What is Two-Factor Authentication (2FA)?
Two-factor authentication (2FA) is an enhanced logon process. After entering your password, you will need to confirm your access by using a designated device (e.g. your mobile). This prevents unauthorized access to sensitive data even if your password is stolen. In HKUST, we employ an application named Microsoft Entra multifactor authentication and you may refer to web page Microsoft MFA for more information.
How it works
When access to applications supporting 2FA e.g. HKUST SSO Service
- Enter your email address and password
- Use your physical device to verify your identity e.g. your mobile phone or tablet
- You are securely logged in
After you have enrolled for two-factor authentication and access to applications supporting 2FA, you will need to login using your Email Address / password and then use your device to verify your identity. Microsoft MFA will issue automatic push to your mobile or you can select "I can't use my Microsoft Authenticator app right now" if applicable.
[Under circumstances when you cannot access your mobile device, you can also obtain a one-time TAP Code (not the one-time passcode) to access a 2FA application.]
Getting Started
Application Readiness (enabled with 2FA)
For Student | For Staff |
1. Remote Access Tools
2. Teaching and Learning Resources
3. Research IT Resources
4. Administrative Systems
5. Collaboration and Productivity Tools |
1. Remote Access Tools
2. Teaching and Learning Resources
3. Research IT Resources
4. Administrative Systems
5. Collaboration and Productivity Tools |
When accessing the above 2FA supported applications, please remember to have your mobile device around to respond the Microsoft Authenticator - notification sent to your mobile device. In case there is no network connection, you can use one-time passcode (obtain from your Microsoft Authenticator App).
Log in to the Microsoft MFA Enrollment Portal for first-time MFA enablement.
After MFA enablement, please visit the Microsoft MFA Self-Service Portal to manage your MFA device.
Refer to Enrollment for 2FA (or view video) for the details.
Please response to the Push Notification using your mobile device when you need to access applications supporting 2FA e.g. VPN, OWA etc. Besides, you can use Temporary Access Pass (TAP) in case you cannot receive the Push due to network connection issues.
You can obtain a TAP Code in case you cannot access to your mobile device (e.g. no battery, lost / change mobile):
For DUO MFA Users only
Please response to the Push Notification using your mobile device when you need to access applications supporting 2FA e.g. VPN, OWA etc. Besides, you can use one-time passcode in case you cannot receive the Push due to network connection issues.
You can obtain a DUO Bypass Code in case you cannot access to your mobile device (e.g. no battery, lost / change mobile):
What's New
FAQs
- What should I do if I have changed my mobile phone / reinstalled the Duo Mobile app?
- Cannot receive Duo's Push notification?
- How to logon if I forgot to bring my mobile or loss of it?
- Can I use Duo Mobile for 2FA with Multiple Accounts?
- Can I use Duo from overseas?
- What should I do if I receive an unexpected Duo notification?
- Where can I find Duo Privacy Policy?
- Any known issues when using 2FA?