MFA 2.0: Maintenance Phase

MFA 2.0: Maintenance Phase

November 5, 2025

TLDR

Key points:

• The Duo MFA project is now in the maintenance phase. It is fully deployed and focused on long-term reliability and user support.
• MFA survey results show strong adoption, growing user confidence, with a few areas identified as improvement.
  • Email access issues over the summer were caused by password resets, not MFA. When using shared (public) devices, never select “trusted device.” Add a backup authentication method so you are not locked out of your accounts.
• All employees are required to complete annual, Cybersecurity Training as required by Texas Administrative Code Chapter 202 (TAC 202). The deadline to complete was October 31, 2025. If you have not completed, login to KnowBe4 and finish as soon as possible.

TLDR END

McLennan Community College (MCC) implemented Duo Multi-Factor Authentication (MFA) to strengthen account security, protect college data, and ensure compliance with state and federal cybersecurity requirements. MFA has also proven highly effective in reducing the risk of account compromise.

With the rollout complete, the MFA project is now entering its maintenance phase. The service is fully deployed and operational, with the focus shifting from implementation to long-term reliability, monitoring, and user support rather than implementing new features.

MFA Survey

The results for the MFA survey are complete. Overall, adoption has been positive, communication was clear and timely, and user confidence continues to grow. The feedback also highlighted a few challenges and areas for improvement.

Email Access

Many students believed they were locked out of their MCC email because of Duo MFA. However, Duo is not connected to email access. Over the summer, MCC implemented a system-wide password reset, which was required for continue access. Students who did not complete the reset were unable to access their emails or MCC systems. This was a separate issue from MFA.

Personal, Public, and Classroom Devices

When using teaching podiums or classroom computers, remember these are shared (public) devices. Because multiple users access them, they should never be marked as “trusted devices.” Doing so can create security risks and sign-in issues for others. If possible, bring and use your personal laptop to help reduce how often you need to re-authenticate with Duo.

A personal device is one you own or control, such as your laptop. Personal devices can be marked as trusted, which means you will receive fewer MFA prompts (typically remembered for up to 30 days) if your location, network, and device behavior remain the same.

A public device, like a classroom podium, is shared with others and will always require MFA for every login. This helps protect your account in case you forget to sign out. Note that changing networks, moving between classrooms, or using a Virtual Private Network (VPN) may also trigger additional MFA prompts.

When Your Phone Isn't Available 

If your phone is unavailable, be sure you have a backup authentication method or secondary device setup to access your account. See IT Hub: Add Additional or Backup Methods.

Cybersecurity was recently made aware of issues related to phone use in the MCC Testing Center. Because identity is verified before exams, we are working to remove the MFA requirements for that location only to avoid disruptions.

Additionally, some phone call authentications may fail if your device blocks unknown or unidentified numbers. This can prevent Duo calls from coming through. For troubleshooting steps, see IT Hub: Why Am I not Getting Duo Phone Calls?.

Browser and App Behavior

Some users have experienced inconsistent behavior with Duo MFA or the Pulse app (Brightspace) due to differences in how browsers and apps handle security settings and authentications. Each browser manages cookies, pop-ups, and embedded content differently, which can cause Duo MFA to fail or behave unexpectedly. These factors are outside the control of ISS.

The Pulse app previously experienced a Single Sign-On (SSO) issue that has since been resolved. Some users may still notice the app signing them out quickly. This is an app-specific issue, also beyond the control of ISS.

We recognize the rollout coincided with finals, which was a challenging time. We appreciate everyone’s patience and cooperation as MCC worked to meet the grant’s August 31, 2025, completion deadline.

ISS will continue monitoring MFA performance and user feedback to ensure reliable, secure access for all MCC students and employees.