Est. Time to read: 7 minutes
Quick Links
About MFA
Setting Up MFA
Set up using the Microsoft Authenticator App (recommended)
Change, add, or delete MFA verification method
Rationale
Using plain passwords, even secure ones, are often not enough to keep your account secure. There has been a significant rise in sophisticated phishing attempts that can dupe even the most security-conscious users. Even strong passwords can be accidentally given away to a bad actor (bad guys or computers on the internet) without the user's knowledge.
Definition
MFA is simply an additional step necessary to log in to a system. This process can include a one-time password or code sent via email, a text message, or a voice phone call. As a fourth method, SEBTS recommends using an "authenticator" mobile app to approve a login attempt.
How it works in your defense
If users' accounts are compromised, their usernames and passwords are all that a bad actor needs to access all account information. MFA places an extra step in the login flow to request additional confirmation that a login attempt is intended.
For example, if a compromised account is being accessed in a country or region outside of the user's knowledge, the user's mobile app would alert him or her for approval before the account can be accessed. Here's a fictitious example of the process:
- The user lives in Wake Forest, NC.
- At some point, the user had a really weak password or unknowingly gave it away to the bad actor.
- Bad actor attempts and successfully authenticates with the user's password from Genovia, Eurasia
- The user's mobile app requests approval for the sign-in attempt.
- The user, watching TV on the couch in Wake Forest, opens his app and denies the login request. After all, he was not actively, currently attempting to log in to his SEBTS account. So he chooses to deny the request.
- The user, being responsible and gracious toward his security-minded IT department, changes his password immediately by following the steps here: https://sebts.freshdesk.com/en/support/solutions/articles/24000065303
- The user then sends in a ticket to itworkorders@sebts.edu to let IT know he received an unapproved sign-in request and that he has successfully changed his password.
Setting up MFA with the Microsoft Authenticator App (recommended)
- Log in to https://aka.ms/MFASetup (ideally, after you have changed your password).
- This screen is presented after you have entered the correct password. Click Next.
- Choose Mobile App and Receive notifications for verification, then click Set up
- Follow the instructions on the screen to download the Microsoft Authenticator app and set it up using your phone's camera.
Remember: From here, any time you are actively logging in to your Microsoft account (Outlook, Teams, OneDrive, CampusNet, etc.), you may need to approve the sign-in attempt with your phone.
Please only approve sign-in requests that you have actively initiated.
Deny all others and take action as instructed above.
Setting up MFA with a mobile phone
Note: Standard telephone and SMS charges will apply.
- Go to https://aka.ms/MFASetup and login
- This screen is presented after you have entered the correct password. Click Next.
- NOTE: If you are a student, you may also see an option to verify via email, which will use the personal email that is associated with your student account. Students can also add an email verification in the "Change, add or delete MFA verification method" section that is later in this document.
- Choose Authentication phone
- Select your country and enter your phone number
- Choose Send me a code by text message if you would like to verify your account by entering a pin texted to you
OR choose Call me to receive a call when you need to verify your account
- Click the blue Next button
- Microsoft will either text or call you, depending on your selection.
For Text Message: Enter the code texted to you in the box and click the blue Verify button. The screen will then indicate that verification has been successful.
For Phone Call: Answer the phone, the voice will prompt you to hit the # key. Do so, and the screen will indicate that verification has been successful.
- Once your authentication method is verified, click the blue Done button
Remember: From here, any time you are actively logging in to your Microsoft account (Outlook, Teams, OneDrive, CampusNet, etc.), you may need to approve the sign-in attempt with your phone.
Please only approve sign-in requests that you have actively initiated.
Deny all others and take action as instructed above.
Setting up MFA with an office phone
Note: It is suggested to add an additional authentication mode besides an office phone if you will need to login to your account away from your office phone.
- Log into https://aka.ms/MFASetup and login
- This screen is presented after you have entered the correct password. Click Next.
- Select Office phone from the dropdown
- Select your country and enter your office phone number and extension if applicable
- Click the blue Next button
- Microsoft will call your office phone. Answer the phone, and the voice will prompt you to hit the # key. Do so, and the screen will indicate that verification has been successful.
- Once your authentication method is verified, click the blue Done button
- You will see the following screen. You are unlikely to need this information. Click the blue Done button
Remember: From here, any time you are actively logging in to your Microsoft account (Outlook, Teams, OneDrive, CampusNet, etc.), you may need to approve the sign-in attempt with your office phone.
Please only approve sign-in requests that you have actively initiated.
Deny all others and take action as instructed above.
Change, add, or delete MFA verification method
Note: SEBTS recommends having at least two verification methods setup in case one method is inaccessible.
- Go to https://aka.ms/MFASetup and login
- This screen is presented after you have entered the correct password. Click Next.
- Choose your preferred verification method via the dropdown box
- To add an authentication method, check the box next to the method, and fill out the information
- To change a phone verification method, change the country or number next to the check marked phone option you want to change
- To remove a verification method, uncheck the box next to the method
AND/OR Click Delete next to the Authenticator app you wish to delete
- After making all desired changes, click the blue Save button
NOTE FOR STUDENTS: Students have Email option in addition
(using the personal email associated with your student account)
