Skip to content

2-Factor Authentication: Best Practices

If Possible, Push is Easiest

Installing the Duo app on your smartphone and using Push notifications is the easiest way to authenticate with 2-Factor Authentication. After you log in using your UCMNetID and password, the app will alert you to a Push notification waiting in your app. All you need to do is to tap on that notification, approve, and you’re done! 

Please note that it is important that you keep your DUO mobile app up to date to maintain key functionality. We recommend that you enable auto-updates for the DUO app. 


Enroll More Than One Device

Yes, you can (and should!) enroll in multiple devices. We recommend enrolling every device you can and trying using them all to see what feels most comfortable for you. 

First time enrolling? Check out the enrollment guide.

Already enrolled, but want to add more devices? Check out manage devices.


This is My Device

DUO Login screen with red box highlighting the "Remember me for 12 hours" checkbox below the "Log In" buttonIf you find that you have to authenticate multiple times per day, you can tell Duo "this is my device." When prompted during the authentication process, select "Yes, this is my device," and you won't have to authenticate for 14 days. 

"This is my device" is a web browser cookie, so it applies only to the computer and browser that you are currently working in. If you do this on your work computer, you'll still need to authenticate via Duo if you log in on your home computer within those 14 days. You can say, "Yes, this is my device," on any computer that you use regularly and that you trust.

Important: Use "Other people use this Device" on a public or shared computer!

Already enrolled, but want to add more devices? Check out manage devices.


Why Use Verified push

Verified Push (VP) adds an extra layer of protection against bad actors trying to access your UC Merced account and information. Now that it has gone out campus wide you will see the new experience when authenticating via Push.
 
This experience requires the authenticator to enter in a multi digit code, adding an extra step to stop accidentally accepting authentications not prompted by you and stopping bad actors in their tracks.