Middlebury

Difference between revisions of "Multi-Factor Authentication"

Line 68: Line 68:
  
 
 
 
 
 +
  
  

Revision as of 15:59, 5 June 2019

If you are unfamiliar with the concept of multi-factor authentication, visit our overview page to learn more.

What should I do to prepare for MFA?

Check out our readiness info page for details. You'll learn useful tips and find details about how to sign up when you're all set to go.

 


How do I set up MFA?

Upon receipt of your Multi-Factor Authentication sign-up request, ITS will enable MFA on your account, then send you a “Middlebury Multi-Factor Authentication Enrollment” email containing links to Microsoft’s MFA Setup page and our Security Info Quick Setup guide. Follow the instructions presented to set up authentication methods you wish to use with your account.

Important:

  • ITS must first enable MFA on your account before you proceed with the setup!
  • Any device you wish to configure to use MFA must have a working network connection at the time of setup.
  • By clicking the "Set it up now" button, you are activating Multi-Factor Authentication and you must complete the setup process or you may be unable to access your account, including your email.

 

Which MFA setup method should I choose?

Here are descriptions of the most common scenarios, along with our MFA setup recommendations for each one.  Please visit our MFA verification wiki page for additional details about specific options.

Scenario A:  I have a Smartphone -- and I travel internationally and/or travel in areas without cellular coverage.

  • Choose Microsoft's Authenticator app with a code.

This method is recommended when you have a device that supports Microsoft's Authenticator app and you will be in areas without consistent network access. When presented with an MFA challenge you will need to input the code displayed by the Authenticator app to complete your login.

Network access is NOT required for the MS Authentication app to provide you with a code.

 

Scenario B:  I have a Smartphone -- and I rarely travel in areas without cellular coverage.

  • Choose Microsoft's Authenticator app with notifications.

This method is recommended when you have a device that supports Microsoft's Authenticator app and you will be in areas with consistent network access. When presented with an MFA challenge you will need to click Approve on your device to complete your login. Caution! Only click Approve when you have signed into a service you anticipate will trigger an authentication challenge.

Network access cellular or wifi IS required for the MS Authentication app to provide a notification.

 

Scenario C:  I have a Flip or Feature phone.

  • Choose Phone then specify Call or Text.

This method is recommended when you have a device that doesn’t support the Microsoft Authenticator app. When presented with an MFA challenge you will have to receive a phone call then press #, or else receive an SMS text message then enter the provided code, in order to complete your login.

Travel to areas without cellular coverage is not supported by this method.  

 


How do I use MFA once I have it set up?

Once you complete your Multi-Factor Authentication set up, here is what to expect.

When you sign in to an MFA-protected online service (such as webmail) from off-campus or outside of the Middlebury network, you will be prompted to verify your login request using the primary verification option you selected during setup.

  • For example, if you chose the "Notify me through the app" option, you would enter your Middlebury email address and password at the online service’s login screen, then you would receive a notification from the Microsoft Authenticator app on your mobile device prompting you to “Approve" or “Deny” the login request.

Caution!  Only approve verification requests that you initiate!  This is particularly relevant to the "Notify me through app" and "Call my authentication phone" verification options. Imagine an online criminal has your password and is trying to access your account. Once Multi-Factor Authentication has been enabled for your account, this access attempt would generate a login verification request. If you approved this verification request, the criminal would be able to access your account!   Remember, only approve verification requests that you have initiated.

 


How do I adjust my MFA settings if my situation changes?

It's easy to change your multi-factor authentication settings.  Here's how:

  1. Visit [1].  You will receive an MFA challenge.
  2. From the Security Info page, you'll find links that allow you to change or delete methods you set up previously, including your default method for receiving MFA challenges.