Multifactor Authentication FAQs

About

Multifactor authentication (MFA) is all about protecting your account from unauthorized access. Because passwords can be stolen or ‘phished’, it’s important to add layers of protection through the use of multiple forms of account verification.
MFA uses a combination of the following categories:

Something you know

Something you have

Something you are

Something you know

Something you have

Something you are

  1. Password or passphrase (long)

  2. Passcode or PIN (short)

  3. Security questions

  1. Trusted device

  2. Security key

  3. Hardware token or code generator

  1. Fingerprint

  2. Face

  3. Retina

Frequently Asked Questions

What are my options for multifactor authentication?

Microsoft Authenticator app

This is the best option for most users, and it is recommended by UNW IT. Using your mobile phone or tablet, you can easily approve sign in attempts, sign in without a password, generate multifactor codes when you don’t have Wi-Fi or cell coverage, and reset your password if needed, all from the app!
Check out https://unw.atlassian.net/wiki/spaces/IKB/pages/417103945 to get started.

Users without a mobile phone or tablet to install the Microsoft Authenticator app will be provided with an alternative method.

Authenticator Lite (Outlook Mobile)

If you already have Outlook Mobile installed on your mobile device, you can use it to approve sign in attempts similar to the Microsoft Authenticator app. Authenticator Lite does not support sign in context information (application name or location), passwordless phone sign-in, or push notifications for password reset. You can learn more about setting up Authenticator Lite here: https://support.microsoft.com/en-us/topic/authenticate-with-outlook-mobile-a57026c0-26af-4d17-bf84-d9ec637efda1

Third party authenticator app

If you prefer to use another authenticator app that supports standard multifactor codes (a.k.a. time-based one-time password [TOTP]), these are also supported for UNW accounts. Here are a few examples, though there are many others: https://unw.atlassian.net/wiki/spaces/IKB/pages/279445639.

You can register these methods by choosing the Authenticator app option when you are setting up your authentication methods, then selecting I want to use a different authenticator app during the setup process. Visit https://aka.ms/mysecurityinfo to get started.

Windows Hello for Business

UNW Windows 10 & 11 computers that are assigned to individual users can use their Windows Hello PIN or fingerprint as an MFA method. To setup Windows Hello, check out this article:

When you sign in to your UNW account online, choose the option for Face, fingerprint, PIN, or security key.

Security key

Security keys (i.e. FIDO2) provide an easy-to-use sign-in experience by replacing passwords with strong multifactor authentication. The security key contains your sign-in credential and is protected with a second factor such as a fingerprint or PIN. These USB or NFC devices can be transported like physical keys and connected to the device you are signing into when needed. If you have one, you can set it up as a UNW authentication method detailed here: .

Hardware token

Hardware tokens are dedicated devices that generate codes like authenticator apps. As an alternative to security keys, hardware tokens may be issued by UNW IT to users who do not have a mobile device that supports authenticator apps or where FIDO2 security keys are otherwise not supported.

Can I switch from Duo to Microsoft early?

Yes! If you would like to switch your account to use Microsoft MFA instead of Duo, follow this guide: Following these steps will ensure you are only required to use one MFA app and not both!

What about voice call or SMS text methods?

Multifactor methods that use voice call or SMS text messages are certainly better than no MFA at all; however, these methods are considered weaker than those listed previously. Support for voice/text methods is also decreasing from vendors in favor of stronger MFA or passwordless methods. Finally, these methods are less convenient and susceptible to more frequent outages.

At this time, UNW IT will only grant the use of these methods when no other option is available.

How is Microsoft MFA different from Duo?

Overall, the Microsoft MFA suite offers more secure methods and eliminates an additional cost for Duo.
The below table compares the MFA offerings from Microsoft and Duo.

 

Duo

Microsoft

 

Duo

Microsoft

Cost

Additional licensing costs.

Included with campus Microsoft license.

Integration

“Bolt-on” to the Microsoft SSO login.

Inline enrollment and MFA with SSO.

MFA Methods

  • Push notification

  • Code Generator (TOTP)

  • Phone Call

  • Text message

  • Hardware Tokens

  • Security keys

  • Push notification with number matching

  • Code Generator (TOTP)

  • Windows Hello for Business

  • Hardware Tokens

  • Passwordless methods

    • Phone sign-in

    • Security keys

Location

Exempted when on UNW campus or media station networks.

Required at all locations.

What should I do with the Duo Mobile app?

After your account has been migrated to Microsoft, you should no longer need the Duo Mobile app. Certain users may have additional accounts saved in the Duo Mobile app that must be kept or transferred before removing the app. UNW IT recommends that you wait 30 days before deleting the app.

What is the backup email used for?

I forgot my multifactor today, what do I do?

My multifactor device was lost/broken, help!

I just got a new device, how do I set it up?

I’m going to be without cell service, can I still login?

Why don’t I see a notification when I’m trying to sign in?

Why does the Microsoft Authenticator app use my phone unlock method?

Can I use my smart watch?

Someone else changed my password or multifactor authentication.

Contact the IT Service Desk right away if you suspect unauthorized access to your account.

Not finding the answer you’re looking for?

Contact the IT Service Desk for support and advice on multifactor authentication.