Passwords are the keys to most devices and almost everything you do online. 

Unfortunately, even the best passwords can get hacked, stolen, or unintentionally shared. However, you can easily add another layer of protection to your username and password to make your login more secure. This is called multi-factor authentication, or MFA.

UCSB joins our sister campuses in taking meaningful action to help faculty, staff, and student employees safeguard themselves against cybercrime. MFA will begin to be used to protect UCPath beginning December 3, and other campus IT systems throughout 2021.

UCSB has partnered with Duo Security, a system that makes it easy for you to enable MFA. Learn more about enrolling with Duo on the UCSB IT website at

What is MFA?

MFA, sometimes referred to as two-factor authentication (2FA) or two-step authentication, is a security enhancement that requires you to present an additional piece of information beyond your username and password when logging in to an account. This additional information is usually in the form of:

  • something you have (like an app on or text sent to your phone, a token, or smart card);
  • something you are (like your fingerprint or facial/speech recognition).

Why use MFA?

MFA with Duo is quick and easy to use, especially with a push notification via the smartphone app. It will substantially help secure your accounts and personal information. Don’t wait until your accounts have been hacked — lock down your login today and enjoy greater peace of mind.

Although stopping all online crime is not realistic, simple steps can greatly reduce the likelihood you’ll be the next victim. You should use MFA whenever possible, especially for your most sensitive accounts such as your email, bank accounts, health records, and social media. A list of websites and whether they support MFA is located at

MFA helps protect you by adding an additional layer of security, making it harder for cyber criminals to log in with your identity. Even if they had your password, they would still need your phone or token – your second “factor” – to get in.

Follow @UCSBIT and @UCSBInfoSec and #mfaUCinfosec on Twitter, Facebook, Instagram, and LinkedIn for more cybertips and news!