TABLE OF CONTENTS
- What is Multi-Factor Authentication?
- How does it work?
- Why do I need to use MFA?
- How do I register for MFA?
- How do I change or update my authentication methods?
- When will I need to use MFA?
- Why do I need to install the Microsoft authenticator app?
- What systems support MFA?
- What if I don’t want to install the authenticator app or my phone doesn’t support it?
- I requested my SMS code, but I haven’t received it yet.
- Does using SMS cost?
- I already have Google Authenticator (or another authenticator app), can I use that instead?
- Can I only use the Microsoft Authenticator app with my College account?
- I’ve got a new phone, what should I do?
- I’ve wiped, lost, or got a new number and now can’t get into my account.
- I’m having trouble with MFA, what can I do?
- How is my data protected?
What is Multi-Factor Authentication?
Multi-Factor Authentication (MFA) is a process where, during sign-in, in addition to your password you are asked for an additional form of identification such as entering a code from your mobile phone. You may already do this when logging into your online bank account or making an online payment.
If you only use one form of authentication such as just a password then it’s very easy for cyber criminals to try and steal this to get access to your account, if you have a second form of authentication then this becomes much more difficult.
Multi-Factor authentication at the College will rely on two forms of authentication; something you know (Password) and something you have (a mobile phone). If you’ve used chip and pin with your debit/credit card, then you’ve already used multifactor authentication as you require a PIN (something you know) and your card (something you have).
How does it work?
Once you have set up Multi-Factor Authentication on your mobile phone, using either SMS or the authenticator app, when you next sign in from a new device using your password, you will also be asked for the 6-digit code received via SMS or the App.
Why do I need to use MFA?
Your College credentials give you access to all South Essex College IT services. If your account is compromised then data and services you have access to can also be compromised leading to legal, financial, operational, and reputational damage to the College. Cyber Attacks are being reported more frequently with an increase in the education sector also being seen, making it more of a case of when rather than if.
Most hacking related breaches are a result of credential theft, where only passwords are available. By having a secondary means of authentication, such as a mobile phone, these attacks are quickly stopped in their tracks as, even if the password is known, the attacker can’t get into your account without your phone as well.
How do I register for MFA?
You will be prompted to set up MFA when MFA is enabled for your account, if you have already registered your security information, you’re ready for MFA. Please see the following guide on registering your security information: Registering your Security Information.
How do I change or update my authentication methods?
You can update your authentication methods by going to https://myworkaccount.microsoft.com and going to security information. A guide on registering can be found here: Registering your Security Information.
When will I need to use MFA?
You will only be asked for MFA on unfamiliar devices, if you’re working from a computer you use often and trust you can tick the box during sign in ‘Don’t ask me again from this computer’. You may also get asked for MFA if unusual activity has been seen with your account and we need to check it’s you.
The following is a list of examples for common reasons for an MFA challenge:
- You've signed in from a new browser.
- You've signed in from a new computer.
- You didn't select "Yes" when prompted to "Keep me signed-in".
- You signed out.
- You changed or reset your password.
- You are using an incognito/private browsing window.
- Computing Services revoked your sessions due to your device being lost or stolen.
- We need to verify your security information is up to date. This occurs every 180 days.
- Your sign in activity appears "risky" and we need to verify your sign in to ensure security.
Why do I need to install the Microsoft authenticator app?
When you set up the Microsoft authenticator app during MFA registration a secret code is shared. This allows the app to generate temporary one-time passwords (6-digit code) that are unique to you that can be entered when prompted during the sign in process. We recommend the Microsoft authenticator app over other methods as this works offline as it’s time based and offers the best security.
What systems support MFA?
Most College IT services that are available externally should have MFA enabled such as teams, emails and services ending ‘southessex.ac.uk’. We continue to add more of our services to this list to provide the best possible protection to College infrastructure.
What if I don’t want to install the authenticator app or my phone doesn’t support it?
Although we recommend that you install and register the authenticator app, you can register your mobile phone number instead to receive your code via SMS, it can take a few minutes for you to receive the SMS message containing your code.
I requested my SMS code, but I haven’t received it yet.
It can take a few minutes for the SMS message to come through and can vary between network providers. If you still haven’t received the code after a few minutes request it again. Some SMS apps have a spam filter so check to see if it’s in your spam filter. If you have issues with SMS, we recommend using the Microsoft Authentication app as it can generate codes when the device has no signal at all.
Does using SMS cost?
Neither South Essex College nor Microsoft charge for sending SMS messages containing your authentication codes, however you should check with your network provider if you are concerned.
I already have Google Authenticator (or another authenticator app), can I use that instead?
Yes, you can use any authenticator app.
Can I only use the Microsoft Authenticator app with my College account?
No, you can use the Microsoft Authenticator app to secure other online services that support MFA.
I’ve got a new phone, what should I do?
Before you wipe your old phone, you should setup and register the authenticator app on your new phone. You can then remove the old phone before wiping it.
Refer to this guide on registering and updating your security information: Registering your Security Information.
If you configured backup and recovery in the Microsoft Authenticator app you can use the following guide to restore your stored account: Back up and recover accounts with the Microsoft Authenticator app.
If you use a third part authenticator such as Google Authenticator follow their process for transferring accounts to a new device.
I’ve wiped, lost, or got a new number and now can’t get into my account.
Contact ITHelpline@southessex.ac.uk we will ask you some questions to verify your identity and then reset your account so you can register your new device for MFA.
I’m having trouble with MFA, what can I do?
Microsoft have a detailed troubleshooting guide you can refer to here: Common problems with account two factor authentication.
If you are still having issues or prefer to speak to somebody about your issue, please contact ITHelpline@southessex.ac.uk
How is my data protected?
Your personal information will not be shared or used for any other purpose other than to provide you temporary one-time passcodes. Data is encrypted in transit and at rest with strict access control in place limiting access.
If you use an authenticator app no personal data is collected. We take your data privacy seriously and if you want to know more on how we protect and handle your data please visit read our privacy notice found on the South Essex College Website.