Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

About

Multifactor authentication (MFA) is all about protecting your account from unauthorized access. Because passwords can be easily stolen or ‘phished’, it’s important to add layers of protection through the use of multiple forms of account verification.

If you haven’t already, check out the Getting started with Microsoft Authenticator and Passwordless articles to help you secure your account and sign in without a password.

Table of Contents
minLevel1
maxLevel2
outlinefalse
typelist
printablefalse

Frequently Asked Questions

What are my options for multifactor authentication?

Expand

Microsoft Authenticator app

This is the best option for most students, and it is recommended by UNW IT. Using your mobile phone or tablet, you can easily sign in without a password, use multifactor codes when you don’t have Wi-Fi or cell coverage, and reset your password if needed, all from the app!
Check out Getting started with Microsoft Authenticator to learn more.

Panel
panelIconId1f4f5
panelIcon:no_mobile_phones:
panelIconText📵
bgColor#DEEBFF

Students without a mobile device to install the Microsoft Authenticator app will be provided with a security key. Contact the IT Service Desk to request one.

Third party authenticator apps (described below) may also be a good option.

Authenticator Lite (Outlook Mobile)

If you already have Outlook Mobile installed on your mobile device, you can use it to approve sign in attempts similar to the Microsoft Authenticator app. Authenticator Lite does not support sign in context information (application name or location), passwordless phone sign-in, or push notifications for password reset. You can learn more about setting up Authenticator Lite here: https://support.microsoft.com/en-us/topic/authenticate-with-outlook-mobile-a57026c0-26af-4d17-bf84-d9ec637efda1

Third party authenticator app

If you prefer to use another authenticator app that supports standard multifactor codes (a.k.a. time-based one-time password or TOTP), these are also supported for UNW accounts. Here are a few examples, though there are many others: /wiki/spaces/IKB/pages/279445639.

You can register these methods by choosing the Authenticator app option when you are setting up your authentication methods, then selecting I want to use a different authenticator app during the setup process. Visit https://aka.ms/mysecurityinfo to get started.

Security key

Security keys (i.e. FIDO2) provide an easy-to-use sign-in experience by replacing passwords with strong multifactor authentication. The security key contains your sign-in credential and is protected with a second factor such as a fingerprint or PIN.

These USB or NFC devices can be transported and connected to the device you are signing into when needed. If you already own one, you can set it up as a UNW authentication method detailed here: https://unw.atlassian.net/wiki/spaces/ITSKB/pages/205029635/Passwordless#FIDO2-Security-Keys.

Hardware token

Hardware tokens are dedicated devices that generate codes like authenticator apps. As an alternative to security keys, hardware tokens may be issued by UNW IT to students who do not have a mobile device that supports authenticator apps or where FIDO2 security keys are otherwise not supported.

What about voice call or SMS methods?

Expand

Multifactor methods that use voice call or SMS text messages are certainly better than no MFA; however, these methods are considered weaker than those listed previously. Support for voice/text methods is also decreasing from vendors in favor of stronger MFA or passwordless methods.

At this time, UNW IT will only grant the use of these methods when no other option is available.

What is the backup email used for?

Expand

The backup email is only used for receiving a one-time code during self-service password reset (SSPR). Registering a backup email allows you to reset your UNW password in case you also lose your primary multifactor authentication method, or the primary method is not supported for SSPR (such as FIDO2 Security keys). The backup email must be a non-UNW email address. It should be protected with a strong passphrase and multifactor authentication (or passwordless) wherever possible.

I forgot my multifactor today, what do I do?

Expand

If you get to class and realize you left your multifactor method at home, the IT Service Desk can help! Stop by Riley or call in to get a temporary access code for the day.

My multifactor device was lost/broken, help!

Expand
Tip

Keep your account secure by having current backup methods and removing methods you no longer have.

If you have a second multifactor method available, login to https://mysignins.microsoft.com/security-info to remove the lost/broken method from your list. You can also add your replacement method while you are there, just click + Add a sign-in method.

If you don’t have any multifactor methods available, contact the IT Service Desk to get a temporary method to help you login and setup your replacement.

I just got a new device, how do I set it up?

Expand
Panel
panelIconId1f4f2
panelIcon:calling:
panelIconText📲
bgColor#DEEBFF

Did you know? You can back up the Microsoft Authenticator app and restore it on your new device. You can learn more here: https://support.microsoft.com/en-us/account-billing/back-up-and-recover-account-credentials-in-the-authenticator-app-bb939936-7a8d-4e88-bc43-49bc1a700a40

If you have a second multifactor method available, login to https://mysignins.microsoft.com/security-info to remove the old device from your list, if you haven’t already. Then, add your new device by clicking + Add a sign-in method.

If you don’t have any multifactor methods available, contact the IT Service Desk to get a temporary method to help you login and setup your new device.

I’m going to be without cell service, can I still login?

Expand

If you are on a plane (in-flight Wi-Fi) or in a country where your cell carrier is not supported, all default methods can verify your account without cell carrier service.

Microsoft Authenticator (tick)

If you already have the Microsoft Authenticator app as a registered method, the TOTP codes are already generated and can be used without cell service. Simply tap the account in the app to reveal the code.

Software/Hardware codes or Security keys (tick)

Any of these methods can be used without cell service.

SMS/Voice call (error)

If your only multifactor authentication method requires cell service, contact the IT Service Desk to get a temporary method setup before you leave.

Why don’t I see a notification when I’m trying to sign in?

Expand

In order to reduce the risk of fraudulent sign-in attempts, the Microsoft Authenticator app will not notify you when signing into your account from an unusual location.

Additional checks, such as notifications settings are outlined in https://support.microsoft.com/en-us/account-billing/troubleshoot-problems-using-microsoft-authenticator-a3a74493-566b-4c2e-b949-a2789bac0fd3

Someone else changed my password or multifactor authentication.

Panel
panelIconId1f6e1
panelIcon:shield:
panelIconText🛡️
bgColor#DEEBFF

Contact the IT Service Desk right away if you suspect unauthorized access to your account.

Tip

Not finding the answer you’re looking for?

Contact the IT Service Desk for support and advice on multifactor authentication.