What is Two-Factor Authentication (2FA)?
Two-factor authentication (2FA) is an enhanced logon process. After entering your password, you will need to confirm your access by using a designated device (e.g. your mobile). This prevents unauthorized access to sensitive data even if your password is stolen. In HKUST, we employ an application named Duo and you may refer to our web page Duo Security for more information.
How it works
When access to applications supporting 2FA e.g. HKUST SSO Service
- Enter your email address and password
- Use your physical device to verify your identity e.g. your mobile phone or tablet
- You are securely logged in
After you have enrolled for two-factor authentication and access to applications supporting 2FA, you will need to login using your Email Address / password and then use your device to verify your identity. Duo will issue automatic push to your mobile or you can select Other options if applicable.
On trusted devices such as your own laptop, select Yes, trust browser so that you won't be prompted for 45 days for the same 2FA-protected web application with the same browser on the same device. It only works for web applications, VPN authentication does not honor this feature.
Please note that 2FA is only available to staff and enrolling students. The personal information registered for 2FA will be removed when a staff member or student leaves the University.
[Under circumstances when you cannot access your mobile device, you can also obtain a one-time Duo Bypass Code (not the one-time passcode) to access a 2FA application.]
Getting Started
Application Readiness (enabled with 2FA)
For Student | For Staff |
1. Remote Access Tools
2. Teaching and Learning Resources
3. Research IT Resources
4. Administrative Systems
5. Collaboration and Productivity Tools |
1. Remote Access Tools
2. Teaching and Learning Resources
3. Research IT Resources
4. Administrative Systems
5. Collaboration and Productivity Tools |
When accessing the above 2FA supported applications, please remember to have your mobile device around to respond the Duo PUSH notification sent to your mobile device. In case there is no network connection, you can use one-time passcode (obtain from your Duo Mobile App).
Please response to the Push Notification using your mobile device when you need to access applications supporting 2FA e.g. VPN, OWA etc. Besides, you can use one-time passcode in case you cannot receive the Push due to network connection issues.
You can obtain a Duo Bypass Code in case you cannot access to your mobile device (e.g. no battery, lost / change mobile):
What's New
FAQs
- What should I do if I have changed my mobile phone / reinstalled the Duo Mobile app?
- Cannot receive Duo's Push notification?
- How to logon if I forgot to bring my mobile or loss of it?
- Can I use Duo Mobile for 2FA with Multiple Accounts?
- Can I use Duo from overseas?
- What should I do if I receive an unexpected Duo notification?
- Where can I find Duo Privacy Policy?
- Any known issues when using 2FA?