Passwordless

About

Passwordless authentication methods are more convenient because the complex password is removed from the authentication flow. Instead, you sign in with something you have, and verify with something you are or something you know.

Users can leverage passwordless authentication with Phone Sign-in on the Microsoft Authenticator app as described in this article.

Additional passwordless methods are Security Keys (FIDO2) and Windows Hello.

Something you know

Something you have

Something you are

Something you know

Something you have

Something you are

  1. Password or passphrase (long)

  2. Passcode or PIN (short)

  3. Security questions (weak)

  1. Trusted device

  2. Security key

  3. Hardware token or code generator

  1. Fingerprint

  2. Face

  3. Retina

When will I need to use my UNW password?

A password may be required on certain systems that have not yet been converted to use passwordless methods. Some examples include:

  • Registering a device on the UNW Wi-Fi (rx.unwsp.edu)

  • Printing through Papercut (print.unwsp.edu)

  • Accessing UNW Windows & Mac labs or classroom carts.

  • Accessing virtual machines within VMware Horizon (vws.unwsp.edu)

  • Accessing virtual machine terminals (located in library & dorms)

  • Accessing library database resources (login.ezproxy.unwsp.edu)


Important security reminders

  • Never approve a login request you did not initiate.

  • Always confirm you are at a UNW login page before entering a password. The most important one to remember is: login.microsoftonline.com

  • UNW staff will never ask for your account password.

  • If you suspect your account is compromised, such as repeatedly requesting codes/approval: decline the requests and contact IT immediately.


Microsoft Authenticator: Phone Sign-in

Example phone sign-in prompt

Prerequisites for Phone Sign-in

  • Install and setup the Microsoft Authenticator app.

  • Your phone must have a screen lock PIN or biometric (fingerprint or face) enabled to secure the device.

  • Android devices: Only one passwordless account is allowed in the Authenticator app.

No mobile phone?

You can also use an iOS / Android tablet that supports Microsoft Authenticator or a Security key.

See Security Keys (FIDO2) for more.

Turn on Phone Sign-in

  1. Open the Microsoft Authenticator app.

  2. Tap your UNW account to view more details.

  3. Choose the option Enable phone sign-in.

  4. Tap Continue to register the device with UNW.

  5. Enter your password, tap Sign in.

  6. Tap Register.

  7. Once the registration completes, tap Continue.

Registering your mobile phone does not allow UNW or Microsoft any control over the device.
The registration records information about the device software version, who it is registered to, and establishes secure information to be used for sign-ins.

Enable phone sign-in - visual steps

Using Phone sign-in for login

During sign in, you are normally asked for the last method you used, which is commonly a password.
You may need to change the method the first time you wish to use Phone Sign-in or after using a different method somewhere else.

  1. Enter your username if it is not already populated, choose Next.

  2. If you are prompted for your password, choose Other ways to sign in or Use the App instead.

    1. Select the option Approve a request on my Microsoft Authenticator app.

  3. Open the Microsoft Authenticator app to enter the number displayed, then tap Yes.