Set up Multi-Factor Authentication
Posted by Evan White, Last modified by Evan White on May 13, 2020 02:48 PM
NSU accounts are provided through Microsoft. Multi-factor authentication (MFA) is provided as a means to secure your account from hacking. This involves setting up multiple factors of your identity to prove that you are the legitimate owner of your account. When logging in from a location on-campus, such as an office computer, additional factors will not be required. Setting up MFA will nearly eliminate the chance of an intruder accessing your account via the Internet.
Which factors can I add to my account?
Adding as many authentication factors as possible will increase the safety and accessibility of your account. We have instructions on how to add the following methods. The MFA settings for your account can be accessed quickly by logging into aka.ms/setupsecurityinfo.
Most recommended: Microsoft Authenticator app for smartphones
This smartphone app uses notifications to allow you to approve or deny an attempt to sign in. It also provides a one-time passcode which expires every 30 seconds, in case you are unable to receive the notification. This randomized passcode will prove that you are legitimately the person attempting to access your own account.
You can set up an email address that is not affiliated with NSU as a factor of authentication. On an attempt to sign in, the system will send a randomized six-digit passcode to the email address. Provided you are the only person with access to that email address, it will prove that you are the person attempting to access your own account. Other options are usually more secure than an email address, so we recommend adding more factors.
If you set up a cell phone number as an authentication factor, the system can send a randomized six-digit passcode to the phone via text message or dictate it via phone call.
What could happen if I don't enable MFA?
If MFA is not enabled on your account, there is only a single authentication factor: your password. Passwords are commonly leaked from other websites, phishing/scam websites pretending to be legitimate, or otherwise may be an insecure method of proving your identity. An unauthorized intruder can steal sensitive information from your account, as well as impersonating you by email to attempt to steal more information from others. Due to the shortcomings of password authentication, we've dealt with several massive email campaigns attempting to extract information from hundreds of students and faculty, often stemming from just a single hacked account. The attackers will usually add rules to your email to delete all incoming emails, which leads to important messages being lost.
According to internal studies at Microsoft, accounts have been proven 99.9% less likely to be compromised (hacked) if you enable multi-factor authentication. Source
What happens when I enable MFA?
Additional factors of authentication will be used when attempting to log-in on a computer or phone off-campus. On a personal or home computer, you may select the option to Remember this computer, and it will not ask again for only that computer. The behavior of MFA functionality on your account will vary depending on the factors you added. For example, if you added a cell phone number as a factor, Microsoft will send you a text message to confirm a random six-digit code to prove who you are. The most convenient and secure authentication factor is the Microsoft Authenticator app, which will simply ask you via your smartphone to approve or reject a new sign-in attempt. Having the app ensures your NSU account cannot be stolen if your phone number is switched to a new phone without your permission.
You may have concerns about separating business or academic matters from your personal smartphone or other factors of identity. Additional factors, such as personal email addresses or phone numbers, will not be used by any other systems at NSU outside of verifying your identity when attempting to sign in off-campus. Adding the Microsoft Authenticator app to your smartphone will not send any notifications other than those asking you to approve a sign-in attempt, and the app does not use any device features other than notifications. Camera access is used only once for the app to scan a verification code.
If you lose access to an authentication method, such as a lost phone with the authenticator app, ITS@NSU technicians can help you regain access by erasing your factors of authentication, so you may update your account with new ones.
Is someone available to answer questions or assist with MFA?
Yes, our technicians are happy to help you ensure the security of your account.
Faculty and staff: Send an email to email@example.com about enabling MFA and we can answer any questions you may have, or arrange a meeting to assist you with adding it.
Students: Call or email Student Online Support at (318) 357-6696 or firstname.lastname@example.org.
Other types of factors
If you have a dedicated office phone extension at NSU, it is automatically added as an authentication factor. The system can call your office phone and dictate a random six-digit code for proof.