New Multi-Factor Authentication Enhancements

January 17, 2025

Effective March 18, 2025, employees can no longer use SMS (text messages) or simple hardware tokens for CalNet MFA verification. 

In UC’s ongoing commitment to safeguarding and protecting your data, UC Berkeley is introducing enhanced security methods for CalNet MFA verification (aka CalNet 2-Step).

Why Do We Need To Change?

Several higher education institutions have experienced phishing attacks, which resulted in the theft of credentials and redirection of paycheck deposits. Berkeley is committed to keeping our community safe from such attacks. Therefore, we are strengthening our multi-factor authentication (MFA) protections and turning on risk-based authentication for CalNet MFA verification.

What Do I Need to Do?

Follow the below instructions to move off SMS (text messages) or simple hardware tokens before March 18.  We recommend moving to the Duo Mobile app - it’s the easiest way to do the CalNet 2-Step.

If you have a smartphone:

If you do not have a smartphone: