The Catholic University of America

Multi-factor authentication for Cardinal Financials using Duo

What is multi-factor authentication?

NIST has a good definition: Multi-factor authentication or MFA, sometimes referred to as two-factor authentication or 2FA, is a security enhancement that allows you to present two pieces of evidence, or factors – your credentials – when logging in to an account. Your credentials fall into any of these three categories: something you know (like a password or PIN), something you have (like a smartphone or security token), or something you are (like your fingerprint). Your credentials must come from two different categories to enhance security – so entering two different passwords would not be considered multi-factor.

Why are we adding multi-factor authentication?

The university has both an ethical and legal obligation to protect its data from unauthorized disclosure. Using a second factor in addition to your username and password allows us to minimize the impact if your password is compromised.

What will the impact be to me?

When you log onto Cardinal Financials, you will need to provide two authentication factors: your Cardinal Credentials as usual, and second factor. The good news is that the second factor can be as easy as tapping a button on your phone or entering a few additional digits to your password!

What is Duo?

Duo is a software tool provided by Duo Security, a cloud-based access security provider with which the university has a contractual agreement. Duo enables Cardinal Financials to look for more than just your username and password. It enhances system access security.

Where is Duo being used within the university environment?

The university is already using Duo to secure system administrator access to servers and to the unversity's VPN service. In time, Duo will become a part of the login process for most university applications and services that hold confidential information.

How will Duo change my login experience?

Your username and password stay the same and are still required. Based on how you choose to set up Duo, you will either respond to a prompt on your phone or add some additional information during login. Duo has several authentication methods from which you can choose.

How does Duo work with the university's VPN? Why do we need both?

The Virtual Private Netowrk (VPN) allows us to restrict access to university systems in a protected set of locations. Duo allows us to better verify that the person attempting to access a service is who they say they are (i.e. it provides a greater degree of "assurance" in security speak). The two technologies provide complimentary but different functions. Cardinal Financials is configured to require users outside campus to use the VPN in order to minimize the number of threats to which the system is exposed. Duo helps ensure that the person logging in, even if somone else has obtained their password, is the actual owner of the account.

What do I do if I'm having trouble with Duo, or I lose or replace my authentication device?

Please email the Security Office ( and we will be happy to assist you with accessing Cardinal Financials or setting up Duo for a new device.

Additional information

Duo Authentication Methods: choices for how to use Duo
Using a computer to set up Duo to use the Duo Mobile app (recommended)
Using a smart phone to set up Duo to use the Duo Mobile app
Using a computer to set up Duo to use a landline
Login experience using Duo Mobile App
Login experience using a landline

Frequently asked questions

FAQ Duo Mobile App
FAQ Phone Call and SMS