Multifactor Authentication (MFA) FAQ

Summary

Frequently asked questions on multifactor authentication (MFA) for Camosun College

Body

What is Multifactor Authentication or MFA?

MFA is an extra sign-in step after typing in your username and password to gain access to your account. This extra verification step can occur by text or phone call and will only prompt you when working from a personal device or away from campus. This is important because passwords can be stolen by criminals and without a second step, the criminals will have access to everything you do.

Why do I have to use MFA?

Our accounts are connecting us to more apps and services over the internet. At the same time cyberattacks are increasing. Passwords can be stolen or guessed and are proving inadequate to protect our accounts. The additional sign-in methods of MFA significantly reduce the chances that our accounts can be used by cyber criminals even if our password gets compromised. MFA is the new normal level of security that is required.

What different options do I have for MFA?

The easiest way to use MFA is receiving SMS text messages or phone calls. MFA can text you a 6-digit code to verify your sign-in or call your phone for sign-in approval.

There is also an authenticator app that is not tied to your phone number and can be used on WiFi. The app can be installed on smartphones or tablets and can be put on more than one device.

Another more advanced method is to use a USB security key. The key is inserted into the computer or device you are logging into college systems from and will act as a verification method.

Can I use the Security questions for MFA?

Security questions are used for verification to reset your password if you forget it. They cannot be used as a sign-in method for MFA.

What if I forget my phone and can’t get the MFA prompt?

It is important to set up two or more methods so that if you have trouble with one method, you can use another. For example, having the app on your smart phone but also having your home phone be available in case you lose your smart phone.

Do I have to use my personal phone for MFA?

All employees are required to set up MFA; however, there are different options you can choose. MFA will prompt you for an additional sign-in method when you are using a personal device on or off campus or in certain situations such as connecting with the VPN.

If you are using your personal computer to access work systems, using your personal phone for MFA is the most convenient way to verify that it is you signing in and not a criminal.

If you only work from campus, you can use your office desk phone as a verification method. You won’t be prompted because you are working on a college computer on campus. But if a criminal gets your password, they won’t be able to get in because MFA will call your desk phone which they don’t have access to.

Another more advanced method is to use a USB security key. The key is inserted into the computer or device you are logging into college systems from and will act as a verification method.

What if I don’t have a smart phone?

MFA can also call your landline or non-smart phones to verify it is you signing in. You can also use a USB security key security key if you have one. If you have any questions, please contact the ITS Service Desk for more information.

I only work on campus; do I still need MFA?

MFA should only prompt you when using personal computers to access college systems. If you only work from the office, you can add your office desk phone as a sign-in method. As long as you do not try to log in to a college system from a personal device, MFA will not prompt you. The benefit is that your account will still be protected from criminals trying to log in remotely as you.

When is MFA going to prompt me?

MFA has been set up to prompt you to verify it is you signing in when you are using a personal computer or device. MFA may prompt you in certain circumstances when signing in off campus, such as when using the college VPN.

When accessing College services from the internet or through personal devices MFA will prompt you, but that device will then be remembered for an extended period of time, keeping MFA prompts to a reasonable amount.

How often is MFA going to prompt me?

We have intentionally set up MFA to prompt you as few times as possible. We want to differentiate you signing in from a criminal trying to sign in as you.

With college-issued laptops and desktops, the chance of a criminal having that computer and having stolen your password is very slight. MFA should not prompt you on college-issued computers.

When you sign in with a personal device, MFA prompts you the first time and then remembers that device for 90 days (about 3 months). It is unlikely that a criminal will have access to your personal computer and know your password during those 90 days.

Can I use MFA for home use?

While MFA for Camosun College is specific to our organization, the principles and methods are the same for any online service that offers it. You can use the same phone numbers and authentication apps for many different services. For example, you can use the same Microsoft Authentication app to add a verification sign-in method for work and also to protect your Amazon account.

How do I know MFA is working for me?

Because MFA has been set up to be minimally impactful, it may seem like it isn’t working. If you have any questions, please contact the ITS Service Desk for more information.

How do I change which device I use for MFA?

You can add, remove and change your sign-in methods here:

https://mysignins.microsoft.com/security-info

If you have any questions, please contact the ITS Service Desk for more information.

Details

Details

Article ID: 5665
Created
Wed 5/10/23 1:20 PM
Modified
Thu 6/1/23 4:51 PM