What is Multi-Factor Authentication?
Multi-Factor Authentication (MFA) is a security system that requires you to provide more than one form of identification at the time of login to ensure you are who you claim to be.
It combines at least two forms of authentication: something you know (e.g., a password) and something you have (e.g., a cell phone or a code generator). In this way, even if someone steals your password, they cannot access your account unless they also have your mobile device or code generator in their possession.
A simple example of Multi-Factor Authentication is withdrawing money from an ATM. To take money out of your bank account at an ATM, you need to insert your bank card (something you have) and provide your PIN (something you know). Missing either piece of identification will prevent the transaction.
The following members of the Brock community are required to use Multi-Factor Authentication when accessing their Brock accounts:
There are 5 different methods you can use to verify your identity for Multi-Factor Authentication at Brock:
- respond to a notification from the Microsoft Authenticator app installed on your mobile device (recommended)
- generate a time-limited code using the Microsoft Authenticator app installed on your mobile device
- receive an SMS text message on your mobile device
- receive a phone call on your mobile device
- use a One-Time Verification Code Generator physical token (recommended for those who do not own a mobile device)
ITS recommends using the Microsoft Authenticator app installed on your mobile device, however, should you need a One-Time Verification Code Generator, one will be supplied to you at no cost. Please note that should you ever need a replacement OTV Code Generator, you will be required to pay a replacement fee.
The additional context feature for Microsoft Authenticator app notifications presents the user with the name of the application requesting MFA approval, as well as the location of the sign-in request, based on the IP address where the sign-in originated from. If you use the Microsoft Authenticator app with push notifications enabled, when you sign-in to your Brock account:
- Verify that the App and location are both correct.
- Tap Approve if the information is correct, or Deny if you do not recognize the sign-in attempt.
The number matching feature for Microsoft Authenticator app notifications improves sign-in security. If you use the Microsoft Authenticator app with push notifications enabled, you will be prompted to enter a number into the app that is provided to you on the device you are attempting to sign-in from, whenever you attempt to sign-in to your Brock account. To sign-in with number matching:
- Receive a randomly-generated 2-digit number on the device you are attempting to sign-in on.
- Verify that the App and Location are both correct.
- Enter the number into the input field.
- Tap Yes (or tap No, it’s not me if you do not recognize the sign-in attempt).
Setting up Multi-Factor Authentication
If this is the first time you’re enabling Multi-Factor Authentication on your Brock account, refer to the guide below for step-by-step instructions on how to do so. You will need access to a computer and have your mobile device on hand to complete the process (depending on the MFA option you select, you may not be able to complete the setup process on your mobile device alone).
NOTE: Once you successfully complete setting up MFA on your account, your MFA status becomes on-boarded. While on-boarded, you will not receive prompts to authenticate your logins until your account becomes enforced (exception: you will receive a MFA prompt if you attempt to modify your O365 authentication information). Enforcement of MFA on your account will be activated by ITS.
Modifying Your Multi-Factor Authentication Settings
Once Multi-Factor Authentication is enabled on your Brock account, if you wish to change the way you verify your identity, please refer to the guide below for instructions on how to update your MFA settings.
Some reasons why you may want to make changes to your settings:
- you no longer trust your mobile device
- you no longer possess your mobile device because you lost it or it was stolen
- you have a new phone number
- you want to change the default method you use to authenticate
- you want to add a new authentication method
Please scroll to the bottom of this page for all frequently asked questions about multi-factor authentication.
FAQs - About MFA
Brock University is a big target for cybercriminals. Multi-Factor Authentication provides a higher level of security for our community and reduces the risk of certain types of attacks. Passwords can easily be compromised – either by phishing, guessing or other techniques cybercriminals employ. Multi-factor authentication provides an additional layer of security that protects users even if someone else knows their password.
No, but it will drastically improve the security of user accounts at the University.
Faculty, staff and students are required to use MFA.
Frequency will depend on (but is not limited to) your geographical location, permission levels and the application you are attempting to access.
Additionally, when you log in using MFA, you should see a checkbox labelled “Don’t ask again for 30 days”. If you are logging in from a trusted device (e.g., your own personal laptop), you can check this box and you will not be asked to MFA again when logging in from that specific browser+device for the next 30 days.
Remember to only use this feature on devices that are not shared with other people such as your personal workstation, laptop or mobile device.
On mobile devices
If you are using the Microsoft Authenticator app, open it to find your verification code. If you decided to receive SMS text messages instead of using the app, your verification code will be sent to your mobile device at the time of login.
On One-Time Verification Code Generators
Turn on the device and use the verification code it displays. The device will turn itself off once the code expires.
A One-Time Verification (OTV) Code Generator is a small device with a built-in screen that generates and displays authentication codes for MFA logins.
NOTE: OTV Code Generators require manual setup. If you wish to use one, you will need to contact the ITS Help Desk.
ITS will supply your first OTV Code Generator to you at no cost. However, if you ever need a replacement, you will be required to pay a replacement fee.
Yes. The OTV Code Generator is one more thing to carry around with you and you are more likely to forget it than your cell phone. Remember that you will not be able to access Brock IT services if you are unable to verify your identity with MFA.
The mobile app is easy to use and does not require a code to be entered to verify your identity.
The OTV Code Generator requires assistance from the ITS Help Desk to configure it to work with your account whereas configuring your cell phone to authenticate MFA does not.
Faculty and staff who have a Brock owned mobile device or whose mobile device is subsidized by Brock must use the mobile device for MFA.
No. The information you provide when you set up MFA is only used for MFA purposes. Other systems such as Brock DB, Workday and Microsoft Self-Service Password Reset are completely separate from the MFA system, so you may have to provide the same details about yourself to each of these other systems.
The Microsoft Authentication app on your mobile device is typically the recommended option for MFA. It’s easy to use and readily available on your phone which you will usually have on you at all times; it connects to the internet using WiFi or your data plan; and it doesn’t require you to carry an additional device (an OTV Generator) around with you.
ITS also recommends that you set up an additional method such as SMS text messaging as a back-up option in case something happens to the app.
FAQs - MFA Usage
You will need to authenticate with another method. If you only have that phone as an option, then you will need to contact the Help Desk (x4357) to verify your identity and set up another way to authenticate.
If you are going to have access to WiFi where you are travelling to, then set up the Microsoft Authenticator app on your phone and change your MFA settings to use the app instead of SMS texts or phone calls. The app doesn’t require cell service to work – just an internet connection. Alternatively, you can also request an OTV Code Generator and take that with you when you travel to use for MFA authentication.
You should begin to receive authentication prompts for MFA immediately after setting MFA up on your account. If you aren’t receiving prompts, check your MFA settings and verify that you’ve configured them properly. For instructions on configuring your MFA settings, please visit Managing Your Brocku Account. If you continue to experience issues with your MFA settings, please contact the Help Desk.
If you lose your phone or someone steals it, contact the IT Help Desk (x4357) for assistance in resetting your MFA settings.
If you delete the authentication app from your mobile device, contact the Help Desk (x4357) for assistance with resetting your MFA settings.