Multi-factor authentication (MFA)
Multi-factor authentication (MFA) provides an extra layer of protection to make sure it's really you when you log into UQ services and systems.
MFA is also referred to as two-factor authentication or 2FA. It requires 2 separate factors to identify you and allow access to your account:
- Something you ‘know’ (your username and password).
- Something you ‘have’ (e.g. your mobile phone).
MFA is extremely effective because even if a criminal is able to obtain your account password, MFA will still make it very difficult for them to access your account.
UQ is progressively moving to Okta as the University's new Multi-Factor Authentication (MFA) service. During this time, our UQ community will be transitioned over a period between December 2025 and May 2026. The rollout has been planned so different groups in our community won't be impacted during peak periods.
Some of our systems are also in the process of moving across. This means it is expected that you may be prompted by Okta for some systems, and Duo for others, during the transition period (December 2025 - May 2026).
Why are we moving to Okta?
Okta Verify automatically adapts to new cyber threats, reducing the risk of phishing or account misuse. Moving to Okta strengthens UQ’s security posture.
As a simple, modern MFA experience - Okta Verify is also quick to set up and easy to use.
What to do
If you’re prompted for Duo, continue using Duo as usual for that system
If you’re prompted for Okta, ensure you have followed the instructions per your Okta activation email so you have continued access
No action is required until you receive an email advising you that your MFA is moving to Okta. At that time, you will receive an email with information on what to expect and instructions on how to activate.
Modern scams can be highly sophisticated, making it difficult to know what is real and what is fake. For a quick overview, read Is this legitimate? Protect yourself from scams.
Activating Duo MFA for the first time
Students and staff need to register a device for MFA to log into UQ services and systems that require MFA.
Most people find using the Duo Mobile smartphone app the most convenient way to use MFA.
If your device doesn't support Duo, or if you want to use another app, there are options available.
Follow the instructions to activate MFA on your mobile device using Duo
Follow the instructions to activate MFA on your mobile device using another app
Accessibility
If you have an accessibility or mobility-related requirement:
Students: Complete the MFA student accessibility request or contact AskUs.
Staff and alumni: Contact the ITS Service Desk.
Once you have a YubiKey, follow the instructions to set up MFA with a YubiKey.
Multiple accounts
If you will be activating MFA for multiple UQ accounts (e.g. a staff account and a student account), follow the instructions for activating multiple accounts.
Managing devices and other features
The MFA Management portal enables you to manage your registered MFA devices and access additional MFA settings and features.
You can:
- Register new phones or devices to use for MFA
- Generate a temporary MFA passcode if you forget your MFA device
- Register for MFA in nominated laboratories
- Review your recent MFA authentication activity.
Frequently asked questions (FAQs)
Setting up MFA
- How do I activate MFA for the first time on my mobile device?
- How do I register a new phone or device for MFA?
- How do I set up MFA if my device is not compatible with Duo, or if I want to use another app?
- Why can't I find or download the Duo Mobile app on the app store?
- How do I set up MFA with a YubiKey?
- How do I activate MFA for multiple accounts?
- How do I MFA if I don't have a smartphone, or don't want to use my personal device?
- What happens if I don't register a device?
- What do I do if I haven't enrolled for MFA after the soft enrolment period?
- How do I resolve errors when enrolling my phone number?
- How do I set up MFA in China using a Huawei smartphone?
- How do I set up a Duo token using the MFA portal?
General use
- How do I MFA if I go between my student and staff accounts?
- How do I MFA if I have run out of credit on my phone?
- What do I do if I've lost the paper/printout of my MFA temporary passcode?
- Can I change the authentication method I use?
- How do I generate an MFA passcode using the Duo app?
- How do I MFA in a location without mobile coverage?
- What should I do if I receive an unexpected Duo login request?
- How do I remove my UQ account in the Duo Mobile app?
- How do I change my default device for Duo?
- How do I MFA if I forget my device?
Lost or damaged devices
- What do I do if I've lost my phone or MFA-enabled device?
- What do I do if my YubiKey or Duo token is lost, stolen or damaged?
Problems logging in
- What do I do if I can't see the option to enter a passcode for MFA?
- I'm not receiving push notifications from Duo. How do I fix this?
- What do I do if my Duo token code isn't working?
- What do I do if I've clicked 'Trust this browser', but I'm still asked to log in?
- How do I generate a temporary bypass code for MFA?
MFA in labs
- How do I use MFA inside labs?
- How do I log in with MFA in a lab where I can't use my phone?
- How do I use the shared MFA tokens inside a lab?
- I manage a lab. What MFA arrangements are required?
- How do I unregister from a shared MFA lab token?
- I received an email stating my MFA lab access will expire in 1 month. What should I do?
MFA in exams
Using MFA overseas
- Can I use MFA when travelling overseas?
- I receive an 'Access denied' or failed login message when trying to MFA from overseas. What should I do?
About MFA
- What devices or methods can I use for MFA?
- Why do I need to use MFA?
- What is Duo verified push?
- What changes will I see with the new Duo MFA prompt?
- Do I need to use MFA every time I log in?
- Why don't all UQ sites use MFA?
- Does MFA use my data on my smartphone?
- How does Duo store my data?
- Why does the Duo Mobile app need access to my camera?
- What is Duo Instant Restore and how do I use it?
Activating Okta MFA for the first time
Anyone accessing UQ systems that require MFA will need to register a mobile device, such as a smartphone.
If you are using a personal desktop or laptop, you’ll need to use Okta Verify on your mobile device each time you log in to UQ systems that require MFA.
If you’re using a UQ-managed desktop or laptop, installing Okta Verify on your mobile device enables your initial login and activation of Okta FastPass. Once activated, FastPass lets you access UQ systems without a password or mobile device, using your laptop or desktop built-in security like passcodes, PINs and biometrics.
Follow the instructions for how to complete initial MFA setup.
If you cannot use Okta Verify on your mobile device, please contact the IT Service Desk.
Accessibility
If you have an accessibility or mobility-related requirement, contact the IT Service Desk.
Multiple accounts
If you will be activating MFA for multiple UQ accounts (e.g. a staff account and a student account), follow the instructions for activating multiple accounts.
Managing Okta devices and other features
Okta ‘My Settings’ enables you to manage your registered MFA devices and access additional MFA settings and features.
From items on the left-hand menu you can select:
- Personal information: view your name and email address/es
- Display language: set your preferred language for Okta (English is used by default)
- Security methods: register new phones/devices or remove phones/devices from Okta Verify MFA
- Recent activity: view your recent Okta MFA authentication activity
Frequently asked questions (FAQs)
Setting up Okta MFA
- How do I complete my initial MFA setup with Okta?
- What if I can’t scan the Okta QR code?
- How do I register a new phone or device for Okta MFA?
- What is Windows Hello and how do I activate it?
- Why am I receiving prompts for Duo?
- How do I remove a phone or registered device from Okta Verify?
- How do I activate MFA for multiple accounts?
- How do I set up Okta MFA with a YubiKey?
- Can I use my Apple Watch for MFA with Okta Verify?
- Can I set up MFA if my device is not compatible with Okta, or if I want to use another app?
- How do I generate a temporary access code for MFA?
Lost or damaged devices
About Okta MFA
- Does multi-factor authentication (MFA) use my data on my smartphone?
- Why do I need to use multi-factor authentication (MFA)?
- What devices or methods can I use for multi-factor authentication (MFA)?
- Do I need to use Okta MFA every time I log in?
- Why don't all UQ sites use MFA?
- How do I MFA in a location without mobile coverage?
AskUs (Students)