Planning to travel abroad but still need to access your UCSB digital life while away? Taking these planning steps will help ensure you never lose connection with the UCSB services you rely on.
Simplify support for MFA
Make sure your personal information is up to date in campus records. Log into UCSB’s Identity & Access Manager and review that your information under Edit Your Name’s profile is up to date and accurate. Also, verify that your Edit Personal Information area data is correct. If you ever need assistance, having this data complete and correct will ensure Support can easily identify and assist you. If IT support is unable to positively identify you, they will not be able to provide service.
- While there, also make sure you have Security Answers and Questions set and you know what they are
Decide on what devices to use
Taking your current phone with an international cell plan is the easiest solution for doing MFA since little to nothing changes. If you are planning to switch SIM cards for your international plan, please make sure you are using the Duo Mobile App and not relying on an SMS-only setup. Since your phone number changes with your SIM, Duo would send SMS codes to your old number unless updated. More details found here.
Suppose you leave your current phone or device at home and get a new phone while abroad. This requires the most planning. The best way to do this is to get your new phone soon after arriving (within 14 days) and take backup passcodes with you to set up your new phone with MFA.
Suppose you use something instead of a phone to do MFA, such as an iPad with WiFi. In that case, you should set up your tablet on WiFi with the Duo Mobile App before you leave, then while abroad, you would need WiFi and use Duo Push or use the Mobile App passcodes.
Hardware tokens are specialized devices UCSB IT can provide you. Call us a few days before you leave to have us mail a hardware token to you at 805-893-5000.
Decide what MFA methods to use
When abroad and needing to log into UCSB websites or applications protected by MFA, you can use passcodes as your verification method. You can do this in many ways:
- Use the Duo Mobile application on your phone to generate a passcode. This method works anywhere, even in places where you don’t have an Internet connection or cellular service.
- When you have cell or WiFi access, get backup passcodes via SMS Text messaging. You can generate 10 codes, suitable for one use only when you do not have cell or WiFi service.
Before you leave, you can use your existing Duo setup to send yourself a text message with ten backup codes. The passcodes are one-time use (cross them out as you use them). All ten codes expire after 14 days. Use these codes to access Duo-protected systems before setting up your new device. Keep in mind that if you create a set of backup codes and then create a second set later, the first set will expire.
We strongly advise you to obtain a new set of backup passcodes every 14 days. Set a reminder on your phone or calendar to ensure that you remember to do this. Generate your first set of codes before leaving the United States.
Keep your codes in a safe place so that you can easily access them as needed. Do not store them with your primary MFA device since losing them together is the same as having no backup.
|Can be used when you have...||Cell Service||WiFi Access||No Connectivity|
|DUO App to Push Notification||✓||✓||X|
|Generate 10 SMS passcodes||✓||X||X|
|SMS passcodes [backup passcodes]||✓||✓||✓|
|DUO App to generate a one-time passcode||✓||✓||✓|
|Hardware token to generate passcodes||✓||✓||✓|
Have a backup plan
If you take your US phone abroad, what will happen if it is lost or stolen?
You can have multiple MFA devices, such as an additional phone or tablet. To set up a new Duo device while abroad, follow the instructions found here.
Even if you have a primary device with cell and WiFi access, print your backup codes on a piece of paper and take them with you - or leave them with a trustworthy person back home!
Get a Hardware Token as an alternate verification device. Contact the IT Support Desk for details
You may contact UCSB IT support for a one time “Temporary Bypass.” This gives you time to configure a new device or log into an MFA protected system in an emergency
OFAC (US Office of Foreign Assets Control) Restrictions
Beginning May 5, 2022, users attempting to authenticate to a Duo-protected application from an access device with an IP address originating in an OFAC-regulated country or region will be blocked from completing their login and receive an error message.
Web-based applications will display the following error message: “Access denied. Duo Security does not provide services in your current location.” Other applications may display a generic failed login message.
OFAC restrictions relevant to Duo currently apply to the following countries or regions:
- North Korea
- Crimea region
- Sevastopol region
- Donetsk region
- Luhansk region
If traveling to a country or region that is Duo restricted, UCSB technical support cannot enable access to you. Plan accordingly with the expectation that you will not be able to access protected apps while in restricted areas. Duo offers a support article that is updated with currently blocked regions and countries.
More OFAC information found here.
If you are aware of anyone that is planning to travel to these restricted regions or is denied access to services when in one of the regions, please have them contact OR Export Control (firstname.lastname@example.org) for additional information.
Please remember that support personnel are required to identify you before providing service, especially when assistance is provided to users outside the United States. Assistance is only available during UCSB’s business hours, Pacific Standard Time Zone. Support options for MFA are listed here.