The following list of FAQ’s will be updated as more questions are asked. If you don’t see your question here please email the email@example.com with your question.
Multi-factor Authentication (MFA) FAQ’s
Multi-factor authentication (MFA) is when you use more than one method to authenticate to an application. You already use one factor, your password. Other factors could include a code texted to your phone, an app on your phone, a special token or a voice message to your phone. This prevents unauthorized access to your account even if your password was compromised. Although MFA is not a complete guarantee against unauthorized access, it is vastly better than just using a password. It is said to reduce an organizations risk of a cyber attack by 99.9%.
After MFA is set up, you will have to use it when accessing Office 365, including Outlook (if you have Office 365 email), myMount, and the Intranet, from off campus or via MSVU wireless. You can choose to trust the device (such as your phone or home PC) for 60 days, so you will only get prompted for the second factor every two months on that device.
The Mount offers MFA for your Office 365 accounts. This includes all Office 365 apps like OneDrive, Outlook, Sway, Stream, SharePoint online (including myMount and the Intranet), and so forth. MFA is not currently available for on-premise SharePoint, non-Office 365 email accounts, Colleague, Moodle, nor WebAdvisor. Authentication by email address nor USB key is currently not yet available in Office 365.
Typically, web applications are protected with a username and password only (single-factor). This leaves sensitive data and applications vulnerable to a variety of common attacks. As MSVU adopts more online cloud applications, addressing these threats becomes critical. Unlike older desktop applications, cloud applications are accessible to anyone online. MFA is designed to protect you against attacks that rely on stealing your single-factor credentials. With MFA, someone knowing your password isn’t enough to grant them access your account.
As we’ve shifted towards using more online applications, there has been a major increase in both the volume and complexity of cyber-attacks against MSVU accounts. The need to strengthen our systems and credentials is critically important to combat the increasingly regular campaigns designed to obtain the passwords of MSVU faculty, staff and students.
No. The transition to MFA is minimally disruptive. IT&S is here to support you through this change and help you resolve any issues and answer any questions or concerns you may have.
The first time you log in from a device you will be prompted to confirm your identify via your second factor, you can then choose to trust the device (your office PC, home computer or phone) and you will not be prompted again for 60 days.
When using Apps that access your Office 365 account, such as desktop or mobile installs of Outlook, Teams or OneDrive, you will receive an MFA authentication request. This will only happen the first time the App attempts to perform a sync with MFA. Once your devices and Apps are synced you will not be prompted again for 60 days.
The following applications will require MFA:
- Microsoft Office 365 applications. For most individuals, this is Outlook, OneDrive and MS Teams, Yammer, Sway.
There are two MFA options that will work for you if you do not have a mobile device.
- a land line can be used for MFA.
- upon request, MSVU can issue you a hardware token to be used for MFA.
Yes. Although your personal device should not be used for working from home, you can use it to retrieve MFA codes. Using a personal device to authenticate, is more like using your device to get you to work, rather than using it for work. Similar to how you would use a personal car to get to work, but not for work.
If you are travelling for work or vacation and need to access your MSVU account, you will need to have your second factor with you (phone or token). If you have a smart phone you can use the Microsoft Authenticator App on your smart phone regardless of whether it is connected to WiFi or data, alternatively MSVU can issue you a hardware token for use with MFA.
By installing the Microsoft Authenticator App on your smart phone you will have access to MFA codes regardless of your access to WiFi or data.
Alternatively MSVU can issue you a hardware token for use with MFA.
Devices such as tablets that run iOS or Android that can access the Apple app store or Playstore respectively, should be able to run the Microsoft Authenticator App. You will need WiFi or equivalent to download the Microsoft Authenticator app AND connect to https://aka.ms/MFASetup to add your device/authenticator. After you have setup MFA on the device, you would just need wireless on the device to get the app notification and to click “Approve”. Alternatively, you can click on that account in authenticator and it will provide you a one-time password code to use. Please note that you can have more than one authenticator setup for an account, say an Android and an iOS device, but both (all) devices will get the MFA notification, even though you only need to click “Approve” on one.
The Microsoft Authenticator app and the approve function is the simplest way to use MFA, but there may be occasions where you cannot use the app that way.
The Microsoft authenticator can also provide a one-time code, as such, it does not even need cell or wifi coverage.
Login to myMount or office 365 as normal, on the “Approve sign in request” screen, click on “I can’t use my Microsoft Authenticator app right now”
You will be presented with a screen showing “Verify your identity” that shows your set up MFA options. You may be able to choose another option like txt or call, or go ahead and select “Use a verification code”
Open the Microsoft authenticator app, click on the Mount Saint Vincent University entry. If you have more than one entry, click on the correct account.
The screen will show a six digit code with a little 30 second count down timer. Tip, if the timer is low, wait until the code/timer refreshes and use the new code.
Enter that code on the login page, you can then also select “Don’t ask again for 60 days” before clicking verify to remember the device and reduce the number of times you are asked for MFA.