-issued smartphone, they need to check with their manager to upgrade it. Service Desk can provide an MFA bypass code with an expiry date of 30 days while a user is waiting for their upgraded smartphone and must contact the Service Desk once they receive their device to cancel their bypass code. In the case that the staff aren’t given an upgraded smartphone, the Service Desk can issue them a hardware token instead.

Staff without a University issued smartphone, but who have a compatible personal smartphone, are encouraged to install the Duo Mobile app and use their smartphone as a second authentication factor. 

By default, users would require to log in with MFA when logging into select applications whenever they log in from a new device or new internet service provider (ISP) every 7 days. Staff are prompted for MFA every time they try to log in when connecting to Deakin systems from overseas. Instructions for how to use the Duo Mobile App while overseas is in the Duo Travel Guide.

Staff without a compatible smartphone, or who choose not to use their personal device, can request a hardware token from the IT Service Desk. The hardware tokens are property of the University, and when a staff member leaves the organisation, they are required to return them to the IT Service Desk.

The hardware token generates a One Time Passcode (OTP) which you will need to manually type into the login screen when prompted for an MFA Bypass Code. If you enrol your smartphone after being issued a hardware token, you will be requested to return the hardware token so that it, can be allocated to another staff member. Failure to return your hardware token, to the IT Service Desk may prevent the Duo Mobile app on your smartphone from being used as a second authentication factor.

Any exemptions or changes to this policy would require approval from the Deakin Chief Digital Officer (CDO).


What is the student Multi-factor authentication (MFA) policy at Deakin?

All Deakin systems (protected by Single-Sign-On) will require you to authenticate via Multi-Factor Authentication (MFA). 

Students who have a compatible smartphone are encouraged to install the Duo Mobile app and use their smartphone as a second authentication factor. 

By default, users would require to log in with MFA when logging into select applications whenever they log in from a new device or new internet service provider (ISP) every 7 days. Students are prompted for MFA every time they try to log in when connecting to Deakin systems from overseas. Instructions for how to use the Duo Mobile App while overseas is in the Duo Travel Guide.

Students without a compatible smartphone can use the SMS option. More information on the current versions that Duo Mobile supports can be found here for Android and iOS devices.

If a student owns a Yubikey, they can register their Yubikey and use it as an authentication method. 

If you have misplaced or lost your smartphone, please visit How to request a Bypass Code (Passcode).

There is currently no option for a student to request a Hardware Token