Eastern Connecticut State University Knowledgebase

Multi-Factor Authentication (MFA)

Article ID: 510
Last updated: 03 Apr, 2019

Based on feedback from faculty and staff regarding Multi Factor Authentication (MFA), ITS is rescheduling MFA to be turned on Monday morning, April 8th, at 9am.  When you attempt to access email or O365 from outside the Eastern campus network after that time (even with a smartphone), you will be prompted to register for MFA. (Please note: if you never use email or O365 from outside the campus network, you don't need to do anything).

Even though the cutover will not be until April 8th, faculty and staff are encouraged to begin registering now for MFA.  By registering beforehand, you can register at your leisure and get assistance, if necessary, and be all set when April 8th rolls around.  If you would like assistance, you can visit the Help Desk, or faculty may contact CIT to set up a visit to your office. IT staff are eager to help you with this transition.

The purpose of MFA is to protect the Eastern community from an increasing number of cyberattacks that have already caught several members of the community both in terms of ransomed files that have been encrypted and fake messages that resulted in stolen money.  MFA is an inexpensive and very effective method for protecting everyone from unauthorized access and malicious attacks aimed at stealing passwords. It is being used by a large number of colleges and universities, and is recommended as the best way to manage the risk of IT use off campus.  MFA is recommended as a best cybersecurity practice, and is being used throughout higher education.

In addition, NECHE requires Eastern to have in place "procedures ensuring ... the integrity and security of data," and FERPA requires that educational institutions implement "reasonable methods" to protect student records."  MFA will help protect our students and improve Federal compliance while at the same time demonstrate to NECHE that we take these responsibilities seriously.  Finally, MFA will also better protect the integrity and privacy of online faculty and staff records and information.  The Information Technology Advisory Committee (ITAC) is convinced that the community’s needs will be accommodated with this plan.

For those interested in additional information, we recommend the following links:

Anyone who would like assistance can visit the Help Desk, or faculty may contact CIT to schedule a visit to your office. 

The MFA process requires a onetime setup of your notification preference (app, text, or phone call).  There are a variety of permutations possible for differing situations and circumstances, but for most users, we recommend option 4 below since it works on both cellular and wireless connections to the Internet.  That is also the best  option for those who travel, especially abroad.  The other options work only with either a cellular connection or a land-line connection (unless you have an ip phone on the device you plan to use for O365 and email).   

To configure your MFA profile, select one of the drop down options to register at https://aka.ms/mfasetup (see explanation of options below).  Once MFA is activated for your account and a successful MFA authentication process occurs on your device, you will be prompted for MFA every 30 days on your off-campus device(s).  There are five preference options, only three of which are relevant for Eastern users, highlighted in bold: 

Option 1:  “Call my authentication phone.”  This option registers your phone number to receive a voice call to authenticate (smart phone, flip phone, ip phone, or land line).  This option requires cellular or land line phone service (unless you’re using an ip phone which only requires Internet access).  It will send a voice call to your number to authenticate you upon answering the phone and acknowledging that you wish to authenticate by pressing the # key to approve or no action (hang-up) to deny.  
 
If you ever receive an MFA prompt when you are not actively attempting to login to your O365 account, Deny by hanging up.  Such an occurrence indicates that someone has compromised your username and password and is attempting to log into your account, and you should contact ITSecurity@easternct.edu immediately.
 
Option 2:  “Text code to my authentication phone.”  This option registers your mobile phone number to receive a text message with an authentication PIN.  This option requires a cellular connection, and will work in places where text messages get through but voice calls do not.  The six digit authentication PIN will have to be entered when prompted by MFA.  It is the easiest to set up but requires a cellular signal whenever you logon from off the campus network.  
 
If you ever receive an MFA prompt when you are not actively attempting to login to your O365 account, do not enter the PIN.  Such an occurrence indicates that someone has compromised your username and password and is attempting to log into your account, and you should contact ITSecurity@easternct.edu immediately.  
 
Option 3:  “Call my office phone.”  This option is not of any use since you will not be prompted for a second factor while in your office using the campus network.
 
Option 4:  “Notify me through app.”  This option registers you by downloading the Microsoft Authenticator app to your smart phone (recommended option, particularly if travelling).  The advantage of this option is that it allows the MFA authentication process to work with any type of Internet connection, either cellular or Wi-Fi.  Upon logging in, your smart phone will prompt you to Approve or Deny the request.  
 
If you ever receive an MFA prompt when you are not actively attempting to login to your O365 account, press DENY.  Such an occurrence indicates that someone has compromised your username and password and is attempting to log into your account, and you should contact ITSecurity@easternct.edu immediately.
 
Option 5: “Use verification code from app or token.”  This option is an advanced feature that we do not recommend using.

Any questions should be directed to the Help Desk at (860) 465-4346 or Helpdesk@easternct.edu.


Garry

This article was:  
Article ID: 510
Last updated: 03 Apr, 2019
Revision: 12
Views: 786