Multi-factor authentication (MFA)
Multi-factor authentication (MFA) provides an extra layer of protection to make sure it's really you when you log into UQ services and systems.
MFA is also referred to as two-factor authentication or 2FA. It requires 2 separate factors to identify you and allow access to your account:
Something you ‘know’ (your username and password).
Something you ‘have’ (e.g. your mobile phone).
MFA is extremely effective because even if a criminal is able to obtain your account password, MFA will still make it very difficult for them to access your account.
UQ is moving from Duo to Okta in 2026
UQ is progressively moving to Okta as the University's new Multi-Factor Authentication (MFA) service from early to mid-2026. The rollout has been planned so different groups in our community won't be impacted during peak periods.
All new and current students will use Duo until moved onto Okta during Semester 1, 2026.
No action is required, and Okta will not be available on your account until you receive your personalised activation email.
You will receive additional information and instructions in the lead up to your account being moved to Okta MFA.
Some of our systems are also in the process of moving across. This means it is expected that you may be prompted by Okta for some systems, and Duo for others, during the transition period.
What to do
If you’re prompted for Duo, continue using Duo as usual for that system
If you’re prompted for Okta, ensure you have followed the instructions per your Okta activation email so you have continued access
Modern scams can be highly sophisticated, making it difficult to know what is real and what is fake. For a quick overview, read Is this legitimate? Protect yourself from scams.
Activating Duo MFA for the first time
Students and staff need to register a device for MFA to log into UQ services and systems that require MFA.
Most people find using the Duo Mobile smartphone app the most convenient way to use MFA.
If your device doesn't support Duo, or if you want to use another app, there are options available.
Follow the instructions to activate MFA on your mobile device using Duo
Follow the instructions to activate MFA on your mobile device using another app
Accessibility
If you have an accessibility or mobility-related requirement:
Students: Complete the MFA student accessibility request or contact AskUs.
Staff and alumni: Contact the ITS Service Desk.
Once you have a YubiKey, follow the instructions to set up MFA with a YubiKey.
Multiple accounts
If you will be activating MFA for multiple UQ accounts (e.g. a staff account and a student account), follow the instructions for activating multiple accounts.
Managing devices and other features
The MFA Management portal enables you to manage your registered MFA devices and access additional MFA settings and features.
You can:
- Register new phones or devices to use for MFA
- Generate a temporary MFA passcode if you forget your MFA device
- Register for MFA in nominated laboratories
- Review your recent MFA authentication activity.
Frequently asked questions (FAQs)
Setting up MFA
- How do I activate MFA for the first time on my mobile device?
- How do I register a new phone or device for MFA?
- How do I set up MFA if my device is not compatible with Duo, or if I want to use another app?
- Why can't I find or download the Duo Mobile app on the app store?
- How do I set up MFA with a YubiKey?
- How do I activate MFA for multiple accounts?
- How do I MFA if I don't have a smartphone, or don't want to use my personal device?
- What happens if I don't register a device?
- What do I do if I haven't enrolled for MFA after the soft enrolment period?
- How do I resolve errors when enrolling my phone number?
- How do I set up MFA in China using a Huawei smartphone?
- How do I set up a Duo token using the MFA portal?
General use
- How do I MFA if I go between my student and staff accounts?
- How do I MFA if I have run out of credit on my phone?
- What do I do if I've lost the paper/printout of my MFA temporary passcode?
- Can I change the authentication method I use?
- How do I generate an MFA passcode using the Duo app?
- How do I MFA in a location without mobile coverage?
- What should I do if I receive an unexpected Duo login request?
- How do I remove my UQ account in the Duo Mobile app?
- How do I change my default device for Duo?
- How do I MFA if I forget my device?
Lost or damaged devices
- What do I do if I've lost my phone or MFA-enabled device?
- What do I do if my YubiKey or Duo token is lost, stolen or damaged?
Problems logging in
- What do I do if I can't see the option to enter a passcode for MFA?
- I'm not receiving push notifications from Duo. How do I fix this?
- What do I do if my Duo token code isn't working?
- What do I do if I've clicked 'Trust this browser', but I'm still asked to log in?
- How do I generate a temporary bypass code for MFA?
MFA in labs
- How do I use MFA inside labs?
- How do I log in with MFA in a lab where I can't use my phone?
- How do I use the shared MFA tokens inside a lab?
- I manage a lab. What MFA arrangements are required?
- How do I unregister from a shared MFA lab token?
- I received an email stating my MFA lab access will expire in 1 month. What should I do?
MFA in exams
Using MFA overseas
- Can I use MFA when travelling overseas?
- I receive an 'Access denied' or failed login message when trying to MFA from overseas. What should I do?
About MFA
- What devices or methods can I use for MFA?
- Why do I need to use MFA?
- What is Duo verified push?
- What changes will I see with the new Duo MFA prompt?
- Do I need to use MFA every time I log in?
- Why don't all UQ sites use MFA?
- Does MFA use my data on my smartphone?
- How does Duo store my data?
- Why does the Duo Mobile app need access to my camera?
- What is Duo Instant Restore and how do I use it?
Activating Okta MFA for the first time
Most people will set up Okta MFA using a mobile phone, such as a smartphone, with the Okta Verify app.
If you are using a personal laptop or desktop, you can approve sign-ins using Okta Verify on your mobile phone when accessing UQ systems that require MFA.
UQ staff using a UQ-managed laptop or desktop are encouraged to set up Okta Verify on their computer. This enables the Okta Verify app’s FastPass feature, allowing you to sign in using the built-in security offered (such as Windows Hello or Apple Touch ID - face ID, touch ID or PIN). This means you won’t need to use your mobile phone each time.
Follow the instructions for how to complete initial MFA setup.
Additional options, including using passkeys and hardware tokens, are also available. For more information, refer to the FAQs.
If you cannot use Okta Verify on your mobile device, please contact the IT Service Desk.
Accessibility
If you have an accessibility or mobility-related requirement, contact the IT Service Desk.
Multiple accounts
If you will be activating MFA for multiple UQ accounts (e.g. a staff account and a student account), follow the instructions for activating multiple accounts.
Managing Okta devices and other features
Okta ‘My Settings’ enables you to manage your registered MFA devices and access additional MFA settings and features.
From items on the left-hand menu you can select:
- Personal information: view your name and email address/es
- Display language: set your preferred language for Okta (English is used by default)
- Security methods: register new phones/devices or remove phones/devices from Okta Verify MFA
- Recent activity: view your recent Okta MFA authentication activity
Frequently asked questions (FAQs)
Setting up Okta MFA
- How do I complete my initial MFA setup with Okta?
- What happens when I set up Okta Verify's FastPass on my computer?
- What if I can’t scan the Okta QR code?
- How do I register a new phone or device for Okta MFA?
- What is Windows Hello and how do I activate it?
- Why am I receiving prompts for Duo?
- How do I remove a phone or registered device from Okta Verify?
- How do I activate MFA for multiple accounts?
- Can I use my Apple Watch for MFA with Okta Verify?
- Can I set up MFA if my device is not compatible with Okta, or if I want to use another app?
- How do I generate a temporary access code for MFA?
- Can I use a hardware token or ‘dongle’ for Okta MFA?
- How do I setup Okta MFA with a YubiKey
- Can I use passkeys for Okta MFA?
Lost or damaged devices
About Okta MFA
- What's the difference between Okta, Okta Verify and Okta FastPass?
- Does multi-factor authentication (MFA) use my data on my smartphone?
- Why do I need to use multi-factor authentication (MFA)?
- What devices or methods can I use for multi-factor authentication (MFA)?
- Do I need to use Okta MFA every time I log in?
- Why don't all UQ sites use MFA?
- How do I MFA in a location without mobile coverage?
AskUs (Students)