Microsoft Authenticator app

This is the best option for most students, and it is recommended by UNW IT. Using your mobile phone or tablet, you can easily sign in without a password, use multifactor codes when you don’t have Wi-Fi or cell coverage, and reset your password if needed, all from the app!
Check out Getting started with Microsoft Authenticator to learn more.

Authenticator Lite (Outlook Mobile)

If you already have Outlook Mobile installed on your mobile device, you can use it to approve sign in attempts similar to the Microsoft Authenticator app. Authenticator Lite does not support sign in context information (application name or location), passwordless phone sign-in, or push notifications for password reset. You can learn more about setting up Authenticator Lite here: https://support.microsoft.com/en-us/topic/authenticate-with-outlook-mobile-a57026c0-26af-4d17-bf84-d9ec637efda1

Third party authenticator app

If you prefer to use another authenticator app that supports standard multifactor codes (a.k.a. time-based one-time password or TOTP), these are also supported for UNW accounts. Here are a few examples, though there are many others: /wiki/spaces/IKB/pages/279445639.

You can register these methods by choosing the Authenticator app option when you are setting up your authentication methods, then selecting I want to use a different authenticator app during the setup process. Visit https://aka.ms/mysecurityinfo to get started. Here are a few examples, though there are many others: Multifactor Alternative Methods.

Security key

Security keys (i.e. FIDO2) provide an easy-to-use sign-in experience by replacing passwords with strong multifactor authentication. The security key contains your sign-in credential and is protected with a second factor such as a fingerprint or PIN.

These USB or NFC devices can be transported and connected to the device you are signing into when needed. If you already own one, you can set it up as a UNW authentication method detailed here: https://unw.atlassian.net/wiki/spaces/ITSKB/pages/205029635/Passwordless#FIDO2-Security-Keys.

Hardware token

Hardware tokens are dedicated devices that generate codes like authenticator apps. As an alternative to security keys, hardware tokens may be issued by UNW IT to students who do not have a mobile device that supports authenticator apps or where FIDO2 security keys are otherwise not supported.

Multifactor methods that use voice call or SMS text messages are certainly better than no MFA; however, these methods are considered weaker than those listed previously. Support for voice/text methods is also decreasing from vendors in favor of stronger MFA or passwordless methods.

At this time, UNW IT will only grant the use of these methods when no other option is available.

The backup email is only used for receiving a one-time code during self-service password reset (SSPR). Registering a backup email allows you to reset your UNW password in case you also lose your primary multifactor authentication method, or the primary method is not supported for SSPR (such as FIDO2 Security keys). The backup email must be a non-UNW email address. It should be protected with a strong passphrase and multifactor authentication (or passwordless) wherever possible.

If you get to class and realize you left your multifactor method at home, the IT Service Desk can help! Stop by Riley or call in to get a temporary access code for the day.

If you have a second multifactor method available, login to https://mysignins.microsoft.com/security-info to remove the lost/broken method from your list. You can also add your replacement method while you are there, just click + Add a sign-in method.

If you don’t have any multifactor methods available, contact the IT Service Desk to get a temporary method to help you login and setup your replacement.

If you have a second multifactor method available, login to https://mysignins.microsoft.com/security-info to remove the old device from your list, if you haven’t already. Then, add your new device by clicking + Add a sign-in method.

If you don’t have any multifactor methods available, contact the IT Service Desk to get a temporary method to help you login and setup your new device.

If you are on a plane (in-flight Wi-Fi) or in a country where your cell carrier is not supported, all default methods can verify your account without cell carrier service.

Microsoft Authenticator

If you already have the Microsoft Authenticator app as a registered method, the TOTP codes are already generated and can be used without cell service. Simply tap the account in the app to reveal the code.

Software/Hardware codes or Security keys

Any of these methods can be used without cell service.

SMS/Voice call

If your only multifactor authentication method requires cell service, contact the IT Service Desk to get a temporary method setup before you leave.

In order to reduce the risk of fraudulent sign-in attempts, the Microsoft Authenticator app will not notify you when signing into your account from an unusual location.

Additional checks, such as notifications settings are outlined in https://support.microsoft.com/en-us/account-billing/troubleshoot-problems-using-microsoft-authenticator-a3a74493-566b-4c2e-b949-a2789bac0fd3

Contact the IT Service Desk right away if you suspect unauthorized access to your account.