Instagram Combined Shape quotation Created with Sketch. 69

Enabling Multi-Factor Authentication (MFA)

Set up your account sign-in for multi-factor authentication (MFA)

By setting up MFA, you add an extra layer of security to your account sign-ins on various services. For example, you first specify your password and, when prompted, you also type a dynamically generated verification code provided by an authenticator app or sent to your phone.

MFA requirements: Please make sure you have a means to receive the MFA verification. You will need either a cell phone that will have an Authenticator App installed or a USB Security Key. It is important to remember that you will be asked to re-authenticate with MFA from time to time, so it is critical that you have your 2nd verification method nearby when this happens. In most cases a cell phone is the optimal device for this purpose.

You will then need to follow the steps below to complete your MFA set up. It is very important that once you start this process that you complete it all the way through to the end. Failure to do so might leave your account in a state where you cannot access it and you will need to contact the IT Service Desk for further assistance.

  1. Choose your default authentication method, usually the Microsoft Authenticator app or you may choose to setup your hardware key. Select Next and follow the prompts to add this account. 
  2. Once you complete the instructions to specify your additional verification method, the next time you sign into Microsoft 365, you'll be prompted to provide the additional verification information or action, such as typing the verification code provided by your authenticator app or to interact with your security key.
  3. The final step. If you are using the Desktop or Mobile apps of MS Teams and Outlook, you will be prompted to reauthenticate for each app. CTS suggests that when authenticating, to choose the option to “Don’t ask again for 14 days” when you are using a campus owned device or a device you trust.

FAQs

Q. What is MFA?
A. Multi-Factor Authentication, sometimes used interchangeably with Two-Factor Authentication (2FA), uses an additional layer of security when you login to a service. MFA relies on two forms of authentication: your standard CCA password and a second method of authentication. The second item is typically something you have with or near you: a USB security key, or an authenticator application on your mobile device such as Microsoft Authenticator.

Q. Who is currently enrolled by MFA?
A. All College faculty, staff, and students are required to use MFA.

Q. Why are we requiring people to use MFA?
A. We are required to use MFA by new SUNY security guidelines. Our systems are under constant attack. The most common are password attacks where attackers send thousands of logins using usernames and passwords harvested from the web to phishing attacks where attackers attempt to get your username and password. MFA stops all these attacks. 

Q. What applications/systems are currently protected with MFA?
A. Currently most all web-based applications such Office 365 have MFA enabled, along with many desktop and phone applications that you may sign in with.

Q. How often do I have to re-authenticate?
A. When you authenticate with MFA there is an option that can be clicked for it to last 14 days.  This setting is per-device, application, and web browser. So, for example, your computer and your phone will each have their own 14 day window with the applications where you will not be asked to authenticate again. For example, if you also use O365 on either of those devices with a web browser, it also will have its own independent 14 day window between authentication requests.

Q. I don't have access to anything important why do I have to use MFA?
A. You may not think you have access to any information worth protecting, but all our faculty/staff have access to some secure information of one kind or another, from your W-2 (which an attacker could use to commit fraud and receive your tax return) to student health data, FERPA protected student data, or college financial data. If your account is compromised, it also could be used to trick other campus members into responding to a phishing email which would allow an attacker to more easily access systems or compromise of users that do have access to the data they are looking for.

Q. How do I change my authentication method?
A. Email or call the IT Service Desk at itservicedesk@potsdam.edu / x4444.

Common Issues

Multiple Web Browser Tabs: If you are using various SUNY Potsdam web services and have multiple tabs open (e.g. Outlook, Teams, and OneDrive) it may prompt you with three different verification codes. Trying to figure out which code goes to which web app can be confusing. We suggest you click the “refresh” button one of the web app pages and it should send you another verification code. Once you authenticate into one web app page, all you need to do is refresh the other pages and they should load without prompting for another verification.

If you experience any issues and need help getting things configured, please contact itservicedesk@potsdam.edu.