• Starting April 28, 2026, SMS and phone call-based authentication will no longer be valid for multi-factor authentication (MFA) when accessing UCLA systems that require Single Sign On (SSO).
• If you are currently using SMS text passcodes or phone call-based authentication when logging into UCLA systems, you must begin using the Duo Mobile application to authenticate moving forward.

To be compatible, your device must meet the following requirements:

• Android Duo Mobile version 4.85.0 or later, on Android version 12  or later
• Apple Duo Mobile version 4.85.0 or later, on iOS version 17 or later

To verify the Duo Mobile app version:

• Open the Duo Mobile app on your device
• Tap the Menu icon in the top-left corner
• Locate the version number at the bottom of the menu
• Ensure it is version 4.85.0 or later

• If you do not already have a compatible mobile device linked to your account, link a compatible mobile device to your account by following the provided instructions.
• Update the operating system and Duo Mobile application to ensure compatibility with multi-factor authentication when accessing UCLA systems that require Single Sign-On (SSO).

If your mobile device cannot be updated to run the latest version of Duo Mobile App, please refer to the Security Token & Exception FAQ below. 

If you have one compatible device enrolled, you may continue using it.

Yes, you can view a tutorial on how to view, manage, and unlink MFA devices

• Managing enrolled devices

• Android Duo Mobile version 4.85.0 or later, on Android version 12  or later
• Apple Duo Mobile version 4.85.0 or later, on iOS version 17 or later

For faculty and staff members in restricted environments:

• You will need to request a security token if you do not already have one.
• Submit your request through the ServiceNow form.

All UCLA users are eligible to use a security token, provided it meets the information security team guidelines.

Individuals who cannot or do not want to use Duo Mobile App, can purchase a YubiKey and register it as an approved MFA device. 

Please note: Faculty and staff members with certain eligibility criteria can  submit an exception form to receive a DTS YubiKey at no cost. 

• You work in an environment that restricts on mobile devices (e.g., labs, secure zones).
• You are a current security token holders with a malfunctioning or replacement-needed Duo D-100 token.
• You have a disability and are unable to log on using the Duo Mobile app.
• You have a non-compatible mobile device that does not support the required version of Duo Mobile.
• You previously used a telephone call authentication and do not have a compatible device.

Yes. You may purchase a compatible hardware security token for use with UCLA Multi-Factor Authentication (MFA).

UCLA only supports YubiKey security tokens.

• If you are faculty or staff member please register your security token.
• If you are a student or Emerti  please register your security token after purchasing your YubiKey.
• If you are an Alumni, please send an email to the IT Support Center  after purchasing your YubiKey. 

• Visit the Registering a Security Key page to learn how to add a personal security token.
• Replacement costs for lost security tokens are the responsibility of the user.

A passkey is a type of cryptographic credential that can be used as a Duo MFA device. It allows you to authenticate without needing a physical smartphone or hardware security token.

1Password can store passkeys and enable you to use a passkey as your MFA device when logging in.

Please see the step-by-step instructions for setting up 1Password on Windows and macOS devices.

Cisco provides options on their Accessibility and Duo page for employees with disabilities to use their application effectively.