Multifactor Authentication (MFA)

MFA is required for all Faculty, Staff and Students. 

Enroll today: aka.ms/mfasetup

 

Multifactor authentication is a process in which users are prompted during the sign-in process for an additional form of identification, such as a code on their cellphone or a fingerprint scan.

If you only use a password to authenticate a user, it leaves an insecure vector for attack. If the password is weak or has been exposed elsewhere, an attacker could be using it to gain access to your Mohawk account. When you require a second form of authentication, security is increased because this additional factor isn't something that's easy for an attacker to obtain or duplicate.

What is Multifactor Authentication (MFA)?  MFA works by requiring two or more of the following authentication methods:

  • Something you know - Typically a password.
  • Something you have - Such as a trusted device that's not easily duplicated, like a phone or hardware key.
  • Something you are - Biometrics like a fingerprint or face scan.

Multifactor Authentication can also further secure password resets. When users register themselves for Multifactor Authentication, they can also register for self-service password reset in one step. The verification prompts are part of the Azure AD sign-in, which automatically requests and processes the MFA challenge when needed.

Enrolling in Multifactor Authentication

To enroll in MFA visit aka.ms/mfasetup and sign-in with your MohawkID (Ex: 000101060 [at] mohawkcollege.ca (000101060[at]mohawkcollege[dot]ca)). 

Mohawk IT recommends using the Microsoft Authenticator app, it will provide you with the most seamless, hassle-free method of verification. It allows you to receive push notifications that can quickly and easily be acknowledged without having to enter codes. You can download the Microsoft Authenticator App to your device from the Apple's App Store for iOS users or the Google Play Store for Android users.

Verification Methods available to use for MFA include:

  • Notification through mobile app (Microsoft Authenticator App)
  • SMS text message
  • Call to phone (Cell, Home or Office Phone)
  • Verification code from the mobile app 

 

For detailed setup instructions please visit the Microsoft Support page

Set up the Authenticator App as your verification method

To secure your account, the Authenticator app provides an easy to use experience by allowing you to approve your login with your mobile device. No need to wait for texts or calls.  To see what the app experience is like see "Logging in with MFA" below. 

Install the Authenticator app

1.   To install the Authenticator app on an Android device, scan the QR code below or open the download page from your mobile device.

QR code to install authenticator app on adroid

2.    To install the Authenticator app on For iOS, scan the QR code below or open the download page from your mobile device.

QR code to install authenticator app on iOS

Set up the Authenticator app

After you install the Authenticator app, follow the steps below to add your account:

  1. Open the Authenticator app.
    authenticator app logo
  2. Select (+) in the upper right corner or touch the Add account button
    screenshot of authenticator app with arrows pointing to the '+' button and "add account button"
  3. Select Work or school account
    screenshot of authenticator app with a red circle around work or school account
  4. Select the option to Scan QR code
  5. Point your camera at the QR code during the Authenticator App setup. (Sample below) 

sample image of microsoft authenticator requesting to scan QR code to connect to an account

  1. The registration process will prompt you to Approve the login.
  2. Select Approve - Your Authenticator App is now setup correctly. 
    screenshot of approve sign in notification with deny and approve button options

 

Set up SMS Text Messages as your verification method

SMS text message option is a part of the phone option, so you'll set everything up the same way you would for your phone number, but instead of having Microsoft call you, you'll choose to use a text message.

To set up text messages

  1. Sign in to your work or school account and then go to your My Account page.
  2. Select Security info from the left navigation pane or from the link in the Security info block, and then select Add method from the Security info page.screenshot of security info page with a box around add method
  3. On the Add a method page, select Phone from the list, and then select Add.
  4. On the Phone page, type the phone number for your mobile device, choose Text me a code, and then select Next.

    screenshot of the phone page showing phone number input field
  5. Type the code sent to you through text message to your mobile device, and then select Next. The page changes to show your success.

    screenshot of the phone page prompting user to enter code

Your security info is updated and you can use text messaging to verify your identity when using two-step verification or password reset.

Set up a phone call as your verification method

To set up phone calls

  1. Sign in to your work or school account and then go to your My Account page.
  2. Select Security info from the left navigation pane or from the link in the Security info block, and then select Add method from the Security info page.add a method page
  3. On the Add a method page, select Phone, and then select Add.

  4. On the Phone page, type the phone number for your mobile device, choose Call me, and then select Next.

    phone page with phone number input fields
  5. Answer the verification phone call, sent to the phone number you entered, and follow the instructions.
    phone page with 'call answered' text next to a green checkmark

Your security info is updated and you can use phone calls to verify your identity when using two-step verification or password reset.

Logging in with MFA (Authenticator App)

Common Microsoft Authenticator App Questions

When accessing Mohawk College services that require MFA you will be required to login with your MohawkID (Ex: 000101060 [at] mohawkcollege.ca (000101060[at]mohawkcollege[dot]ca)) and password. After a successful login you will be prompted to approve the login request using the Microsoft Authenticator app or be prompted to select your verification method . Once you approve the request, the login process will complete and you will continue to the Mohawk service you were trying to access.

Example Experience:

  1. Login with your MohawkID & Password

"Microsoft Sign-on Screen with Username"    

"Microsoft Sign-on Screen with Password"

2. You will be presented with a MFA challenge 
"Microsoft Sign-on Screen with MFA challenge"

3. You will receive a notification from your Authenticator App.
"Cell phone MFA notification"

4. Approve your sign-in
"Authenticator App Approve Sign-in?"

Update your Security Info - Add/Remove Additional Verification Methods 

Video walkthrough showing how to login and update your security info

  1. Directly access your account info via this link: MyAccount
  2. Or once logged into Office 365, click the icon for your profile in the top-right corner of the webpage and click View account. 
    "View Account info"
  3. Under Security info select UPDATE INFO      "Update Security Info"
  4. You may be prompted to enter your Mohawk credentials and/or be challenged for MFA when trying to makes changes to your Security Info.

Add Additional Verification Methods 

  1. Login to your account as noted above and navigate to Security Info.
  2. Click the Add sign-in method
  3. Proceed to add a new MFA verification methods.

"Security Info - Add sign-in method"

FAQ

Why do I need MFA?

Passwords alone aren't enough anymore as they can often be stolen, guessed, or compromised. MFA adds a second layer of security, keeping your account secure even if your password is compromised. 

Can I opt out of MFA?

No, MFA is required for all student and staff accounts to login to our systems. This ensures that your personal information and data, and Mohawk systems, remain secure.  

The transition to MFA may seem onerous but in practice it is minimally disruptive and constitutes only a slight change to your login process. It is a small investment with a huge return. Information Technology Services is here to support you through this change; we'll help you resolve any issues and answer any questions or concerns you may have.

How often will I have to verify my identity? 

When you log-in to an MFA enabled system you may be asked via an onscreen prompt to 'Stay signed in?' (example below).  If you choose 'Yes', there will be no further MFA prompts unless…

stay signed in security notification

  • 30 days have passed
  • you change web browsers
  • you sign into a different desktop app (i.e. Teams, Outlook, etc.)
  • you use more than one device (e.g. laptop and phone)
  • your IP address changes (e.g. when connecting to another network or using VPN)

 

For example, after logging into Microsoft Teams you may be prompted to authenticate again when you try to access Microsoft Outlook, and then again to access MyCanvas in a browser - all subsequent sites that you access in the same browser session should not prompt you for MFA again.

Can I use the Microsoft Authenticator app with other online services?

Yes you can. Open the Microsoft Authenticator app on your mobile phone and go to 'add account'. You can then use it to protect your personal accounts for services such as Amazon, PayPal, and Facebook. Please note: we are not able to provide any support for the use of MFA with services not provided by Mohawk College.

I am concerned about using my personal mobile phone for MFA - what are the risks?

Your personal mobile device details are not used for any purpose other than protecting your account. Adding the Microsoft Authenticator app to your personal device just provides a method to confirm who you are. The app is not used to manage or control your device or provide any personal data and can be used for other organizations and systems requiring MFA.

If you leave Mohawk, you can remove your Mohawk account from the Microsoft Authenticator app but continue to use it to protect your other services. Keeping your account secure will protect both the organization and your own personal data. 

Does using Microsoft Authenticator App provide Mohawk with access to my device or personal information?

No, the Microsoft Authenticator mobile app (iOS and Android) does not request any personal information, it simply holds an electronic token unique to your account.

Do I need to have a smartphone to use multifactor authentication?

No, you do not need to have a smartphone to use multi-factor authentication. Users without smartphones can:

  • use a tablet to run the Microsoft Authenticator app (or other authentication app)
  • use a phone like a cell/home or office phone to receive a phone call to approve or deny requests.
  • use any cell phone to receive a SMS text message.

What if I receive an unexpected notification to verify authentication for a system I haven't tried to access?

Please decline the app notification and contact the IT Service Desk who can investigate further. 

What if I’m travelling?

If you are travelling for work or vacation and need to access Mohawk College services, you will need to have your second MFA factor with you. A mobile data plan or internet connectivity is not required to use the Microsoft Authenticator App. 

My device with the Authenticator App installed was lost or stolen?

If you've lost or had your device stolen, you can take either of the following actions:

  • Sign in using a different authentication method (Phone Call, SMS)
  • Contact the IT Service Desk to clear your settings. (Contact IT).  After your settings are cleared, you'll be prompted to register for two-factor verification the next time you sign in.