Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

About

Passwordless authentication methods are more convenient because the complex password is removed from the authentication flow. Instead, you sign in with something you have, and verify with something you are or something you know.

Students at UNW can leverage passwordless authentication with Phone Sign-in on the Microsoft Authenticator app or FIDO2 security keys as shown described in this article.

Something you know

Something you have

Something you are

  1. Password or passphrase (long)

  2. Passcode or PIN (short)

  3. Security questions

  1. Trusted mobile device or computer

  2. Security key

  3. Hardware token or code generator

  1. Fingerprint

  2. Face

  3. Retina

When will I need to use my UNW password?

A password may be required on certain systems that have not yet been converted to use passwordless methods. Some examples include:

  • Registering a device on the UNW Wi-Fi (rx.unwsp.edu)

  • Printing through Papercut (print.unwsp.edu)

  • Accessing UNW Windows & Mac computer labs

  • Accessing virtual machines through within VMware Horizon (vws.unwsp.edu)

  • Accessing virtual machine terminals (located in library & dorms)

  • Accessing UNW sites that use the ADFS login portal (adfs.unwsp.edu)

  • Accessing library database resources (login.ezproxy.unwsp.edu)

  • Accessing VoiceThread recording software (unwsp.voicethread.com)

Table of Contents

Panel
panelIconId1f512
panelIcon:lock:
panelIconText🔒
bgColor#C0B6F2

Important security reminders

  • Never approve a login request you did not initiate.

  • Always confirm you are at a UNW login page before entering a password. The most important one to remember is: login.microsoftonline.com

  • UNW staff will never ask for your account password.

  • If you suspect your account is compromised, such as repeatedly requesting codes/approval: decline the requests and contact IT immediately.


Microsoft Authenticator: Phone Sign-in

Prerequisites for Phone Sign-in

Panel
panelIconId1f4f5
panelIcon:no_mobile_phones:
panelIconText📵
bgColor#F4F5F7

No mobile phone?

You can also use a FIDO2 security key or an iOS / Android tablet that supports Microsoft Authenticator.

Turn on Phone Sign-in

  1. Open the Microsoft Authenticator app.

  2. Tap your UNW account to view more details.

  3. Choose the option Enable phone sign-in.

  4. Tap Continue to register the device with UNW. (info)

  5. Enter your password, tap Sign in.

  6. Tap Register.

  7. Once the registration completes, tap Continue.

Info

Registering your mobile phone does not allow UNW or Microsoft any control over the device.
The registration records information about the device software version, who it is registered to, and establishes secure information to be used for sign-ins.

First time login process

  1. Enter your username if it is not already populated, choose Next.

  2. If you are prompted for your password, choose Other ways to sign in.

  3. Select the option Approve a request on my Microsoft Authenticator app.

  4. Open the Microsoft Authenticator app to enter the number displayed, then tap Yes.

Tip

The passwordless phone sign-in will be used the next time you need to authenticate.

You can always choose an alternative method by clicking Other ways to sign in.

FIDO2

Security Keys (FIDO2)

Fast Identity Online (FIDO) represents hundreds of organizations from various industries on a joint mission to replace passwords with an easy-to-use strong credential.The resultingFIDO2 hardware security key reduces the ability of attackers to complete phishing attacks and is shown to both reduce sign-in complexity and increase security. It provides a streamlined user sign-in experience by replacing passwords with strong multifactor authentication. The FIDO2 hardware security key holds your credential and is protected with a second factor such as a fingerprint or PIN.

Setup a Security Key

Panel
panelIconId2699
panelIcon:gear:
panelIconText⚙️
bgColor#DEEBFF

Setting up a security key requires an existing multifactor method. If you don’t have any options available, contact the IT Service Desk to have a temporary method setup to register your security key.

Expand
titleWindows 10/11
  1. Visit https://aka.ms/mysecurityinfo to register your

FIDO2
  1. security key.

  2. Select Add Method, then select Security key.

Image Removed
    1. Image Added
  1. If you do not already have another method registered, you’ll need to provide more information. Follow the prompts, then return to set up your

FIDO2
  1. security key.

  2. Select the type of security key that you have.

Image Removed
    1. Image Added
  1. Read the instructions on the Security key screen, then select Next.

    1. Image Added
  2. You may be prompted to scan a QR code to setup a passkey. Use the options to go back and choose external or hardware security key.

Image Removed
    1. Microsoft Edge:

      1. Click Use a different device

      2. Image Added
      3. Click Windows Hello or external security key

      4. Image Added
    2. Google Chrome

      1. Click Back

      2. chrome_passkey_setup1.pngImage Added
      3. Click Use an external security key

      4. chrome_passkey_setup2.pngImage Added

  1. On the Security key setup screen, select OK to accept.

Image Removed
    1. Image Added
  1. Read the instructions on the Continue setup screen, then select OK.

    1. Image Added
  2. Perform the required steps depending on the type of key that you have.

    1. Image Added

    2. Image Added
  3. On the Security key screen, provide the name of your security key, then select Next.

Image Removed
    1. Image Added
  1. After you’re all set up, you’ll see a confirmation screen. Select Done. Congratulations!

Expand
titlemacOS & Linux
Panel
panelIconId1f511
panelIcon:key:
panelIconText🔑
bgColor#DEEBFF

In order to setup a security key: you must use Chrome or Edge on macOS, or Chrome on Linux. ChromeOS is not supported for the first-time setup.

  1. Visit https://aka.ms/mysecurityinfo to register your security key.

  2. Select Add Method, then select Security key.

    1. Image Added
  3. If you do not already have another method registered, you’ll need to provide more information. Follow the prompts, then return to set up your security key.

  4. Select the type of security key that you have.

    1. Image Added
  5. Read the instructions on the Security key screen, then select Next.

    1. Image Added
  6. If you don’t have a PIN or fingerprint protecting your security key, set one up. Click Next.

    1. Image Added
  7. Perform the required steps depending on the type of key that you have

.
  • Image Removed

  • Image Removed
    1. . Usually touching the key.

      1. Image Added

    2. Allow Microsoft login to see the make and model of the security key.

      1. Image Added

    3. On the Security key screen, provide the name of your security key, then select Next.

    Image Removed
      1. Image Added
    1. After you’re all set up, you’ll see a confirmation screen. Select Done. Congratulations!

    Managing

    security keys

    Security Keys

    Expand
    titleWindows 10/11

    You can manage your FIDO2 security keys from your Windows 10/11 computer settings.

    1. Navigate to Settings > Accounts > Sign-in options, then select Manage.

      1. Image RemovedImage Added
    2. Follow the prompts to authenticate your security key (PIN or fingerprint scan).

    3. You can add/remove a fingerprint, change your security key PIN, and reset your security key. Select an option and follow the prompts.

      1. Image RemovedImage Added
    Expand
    titlemacOS & Linux

    If you are using macOS or Linux, you can manage your FIDO2 security keys using the tools integrated into the latest Chromium based browsers, such as Google Chrome or Microsoft Edge.

    You can copy this URL or follow the steps below: chrome://settings/securityKeys

    1. Open Google Chrome

    2. Go to Settings

    3. Click on Privacy and security

    4. Scroll down and click on Security

    5. Scroll down and click on Manage security keys

    Now you can add/remove fingerprints, change your security key PIN, and reset your security key.

    Supported Security Keys

    • FIDO2 WebAuthN (tick)

    • FIDO U2F Only (error)

    Look for Microsoft Entra (Azure) support in your key provider's documentation. A list of compatible manufacturers is available from Microsoft here: https://learn.microsoft.com/en-us/entra/identity/authentication/concept-fido2-hardware-vendor#current-partners

    Supported Browsers

    Panel
    panelIconId1f511
    panelIcon:key:
    panelIconText🔑
    bgColor#DEEBFF

    In order to setup a security key: you must use any browser on Windows; Chrome or Edge on macOS; or Chrome on Linux. Android and ChromeOS are not supported for the first-time setup.

    Chrome

    Edge

    Firefox

    Safari

    Windows

    N/A

    macOS

    ChromeOS

    N/A

    N/A

    N/A

    Linux

    N/A

    iOS

    Android

    N/A

    Learn more about FIDO2 compatibility here: https://learn.microsoft.com/en-us/azureentra/active-directoryidentity/authentication/concept-fido2-compatibility