Multi-Factor Authentication (MFA) - FAQ

Multi-Factor Authentication - Frequently Asked Questions
 
Table of Contents:
General - Frequently Asked Questions
Using - MFA Frequently Asked Questions  

What is Multi-factor Authentication (MFA)? 

Multi-factor authentication (MFA) seeks to decrease the likelihood that others can access your data. Specifically, it enhances the security of your NetID by using your phone, tablet or other device to verify your identity when you attempt to access Brockport's network and resources. 

Two items are required to access and update your information: “something you know” (like your password) and “something you have” (like your phone).

For example, when you visit an ATM, one authentication factor is the ATM card you use to start the transaction - that’s the “something you have.” Next, you enter a PIN, which is the “something you know.” Without both factors, your authentication will fail. 

Why do I need to use MFA for my Brockport account?  

Brockport accounts are under constant attack from all over the world and passwords are becoming increasingly easy to compromise. Passwords can be stolen, guessed, hacked, and new technology and hacking techniques combined with the limited pool of passwords used for multiple accounts means information online is increasingly vulnerable.

In addition, experience has shown that people are not as good at recognizing malicious email as you might think. Every day, members of the Brockport community fall prey to these kinds of scams. We have to take steps to ensure that we are more than just a single click away from becoming a victim of identity theft or having your data stolen. 

Multi-Factor Authentication adds a layer of security to your account to make sure that your account stays safe, even if someone else knows your password. This second factor of authentication is separate and independent from the NetID and password step — MFA never uses or even sees your password. 

Am I required to use two-factor authentication?  

All Brockport person accounts are required to use two-factor authentication when logging into all campus systems.

Who do I contact for help with MFA?  

If you have any questions or need assistance setting up MFA, please contact the Brockport IT Service Desk at 585-395-5151 Option 1.

Using MFA - FAQs  

How does Multi-Factor Authentication (MFA) work?  

Once you have signed up for MFA, when you attempt to access college resources, you will be prompted to enter your username and password as usual (the first “factor”). You will then be taken to the MFA screen where you will select the device of your choice and the preferred method of verification: push notification, a phone call, or a passcode — you will use to verify that it’s you (the second “factor”). 

How do I enroll devices?

You will be prompted to register your devices and authentication methods when you log into your account for the first time. It is strongly encouraged to have at least two devices registered. Instructions to setup MFA can be found in the Multi-Factor Authentication (MFA): Installing the Authenticator App and Registering Your Devices article .

What devices can I use?  

MFA has the ability to link multiple devices to your account. You may use the Microsoft Authenticator app on a mobile device such as a phone or tablet. Another option is a text message notification to a mobile phone. Additionally a hardware token may be used as your second factor. Lastly, there is a phone call option for a mobile phone or landline however, this is the least secure method available. We strongly suggest setting up multiple devices if possible.

When you are performing your initial setup, you may add as many supported devices as you like. Subsequently, when you are logging in you may choose which device the authentication request is sent to and which authentication method you would like (via Microsoft Authenticator Mobile App, SMS text message, or phone call). 

I’ve selected to automatically send push notifications to my phone, but I need to authenticate using another device.  

You can sign in with the link to use a different method. From there you can use the other device option you setup when you registered.

How do I add a new device or manage an existing one?   

Instructions on managing devices and enrolling/registering a new phone, tablet, desk phone can be found here: https://docs.microsoft.com/en-us/azure/active-directory/user-help/multi-factor-authentication-end-user-manage-settings

How many authentication methods should I add?  

We recommend that all users add at least 2 methods, such as the Microsoft Authenticator App and Text Messages. Phone calls to landlines are the least secure option. 

Do I need to have a smartphone to use MFA?  

No, you can use a cell phone, landline (such as your office or home phone), tablet, or hardware token as well. We recommend that users who have a smartphone choose to use the Microsoft Authenticator App or Text Message as they are the easiest to use with MFA.

What if I forget my smartphone at home?  

We encourage users to set up multiple authentication devices with MFA, so that when one method is unavailable, you have others from which to choose. For example, you could set up your smartphone for “push” and also your office phone and home phone to do callback. You may also register a hardware token as well.

What happens if I lose my phone?   

Contact the IT Service Desk at 585-395-5151 Option 1 immediately if you lose your phone or suspect that it's been stolen. 

While it's important that you contact the IT Service Desk if you lose your phone, remember that your password will still protect your account.  

What happens if I get a new device or replace my phone with the same number?   

If you have a new phone with the same number, you can use the alternate MFA device to authenticate and add your new phone.    

If you have a new number, but still have your old phone you can use that to authenticate, remove your old number, and register your new number.

If you do not have access to your old number or device you will need to contact the IT Service Desk.

Does it cost me money to authenticate with my phone?   

”Push” authentication uses a very small amount of Internet data traffic to function. Text messages and voice calls are sent only when you login and would be billed by your carrier like any other text message or inbound voice call. The Microsoft Authenticator app also works like a token and can generate a passcode, this functionality will not require any data and works even when your smart phone is in airplane mode.

What if I don’t have a data plan on my phone?   

The Microsoft Authenticator app provides options that work without a data plan, a texting plan or even a connection, if necessary. The app can generate the required code without need of either a cell signal or data plan, and it can do so anywhere in the world. If you have a signal and data plan, the app makes two-factor authentication as easy as a pushing a single button, but if you don’t, you can use the app to generate a six digit code and enter that instead. 

What if I don’t have a connection?  

The Microsoft Authenticator app can generate a passcode without a cellular or wireless connection. Alternately, you may use a landline phone if an Internet connection is unavailable.  

Can I use the Microsoft Authenticator app internationally?  

The Microsoft Authenticator app is designed to work internationally. If you install the app, it can generate the required code without need of either a telephone signal or data plan, and it can do this anywhere in the world. If you have a signal and data plan, the app makes two-factor authentication as easy as a pushing a single button, but if you don’t have one of those two things, you can use the app to generate a six digit code and enter that manually. 

Can the system handle international phone numbers?   

Yes, MFA can handle international phone numbers. If entering an international phone number, you can leave a space between country code, city code, and the phone number.

How long will my authentication last?  

Session times are variable per application, for instance Admin Banner has a session time out of 4 hours while Webmail will last longer. While the option to remember your credentials is available, this feature is browser, location, and connection based so you will have re-authenticate each time one of those changes. 

If you need further assistance, please place a ticket here: I Need Help , or call the call the IT Service Desk at  (585) 395-5151 Option 1. 

0% helpful - 4 reviews