- Created by Lucas T, last modified on Mar 13, 2024
You are viewing an old version of this page. View the current version.
Compare with Current View Page History
« Previous Version 9 Next »
About
Multifactor authentication (MFA) is all about protecting your account from unauthorized access. Because passwords can be easily stolen or ‘phished’, it’s important to add layers of protection through the use of multiple forms of account verification.
If you haven’t already, check out the Getting started with Microsoft Authenticator and Passwordless articles to help you secure your account and sign in without a password.
Frequently Asked Questions
What are my options for multifactor authentication?
Microsoft Authenticator app
This is the best option for most students, and it is recommended by UNW IT. Using your mobile phone or tablet, you can easily sign in without a password, use multifactor codes when you don’t have Wi-Fi or cell coverage, and reset your password if needed, all from the app!
Check out Getting started with Microsoft Authenticator to learn more.
Students without a mobile device to install the Microsoft Authenticator app will be provided with a security key. Contact the IT Service Desk to request one.
Third party authenticator apps (described below) may also be a good option.
Authenticator Lite (Outlook Mobile)
If you already have Outlook Mobile installed on your mobile device, you can use it to approve sign in attempts similar to the Microsoft Authenticator app. Authenticator Lite does not support sign in context information (application name or location), passwordless phone sign-in, or push notifications for password reset. You can learn more about setting up Authenticator Lite here: https://support.microsoft.com/en-us/topic/authenticate-with-outlook-mobile-a57026c0-26af-4d17-bf84-d9ec637efda1
Third party authenticator app
If you prefer to use another authenticator app that supports standard multifactor codes (a.k.a. time-based one-time password or TOTP), these are also supported for UNW accounts. Here are a few examples, though there are many others: /wiki/spaces/IKB/pages/279445639.
You can register these methods by choosing the Authenticator app option when you are setting up your authentication methods, then selecting I want to use a different authenticator app during the setup process. Visit https://aka.ms/mysecurityinfo to get started.
Security key
Security keys (i.e. FIDO2) provide an easy-to-use sign-in experience by replacing passwords with strong multifactor authentication. The security key contains your sign-in credential and is protected with a second factor such as a fingerprint or PIN.
These USB or NFC devices can be transported and connected to the device you are signing into when needed. If you already own one, you can set it up as a UNW authentication method detailed here: https://unw.atlassian.net/wiki/spaces/ITSKB/pages/205029635/Passwordless#FIDO2-Security-Keys.
Hardware token
Hardware tokens are dedicated devices that generate codes like authenticator apps. As an alternative to security keys, hardware tokens may be issued by UNW IT to students who do not have a mobile device that supports authenticator apps or where FIDO2 security keys are otherwise not supported.
What about voice call or SMS methods?
Multifactor methods that use voice call or SMS text messages are certainly better than no MFA; however, these methods are considered weaker than those listed previously. Support for voice/text methods is also decreasing from vendors in favor of stronger MFA or passwordless methods.
At this time, UNW IT will only grant the use of these methods when no other option is available.
What is the backup email used for?
The backup email is only used for receiving a one-time code during self-service password reset (SSPR). Registering a backup email allows you to reset your UNW password in case you also lose your primary multifactor authentication method, or the primary method is not supported for SSPR (such as FIDO2 Security keys). The backup email must be a non-UNW email address. It should be protected with a strong passphrase and multifactor authentication (or passwordless) wherever possible.
I forgot my multifactor today, what do I do?
If you get to class and realize you left your multifactor method at home, the IT Service Desk can help! Stop by Riley or call in to get a temporary access code for the day.
My multifactor device was lost/broken, help!
Keep your account secure by having current backup methods and removing methods you no longer have.
If you have a second multifactor method available, login to https://mysignins.microsoft.com/security-info to remove the lost/broken method from your list. You can also add your replacement method while you are there, just click + Add a sign-in method.
If you don’t have any multifactor methods available, contact the IT Service Desk to get a temporary method to help you login and setup your replacement.
I just got a new device, how do I set it up?
Did you know? You can back up the Microsoft Authenticator app and restore it on your new device. You can learn more here: https://support.microsoft.com/en-us/account-billing/back-up-and-recover-account-credentials-in-the-authenticator-app-bb939936-7a8d-4e88-bc43-49bc1a700a40
If you have a second multifactor method available, login to https://mysignins.microsoft.com/security-info to remove the old device from your list, if you haven’t already. Then, add your new device by clicking + Add a sign-in method.
If you don’t have any multifactor methods available, contact the IT Service Desk to get a temporary method to help you login and setup your new device.
I’m going to be without cell service, can I still login?
If you are on a plane (in-flight Wi-Fi) or in a country where your cell carrier is not supported, all default methods can verify your account without cell carrier service.
Microsoft Authenticator
If you already have the Microsoft Authenticator app as a registered method, the TOTP codes are already generated and can be used without cell service. Simply tap the account in the app to reveal the code.
Software/Hardware codes or Security keys
Any of these methods can be used without cell service.
SMS/Voice call
If your only multifactor authentication method requires cell service, contact the IT Service Desk to get a temporary method setup before you leave.
Why don’t I see a notification when I’m trying to sign in?
In order to reduce the risk of fraudulent sign-in attempts, the Microsoft Authenticator app will not notify you when signing into your account from an unusual location.
Additional checks, such as notifications settings are outlined in https://support.microsoft.com/en-us/account-billing/troubleshoot-problems-using-microsoft-authenticator-a3a74493-566b-4c2e-b949-a2789bac0fd3
Someone else changed my password or multifactor authentication.
Contact the IT Service Desk right away if you suspect unauthorized access to your account.
Not finding the answer you’re looking for?
Contact the IT Service Desk for support and advice on multifactor authentication.
Call (651) 631-5699 (available 24/7).
Email servicedesk@unwsp.edu.
Visit us in Riley Hall 0106 during regular hours.
Additional Microsoft Authenticator questions may be answered here:
https://support.microsoft.com/en-us/account-billing/common-questions-about-the-microsoft-authenticator-app-12d283d1-bcef-4875-9ae5-ac360e2945dd
- No labels