Multi-Factor Authentication (MFA)
Multi-Factor Authentication (MFA, also known as 2-step authentication or 2SA) is an industry standard that adds a second layer of security to help prevent anyone other than you from accessing your sensitive information. This is accomplished using two types of authentication to verify your identity when logging into a system - something you know (username\password) and something you have (phone or a token). This helps prevent someone from logging in to your account, even if they know your password.
Why is this important?
Passwords can be stolen or compromised through phishing, cracking, guessing, or malware. Kutztown has seen a sharp rise on the number of attempts to steal user credentials over the last few years. Stolen credentials are often used to access and acquire data, send out SPAM, and to trick others by sending email from a trusted account.
What are the options for MFA?
- The Microsoft Authenticator App as the easiest and quickest way to verify your account. This app works well in areas that do not provide good cellular or wireless service. Click here for instructions on setting up and using Microsoft Authenticator.
- Text message (SMS)
- Phone call
- Hardware token
KU IT recommends using a PIN, swipe, or biometrics to login to your phone to protect access to your second factor authentication method.
Frequently Asked Questions (FAQs)
What is number matching?
Number Matching will now be used with Push notifications. Number Matching is an industry standard protection used to protect against fraudulent MFA login attempts.
After entering your username and password a 2-digit number will be displayed that must be entered into the Microsoft Authenticator App on your mobile device.
MFA fatigue attacks, also known as MFA bombing attacks, are the number one reason way attackers gain access to compromised accounts. When the adversary has the correct Username and Password, they will continue to try to access the account until the account owner accidentally accepts MFA.
Do I need a smartphone?
No, if you do not have a smart phone or do not wish to install the Microsoft Authenticator app on your phone, you can use text messages, phone calls, or a hardware token to receive passcodes. If you would like to learn more about hardware tokens, please contact the IT Help Center.
How long does it take to set up?
Setting up MFA for the first time only takes about 2-3 minutes.
Will I need to use MFA every time I login?
Multi-Factor Authentication policies are developed to balance the safety and security of the University with availability to University resources. Depending on the type of resource you are accessing and your location, MFA may only need to be used occasionally.
What if my phone is stolen?If your phone is missing or stolen, contact the IT Help Center immediately. Your phone can be removed and temporary access can be granted until the phone is replaced.
How can I use MFA if I don't have a good cell phone signal or WiFi?
If you have WiFi, but no cellular signal, the Microsoft Authenticator app will still receive push notifications and number matching prompts. If there is no WiFi or cellular signal, using Microsoft Authenticator app can generate timed passcodes to use when signing in.
What if my phone is broken or needs to be replaced?
KU IT Help Center can help you bypass MFA or issue a temporary security token until your phone is replaced.
I got a new phone with the same number. What should I do?
If your phone has been replaced, but you have the same phone number, log in to the Microsoft Authentication Portal to re-register your Microsoft Authenticator app on your new phone. Please note that MFA will still work with text and phone call options.
- Login here to re-register your new phone with the Microsoft Authenticator app.
- When asked to Approve sign in request, select Sign in another way and Text or Call.
- Select Set up Authenticator app and follow the instructions
What if I am traveling out of the country?
The Microsoft Authenticator app provides 6-digit passcodes that work while you are in areas that have little or no connectivity. If a smartphone with the Authenticator app is not an option, you can request a security token from the IT Help Center before your departure.