What is Multi-Factor Authentication?
Multi-Factor Authentication (MFA) is a security system that requires you to provide more than one form of identification at the time of login to ensure you are who you claim to be.
It combines at least two forms of authentication: something you know (e.g., a password) and something you have (e.g., a cell phone or a code generator). In this way, even if someone steals your password, they cannot access your account unless they also have your mobile device or code generator in their possession.
A simple example of Multi-Factor Authentication is withdrawing money from an ATM. To take money out of your bank account at an ATM, you need to insert your bank card (something you have) and provide your PIN (something you know). Missing either piece of identification will prevent the transaction.
The following members of the Brock community will be required to use Multi-Factor Authentication when accessing their Brock accounts.
There are 5 different methods you can use to verify your identity for Multi-Factor Authentication at Brock:
- respond to a notification from the Microsoft Authenticator app installed on your mobile device (recommended)
- generate a time-limited code using the Microsoft Authenticator app installed on your mobile device
- receive an SMS text message on your mobile device
- receive a phone call on your mobile device
- use a One-Time Verification Code Generator physical token (recommended for those who do not own a mobile device)
ITS recommends using the Microsoft Authenticator app installed on your mobile device, however, should you need a One-Time Verification Code Generator, one will be supplied to you at no cost. Please note that should you ever need a replacement OTV Code Generator, you will be required to pay a replacement fee.
Setting up Multi-Factor Authentication
If this is the first time you’re enabling Multi-Factor Authentication on your Brock account, refer to the guide below for step-by-step instructions on how to do so. You will need access to a computer and have your mobile device on hand to complete the process.
NOTE: Once you successfully complete setting up MFA on your account, your MFA status becomes on-boarded. While on-boarded, you will not receive prompts to authenticate your logins until your account becomes enforced (exception: you will receive a MFA prompt if you attempt to modify your O365 authentication information). Enforcement of MFA on your account will be activated by ITS.
Modifying Your Multi-Factor Authentication Settings
Once Multi-Factor Authentication is enabled on your Brock account, if you wish to change the way you verify your identity, please refer to the guide below for instructions on how to update your MFA settings.
Some reasons why you may want to make changes to your settings:
- you no longer trust your mobile device
- you no longer possess your mobile device because you lost it or it was stolen
- you have a new phone number
- you want to change the default method you use to authenticate
- you want to add a new authentication method
We have designed an infographic poster that can be posted in your area to inform your collegues about Multi-Factor Authentication at Brock. Click the image below to open a PDF version of the poster that you can print out.
Please scroll to the bottom of this page for all frequently asked questions about multi-factor authentication.
Brock University is a big target for cyber criminals. Multi-Factor Authentication provides a higher level of security for our community and reduces the risk of certain types of attacks. Passwords can easily be compromised – either by phishing, guessing or other techniques hackers employ. Multi-factor authentication provides an additional layer of security that protects users even if someone else knows their password.
No, but it will drastically improve the security of user accounts at the University.
Faculty, staff and students will be required to use MFA.
Frequency will depend on (but is not limited to) your geographical location, permission levels and the application you are attempting to access.
Additionally, when you log in using MFA, you should see a checkbox labelled “Don’t ask again for 30 days”. If you are logging in from a trusted device (e.g., your own personal laptop), you can check this box and you will not be asked to MFA again when logging in from that specific browser+device for the next 30 days.
Remember to only use this feature on devices that are not shared with other people such as your personal workstation, laptop or mobile device.
On mobile devices
If you are using the Microsoft Authenticator app, open it to find your verification code. If you decided to receive SMS text messages instead of using the app, your verification code will be sent to your mobile device at the time of login.
On One-Time Verification Code Generators
Turn on the device and use the verification code it displays. The device will turn itself off once the code expires.
If you do not own a mobile device for Multi-Factor Authentication, a One-Time Verification (OTV) Code Generator can be obtained and linked to your account by contacting ITS.
A One-Time Verification (OTV) Code Generator is a small device with a built-in screen that generates and displays authentication codes for MFA logins.
NOTE: OTV Code Generators require manual setup. If you wish to use one, you will need to contact the ITS Help Desk.
ITS will supply your first OTV Code Generator to you at no cost. However, if you ever need a replacement, you will be required to pay a replacement fee.
Yes. The OTV Code Generator is one more thing to carry around with you and you are more likely to forget it than your cell phone. Remember that you will not be able to access Brock IT services if you are unable to verify your identity with MFA.
The mobile app is easy to use and does not require a code to be entered to verify your identity.
The OTV Code Generator requires assistance from the ITS Help Desk to configure it to work with your account whereas configuring your cell phone to authenticate MFA does not.
Faculty and staff who have a Brock owned mobile device or whose mobile devices is subsidized by Brock must use the mobile device for MFA.
Nothing is wrong. Multi-Factor Authentication is not immediately active on your account upon successful setup. You will begin to receive authentication prompts once your MFA status is changed to enforced. Enforcement of MFA on your account is activated by ITS.
No. The information you provide when you set up MFA is only used for MFA purposes. Other systems such as Brock DB, Workday and Microsoft Self-Service Password Reset are completely separate from the MFA system, so you may have to provide the same details about yourself to each of these other systems.
If you lose your phone or someone steals it, contact the IT Help Desk (x4357) for assistance in resetting your MFA settings.
If you delete the authentication app from your mobile device, contact the Help Desk (x4357) for assistance with resetting your MFA settings.