Multifactor Authentication (MFA)

What is multifactor authentication?

When you sign into your online accounts - a process we call "authentication" - you're proving to the service that you are who you say you are. Traditionally that's been done with a username and a password. Unfortunately, that's not a very good way to do it. Usernames are often easy to discover; sometimes they're just your email address. Since passwords can be hard to remember, people tend to pick simple ones, or use the same password at many different sites.

That's why almost all online services - banks, social media, shopping and yes, Microsoft 365 too - have added a way for your accounts to be more secure. You may hear it called "Two-Step Verification" or "Multifactor Authentication" but the good ones all operate off the same principle. When you sign into the account for the first time on a new device or application (like a web browser) you need more than just the username and password. You need a second thing - what we call a second "factor" - to prove who you are.

A factor in authentication is a way of confirming your identity when you try to sign in. For example, a password is one kind of factor, it's a thing you know. The three most common kinds of factors are:

Something you know - Like a one time password, or a PIN.
Something you have - Like a smartphone, or a hardware token.
Something you are - Like a fingerprint, or facial recognition.

How does multifactor authentication work?

Let's say you're going to sign into your work or school account, and you enter your username and password. If that's all you need then anybody who knows your username and password can sign in as you from anywhere in the world!

But if you have multifactor authentication enabled, things get more interesting. The first time you sign in on a device or app you enter your username and password as usual, then you get prompted to enter your second factor to verify your identity.

2984712 2.4 4 authenticator

Perhaps you're using the free Microsoft Authenticator app as your second factor. You open the app on your smartphone, it shows you a unique, dynamically created 6-digit number that you type into the site and you're in.

If somebody else tries to sign in as you, however, they'll enter your username and password, and when they get prompted for that second factor they're stuck! Unless they have YOUR smartphone, they have no way of getting that 6-digit number to enter. And the 6-digit number in Microsoft Authenticator changes every 30 seconds, so even if they knew the number you used to sign in yesterday, they're still locked out.

It is also very important that you deny any verification requests that you did not initiate. If you are receiving notifications via sms, phone or the app that you believe to be fraudulent, please make a report.

Don't get locked out of your account!

Multi-factor authentication is dependent on having your second factor available to you where you are and at all times. We highly recommend configuring a back up verification method (i.e an external e-mail) in the scenario that you forget your device at home, you lose it or change numbers. If you are stuck and this is not an option, we still have you covered. Please give our support desk a call for further assistance on resetting your verification methods.

FAQ's

Who is impacted by MFA?

Students, Faculty, Retired Faculty and Staff will be required to MFA by 7/31/2022

What applications or systems are protected by MFA?

For Faculty and Staff:

Microsoft O365

For Students:

Gmail

What are my MFA options?

You will be able to choose a primary and secondary authentication method when you register. ITS recommends using the Microsoft Authenticator App. Secondary authentication methods can include text message verification and phone call verification.

How can I change my MFA options?

You will be able change your MFA options at the start of the MFA program and Curry ITS will provide you with a link. A resources tab will be available where you can find instructions on how to set up each individual option.

What if I forget my mobile device at home?

It may happen that you forget your mobile device at home. You can always use a backup MFA method registered to your account. If that does not resolve your problem, you can contact the Service Desk at Support@curry.edu or call 617-333-2911.

What if I am experiencing other issues with MFA?

For all issues regarding MFA, you can contact the Service Desk at Support@curry.edu or call 617-333-2911.

Why am I getting a verification prompt when updating my methods?

When you start using and managing your verification methods, Microsoft will begin to use the same verification methods to verify your identity when you try to access the "MySecurity" page. This Multi-factor requirement is applied by default from Microsoft and only towards your security settings page.

How often will I be prompted for MFA?

Browser sessions: Per each new session. You can have multiple tabs opened, but you only need to satisfy MFA once under the same browser session. Going to a new computer or different browser will prompt you again.

Applications: Outlook, Teams, OneDrive and other office applications may prompt you within 30 days from your last successful verification. This only applies to installed computer apps and not browser apps.

What if I do not have a mobile device?

MFA supports external e-mails for verification which may be accessed via a web browser. If applicable, setting up a call to your office number is an ideal back up as well. We recommend always having two methods configured.