HKMU Two-factor Authentication

FAQ


Keyword to search:

General Qusetions

1. What is Two-factor Authentication (2FA)?

Two-factor Authentication adds a second layer of security to your accounts. Verifying your identity using a second factor to approve authentication requests prevents anyone but you from logging in, even if they know your password.

After inputting your login information, you can select the 2nd factor authentication method. If selected 'Duo Push', you will be asked to respond to a push message. If selected 'Duo Mobile Passcode', you enter a one-time passcode to verify your identity - both can be done via your mobile device.

2. Why do we need Two-factor Authentication (2FA) and who will require to login with Two-factor Authentication (2FA)?

Login credentials are more valuable than ever and are increasingly easy to compromise. Over 90% of breaches today involve compromised usernames and passwords.

Two-factor authentication enhances the security of your account by using a secondary device to verify your identity. This prevents anyone but you from accessing your account, even if they know your password.

Staff who is employed as Full-time, Part-time, Temporary and Tutor employee will be enforced to login the selected web applications with 2FA phase by phase.

3. What is the minimum system version requirement on mobile device, Duo Mobile App and web browser to Support Duo Two-factor Authentication (2FA)?

With reference to Duo’s information on Feb 2025:

Mobile Device OS Minimum Supported Version
(Updated on Feb 2025)
iOS 16 (Effective 17 Feb, 2025)
Click here to get the details and latest supported version.
Android 11 (Effective 8 Feb, 2024)
Click here to get the details and latest supported version.
Web Browser Minimum Supported Version
(Updated on May 2024)
Chrome 38
Safari 9
Firefox 47
Edge 17
Internet Explorer 11
Duo Mobile App on Mobile Device Minimum Supported Version
(Updated on Sep 2025)
iOS 4.85
Android 4.85

4. How to check the version of the Duo Mobile app which installed on mobile device?

1. Open the Duo Mobile app on mobile device.

2. Tap the menu icon (usually three lines or dots) in the top corner.

3. Current app version will be displayed at the bottom. If it is below version 4.85, please proceed to upgrade via your device’s app store (i.e. iOS - App Store or Android - Play).
(* For the version 4.85, the minimum mobile device OS requirement is iOS 16 and Android 11.)

5. Is it necessary to input my phone number during enrollment of mobile device if the Duo Mobile App was installed in my mobile phone?

No, it is not necessary to provide your phone number during enrollment. We provide 'Duo Push' response and 'Duo Mobile Passcode' authentication methods which generated by the 'Duo Mobile App' without requiring your phone number.

6. Can I enroll multiple mobile phone or tablet to use Duo Two-factor Authentication (2FA)?

Yes, you can.

7. What should I do if I have changed my mobile phone?

Before disposed or reset your old mobile phone, access the Two-factor Authentication (2FA) website (https://mfa.hkmu.edu.hk), click here, login and then select 'Other options' in the next prompt screen, and then click 'Manage devices' in the menu to add a new mobile phone.

If your old mobile phone was reset to default/disposed/damaged/lost, obtain a 'Bypass Code' in here and then click here, login and then select 'Other options' in the next prompt screen, click 'Bypass Code', input the obtained 'Bypass code', after passed the authentication, click '+' icon to add the new mobile phone. Refer detail steps in the Duo 2FA Mobile Device Management User Guide.

8. Does the Two-factor Authentication (2FA) method - "Duo Push" require internet connection or mobile network connection?

Yes, it will use your mobile data or it requires internet connection if you are select "Duo Push" as the 2FA.

9. Any information will be collected by Duo mobile app if it is installed on the mobile device?

Please refer to Duo's Service Privacy Notice ( https://duo.com/legal/privacy-notice-services) for detail, the information they will collect includes: device information and log data.

10. Can I use Duo Mobile App for Two-factor Authentication with Multiple Accounts?

Yes. if you have multiple accounts, you can also use Duo Mobile App for Two-factor authentication.

11. What should I do if I am no longer working for HKMU?

You can delete the HKMU Two-factor Authentication (2FA) user account record in the Duo Mobile App. Or, if you have no other user account use Duo Mobile App as 2FA, you can uninstall the Duo Mobile App.

Technical Issues and Questions

1. During the first mobile device enrollment process, what will happen if I did not complete the whole enrollment process successfully?

If the whole enrollment process was not completed successfully with receiving the email subject "Welcome to Duo", you may get the following messages e.g. 'Add one more device' or 'Account Enrolled' or 'Enter your bypass code' after login the 2FA enabled applicaton e.g. eHRMS. Please contact ITO help desk and then we will help you to re-enroll your mobile device again.

2. What can I do if my enrolled mobile device is malfunction?

You could obtain a one-time 'Bypass Code' in here and then use the 'Bypass code' as the Two-factor authentication method.

Or, you could obtain a one-time 'Bypass Code' in here and then access the 'Manage Enrolled Mobile Device' section in the 'Home' page, use the 'Bypass code' as the Two-factor authentication method and add another mobile device for 2FA.

3. Why my Firefox web browser display white blank page after submitted the username and password, and no Duo Two-factor Authentication (2FA) web page show up?

This may due to your Firefox web browser version is not meet the minimum requirement of Duo 2FA service. Please try to login with other kind of web browser e.g. Google Chrome or Microsoft Edge. You could also consider to update the Firebox to the latest version.

4. Can I use Duo from overseas or without internet connection? Anything I need to prepare before my travel?

Yes. You can always use Duo to access secured resources no matter you are in Hong Kong or overseas. Your Duo Mobile app works well even your mobile device has changed with another SIM card (another phone number) during your travel. Please remember to carry your registered mobile phone as it is an important device to verify your identity in order to access applications supporting 2FA.

If you do not have internet connection, you can select the 'Duo Mobile Passcode' as the Two-factor Authentication method.

5. What is 'Duo Universal Prompt'? How can I change other authentication medthod in Duo Universal Prompt?

The 'Duo Universal Prompt' is look like as below when login the systems e.g. eHRMS, Oracle Finance and iProcurement System :

Duo Universal Prompt

Duo will automatically trigger the last authentication method you used. For example, if you requested a 'Duo Push Notification' the last time you logged in, Duo will trigger a 'Duo Push Notification' now.

If you need to change the authentication method, simply click 'Other options' and choose the method from the menu.

Change authentication method


For other systems e.g. Docusign, myHKMU, the 2FA login is not using 'Duo Universal Prompt' and it is look like as below:

Customize_2FA_login

User requires to select the 2FA authentication method manually. If you have not enrolled your mobile device yet, please click the 'here' under the login button to perform the enrollment first.

6. What should I do if I receive an unexpected Duo notification?

If you get a Duo notification and you did not try to access that particular site, your account / password is likely compromised and you are advised to change your password immediately. However, some project account with multiple users may receive Push notification from other user sharing the same account and you may just ignore them.

7. My mobile phone/tablet was bought in mainland China and there was no Google Play Store in it, how can I install the Duo Mobile app?

For those mobile phone/tablet which cannot connect to the Google Play Store, user can download the Duo Mobile APK directly from official Duo website - https://dl.duosecurity.com/DuoMobile-latest.apk (update information can be reference from Duo knowledge base website). *User shall only download and install official APK files from Duo (click here to learn the detail) into your mobile device since unofficial APK may be altered by hackers for malicious purposes.

Please also note that, since Google Play Services is required in order to receive the Duo Push notification on Android devices, for Android devices without Google Play Services installed, you have to open the Duo Mobile app and 'fetch' by swiping down in the mobile app.

8. Why it is successful to pass Two-factor Authentication(2FA) when using the Duo Push, but it is fail to pass 2FA when using the Duo Mobile Passcode in my mobile device?

For the Duo Mobile Passcode authentication method, it is a time-based One Time Code and it is a time sensitive when submitted. The reason of this issue may be due to the time discrepancy between your mobile device and local time. Please check the date and time in your mobile device are same as the local time.

9. Duo says I'm locked out, what can I do?

Duo will lock you out after 10 failed attempts (e.g. not response to the Duo Push) in the 2FA login. This lockout will last for 15 minutes and then auto unlock, after which you can try again.

10. Why the Duo Push notification was not prompted in my mobile phone occassionally?

According to information from Duo, this issue may be due to certain factors. You could refer to the following Duo article to troubleshoot the Duo Push notification issues:

For iOS devices: click here
For Android devices: click here

11. How can I distinguish multiple devices when getting my identity verified?

You may rename your mobile devices to more recognizable names.

12. What should I do if FAQ cannot help?

For the enquiry/problem about the Duo Two-factor Authentication, please contact us by the following IT Hotlines:
1. 2768 6523 (Office Hours)
2. 2768 6524 (Non-office Hours)