Microsoft Authenticator app

This is the best option for most students, and it is recommended by UNW IT. Using your mobile phone or tablet, you can easily sign in without a password, use multifactor codes when you don’t have Wi-Fi or cell coverage, and reset your password if needed, all from the app!
Check out https://unw.atlassian.net/wiki/spaces/ITSKB/pages/205389981 to learn more.

Authenticator Lite (Outlook Mobile)

If you already have Outlook Mobile installed on your mobile device, you can use it to approve sign in attempts similar to the Microsoft Authenticator app. Authenticator Lite does not support sign in context information (application name or location), passwordless phone sign-in, or push notifications for password reset. You can learn more about setting up Authenticator Lite here:

Third party authenticator app

If you prefer to use another authenticator app that supports standard multifactor codes (a.k.a. time-based one-time password or TOTP), these are also supported for UNW accounts. Here are a few examples, though there are many others: .

You can register these methods by choosing the Authenticator app option when you are setting up your authentication methods, then selecting I want to use a different authenticator app during the setup process. Visit https://aka.ms/mysecurityinfo to get started.

Security key

Security keys (i.e. FIDO2) provide an easy-to-use sign-in experience by replacing passwords with strong multifactor authentication. The security key contains your sign-in credential and is protected with a second factor such as a fingerprint or PIN.

These USB or NFC devices can be transported and connected to the device you are signing into when needed. If you already own one, you can set it up as a UNW authentication method detailed here: .

Hardware token

Hardware tokens are dedicated devices that generate codes like authenticator apps. As an alternative to security keys, hardware tokens may be issued by UNW IT to students who do not have a mobile device that supports authenticator apps or where FIDO2 security keys are otherwise not supported.

Multifactor methods that use voice call or SMS text messages are certainly better than no MFA; however, these methods are considered weaker than those listed previously. Support for voice/text methods is also decreasing from vendors in favor of stronger MFA or passwordless methods.

At this time, UNW IT will only grant the use of these methods when no other option is available.

The backup email is only used for receiving a one-time code during self-service password reset (SSPR). Registering a backup email allows you to reset your UNW password in case you also lose your primary multifactor authentication method, or the primary method is not supported for SSPR (such as FIDO2 Security keys). The backup email must be a non-UNW email address. It should be protected with a strong passphrase and multifactor authentication (or passwordless) wherever possible.

If you get to class and realize you left your multifactor method at home, the IT Service Desk can help! Stop by Riley or call in to get a temporary access code for the day.

If you have a second multifactor method available, login to https://mysignins.microsoft.com/security-info to remove the lost/broken method from your list. You can also add your replacement method while you are there, just click + Add a sign-in method.

If you don’t have any multifactor methods available, contact the IT Service Desk to get a temporary method to help you login and setup your replacement.