Multi-factor authentication (MFA) - FAQs

Table of Contents:

General Questions

Using multi-factor authentication


General Questions

What is multi-factor authentication (MFA)?

Multi-factor authentication, also referred to as "Two-Factor Authentication" or “Two-Step Verification,” is a technology designed to protect your accounts from hackers by requiring you to provide “two” pieces of information when signing into a website or application. After you set up MFA, you’ll sign-in to your account in two steps using:

  • Something you know, like your password
  • Something you have, like your phone

Example: You sign-in to a website or application with your username and password (credentials) from a computer you've never used before. This action generates a verification code sent to a phone that you authorized. You enter the code to complete the sign-in process. 

More Information: What is: Multifactor Authentication (source: Microsoft); Two Factor Auth (2FA) (source: BrainStation). 

Why is multi-factor authentication (MFA) required by SUNY?  

Many institutions rely on web-based systems today, such as Office 365 and Gmail, to share files and information. This includes higher education institutions, which have become one of the prime targets of phishing and ransomware attacks in recent years. multi-factor authentication (MFA) is vital in the protection against these types of attacks, as a single password is no longer sufficient in preventing unauthorized access to campus resources and data.   

Who will use multi-factor authentication (MFA)?  

Multi-factor authentication will be enabled for all faculty, staff, and student accounts. 

When will Buffalo State implement multi-factor authentication (MFA)?  

Beginning this Wednesday (September 14), most campus websites will require users to use multi-factor authentication (MFA) when signing in. This will include sites like Degree Works, D2L Brightspace and SUNY HR Portal.  

What will happen if I don't setup multi-factor authentication (MFA) prior to the deadline?  

If you don't setup multi-factor authentication (MFA) prior to the deadlines listed above, you will see prompts similar to the ones below the next time you sign-in to a site that requires MFA verification. This will take you to the MFA registration/setup page.

Additional information required More information required

Which Buffalo State systems will require multi-factor authentication (MFA)?

Beginning this Wednesday (September 14), most campus websites will require users to use multi-factor authentication (MFA) when signing in. This will include sites like Degree Works, D2L Brightspace and SUNY HR Portal.   

Who do I contact for help with multi-factor authentication (MFA)?  

If you have questions about multi-factor authentication, you can open a Technology Help ticket and select “Multi-Factor Authentication” from the drop-down menu, or e-mail the IT Help Desk at ithelpdesk@buffalostate.edu

Using multi-factor authentication

How does multi-factor authentication (MFA) work?

After setting up MFA, anytime you sign-in to your account from a new device (from off campus), you'll be prompted to confirm the sign-in using the verification method you selected during the setup process. For example, if you chose to have a code texted to your phone, you will be prompted to enter this code to complete the sign-in process. Or, if you chose to use an authenticator app like Microsoft Authenticator, the app will generate a random code that you will use to complete the sign-in process. This way, a lost or stolen password is basically inconsequential, and the same MFA settings that protect your account from outsiders also simplify things like password resets, as the system has a way to confirm your identity using things you normally have on-hand anyway (like your phone).

What devices can I use with multi-factor authentication (MFA)?

Your cell phone is the ideal device, because it's something you always have with you and it allows you to access email, text, voice, and app features that can be used for MFA. Any device capable of at least one of these can be used. So for example, a tablet can be set up with the authenticator app, or you can use a computer to access a separate email account to receive the verification code.

I'm a student. How do I enroll my Gmail account in 2-Step Verification?

Students can follow these steps to enroll their Gmail accounts in 2-Step Verification.

I'm faculty/staff. How do I setup multi-factor authentication in Office 365?

Faculty/staff can follow these steps to setup multi-factor authentication in Office 365. This video demonstrates how to register for multi-factor authentication using the Microsoft Authenticator app.

How many devices should I add?  

When setting up your verification options, it is strongly recommended that you add at least two verification methods. For example, you can add your cellphone as one authentication method and the Microsoft Authenticator app as a second authentication method. 

Do I need to have a smartphone to use multi-factor authentication (MFA)?  

While a smartphone isn't required to use multi-factor authentication, using a smartphone is recommended because it's something you always have with you. Other devices like a tablet or landline phone (such as your office or home phone) can also be used with MFA but aren't recommended (because these are not things that you always have access to). For example, if you try to sign-in to Gmail or Office 365 from a computer in a hotel or public library, you won't be near your office or home phone to receive the verification code. 

What if I forget my smartphone at home?  

We strongly recommend setting up at least two authentication methods with MFA. This way you will have a backup method to choose from if one method is unavailable. For example, you could setup your smartphone for text verifications and your office and home phones to do callback. 

What happens if I lose my smartphone?   

If you lose your phone or suspect it's been stolen, you should contact the IT Help Desk immediately at 716-878-4357. The Help Desk can can create a time-limited Temporary Access Pass which will allow you to access the MFA setup page. This will allow you to add or update your MFA verification methods. While it's important that you contact the IT Help Desk if you lose your phone, remember that your password will still protect your account. 

Can I use the Microsoft Authenticator app internationally?  

The Microsoft Authenticator app is designed to work internationally. If you are traveling to another country and won't have cellular service, you can configure the Authenticator app to generate an OATH verification code that can be entered (if and when you need to sign-in to your Office 365 account). If you will have cellular service while traveling, the Authenticator app can also be configured for push notifications (e.g. where you just need to tap 'Approve' on your phone if and when you need to sign-in to your Office 365 account).

Can the system handle international phone numbers?   

Yes, MFA can handle international phone numbers. When you add your phone number on the MFA setup page (https://aka.ms/mysecurityinfo), select your country from the drop-down list and then enter your 10-digit phone number. 

select country code from drop-down menu

How often will I be prompted for my verification code?

Currently, MFA sessions are set to expire after 30 days. This means that if you sign-in to one of the Office apps via the web and you answer "Yes" when you see the "Stay signed in?" prompt, you should only be prompted for your MFA verification code once within a 30 day period. Answering "No," however, means that you'll need to do the MFA verification again the next time you sign-in.

Answer yes at the stay signed in prompt

After setting up MFA I'm not able to send/receive mail on my iPhone using the Mail app. What can I do?

You should download the Outlook app from the Apple App Store and set up your account within Outlook. Outlook is the only app that Microsoft supports for this. Another option is to delete your Exchange account within the iPhone Mail app (tap Settings > Mail > Accounts > select your Buffalo State account and tap Delete) and then re-add it. This should resolve issues sending/receiving mail but is not officially supported.

0% helpful - 2 reviews
Print Article

Details

Article ID: 139174
Created
Thu 11/4/21 8:30 AM
Modified
Thu 9/28/23 2:50 PM

Related Articles (5)

Learn how to protect yourself from phishing scams
Learn how to enroll in 2-Step Verification for Gmail. [LEGACY ARTICLE - APPLIES TO STUDENTS ATTENDING SPRING 2023 OR EARLIER]
Learn how to set up multi-factor authentication for Network logins including Microsoft 365 services and SUNY systems
Learn how to set up the Microsoft Authenticator app for Microsoft 365 services
Learn how to set up your Network password and multi-factor authentication. This article applies to students only (not faculty/staff).

Related Services / Offerings (2)

Request a hardware token for use with multi-factor authentication (MFA).
Locked out of your Buffalo State accounts? Open a ticket to have the IT Help Desk help you regain access.