Skip to main content

System Status: 

Enabling Multi-Factor Authentication

You need more than a password to protect your online accounts, and enabling MFA makes you significantly less likely to get hacked.

Enable multi-factor authentication


Also known as two-step login, two-step verification, and two-factor authentication. No matter what you call it, multi-factor authentication, or MFA, is a security measure that requires anyone logging into an account to navigate a two-step process to prove their identity. It makes it twice as hard for criminals to access an online account. When it’s available, always turn it on because it’s easy to do and greatly increases your security.

How does MFA work?

By adding one more simple step when logging into an account, multi-factor authentication greatly increases the security of your account. Here’s how it works. Just like logging into your account, the first step is giving your password or passphrase. The second step is to provide an extra way of proving that you’re you, like entering a PIN code or texting/emailing a code to your mobile device, or accessing an authenticator app.

MFA can include

  • A extra PIN (personal identification number)
  • A unique number generated by an “Authenticator App” 
  • An additional code either emailed to an account or texted to a mobile number
  • A secure token, which is a separate piece of hardware (like a key fob that holds information) that verifies a person’s identity with a database or system
  • A biometric identifier like facial recognition or a fingerprint

Proofpoint Video (1:09)
60 Seconds to Better Security: What is Multi-Factor Authentication (MFA)?

What type of accounts offer MFA?

UC San Diego began using two-step login with DUO in 2018 for key business applications accessed through the university's single sign-on system. These include popular Personal, Business, Enrollment, Financial, Instruction and Research Tools that you access under the Blink tools menus or MyTritonLink.

Although not every account offers MFA, it’s becoming more popular every day. It’s seen on many accounts that usually hold either valuable financial or personal information like banks, financial institutions, online stores, or social media platforms.

Any place online that is storing your personal information (especially financial information), or any account that can be compromised and used to trick or defraud someone else should be protected with MFA. So, basically everything. Simply put, use MFA everywhere!

Multi-Factor Authentication Tipsheet (PDF)
For more information, contact IT Services Office of Information Assurance at