Body
Read these questions to learn about Multi-Factor Authentication and why we are using it.
If you are having problems and are already using MFA or are setting it up for the first time, please see our MFA troubleshooting article.
1. What is MFA (Multi-Factor Authentication)?
When users connect to a computer system, they are prompted for a username and a "factor" of authentication, typically, a password. MFA is an enhanced security process that verifies a user's identity by using multiple methods. Rather than only ask for a password, MFA requires different additional credentials (codes, fingerprint, devices, etc).
2. Why do we need to use MFA?
The simple answer: To make it hard for crooks to get into your account!
The bad guys have lots of ways of stealing or learning your password, and they want your account to steal from you or others. There is a huge black market online for selling usernames and passwords because they lead to very important things (bank accounts, health information, credit cards, behavior, etc). If a criminal steals your password through phishing or other means, they are much less likely to get into your account if MFA is in place.
There has been a massive increase in attackers trying to get into accounts, even at ONU, for extortion, ransomware or other malicious purposes. Security experts have published many studies that prove the single most effective way of preventing these kinds of attacks is to use MFA with all accounts.
3. Do I have to use MFA?
Yes. We are currently rolling out MFA to staff and faculty. It will be mandatory for email and Office 365 applications.
4. Is my account really that important?
Absolutely. You may not realize it, but even if the only thing you have is email, your account is valuable. Check out this poster below to see the ways your account can be valuable to the bad guys.
5. How do I set up MFA?
6. Do I need a smartphone in order to use MFA?
No. It is recommended but not required. You may use the Microsoft Authenticator app on any other mobile device. Or you can specify to be prompted via phone or text in the MFA setup process.
7. What if I lose my phone?
If you have lost your phone, log in with an alternate device, and remove the lost or stolen device as an authentication option. If you did not enroll multiple devices, contact the IT Help Desk for assistance.
We encourage setting up multiple devices with the Microsoft Authenticator in case you lose or can't access one of the devices. You can also provide additional contact methods such as an alternate phone numbers. It isn't a requirement to have the Microsoft Authenticator on multiple devices, but it can help out if there are problems getting into your accounts.
8. Am I required to use the Microsoft Authenticator app?
The Microsoft Authenticator App is not required, but it is recommended since it has the most options available and will provide the best experience. Alternatively, you can also set up your account to verify via text or phone call.
9. What is an App Password?
App Passwords are used for devices that might not support MFA. See this article for more information on App Passwords.
10. What if I get a new phone?
If you have set up multiple authentication devices and/or methods, you may install the Microsoft Authenticator and still log in with your new phone. If you have difficulty, contact the IT Help Desk for assistance.
11. Should I enroll more than one device for authentication?
Yes, having at least 2 devices enrolled is helpful if one device is lost, stolen or a device has a technical issue.
12. Am I going to be prompted for MFA verification dozens of times a day?
After the initial setup of your devices, it should be rare for you to be prompted multiple times. MFA verification is most likely to occur when you connect from a new location.