Table of Contents:
General Questions
Using multi-factor authentication
General Questions
Multi-factor authentication, also referred to as "Two-Factor Authentication" or “Two-Step Verification,” is a technology designed to protect your accounts from hackers by requiring you to provide “two” pieces of information when signing into a website or application. After you set up MFA, you’ll sign-in to your account in two steps using:
- Something you know, like your password
- Something you have, like your phone
Example: You sign-in to a website or application with your username and password (credentials) from a computer you've never used before. This action generates a verification code sent to a phone that you authorized. You enter the code to complete the sign-in process.
More Information: What is: Multifactor Authentication (source: Microsoft); Two Factor Auth (2FA) (source: BrainStation).
Many institutions rely on web-based systems today, such as Office 365 and Gmail, to share files and information. This includes higher education institutions, which have become one of the prime targets of phishing and ransomware attacks in recent years. multi-factor authentication (MFA) is vital in the protection against these types of attacks, as a single password is no longer sufficient in preventing unauthorized access to campus resources and data.
Multi-factor authentication will be enabled for all faculty, staff, and student accounts.
Beginning this Wednesday (September 14), most campus websites will require users to use multi-factor authentication (MFA) when signing in. This will include sites like Degree Works, D2L Brightspace and SUNY HR Portal.
If you don't setup multi-factor authentication (MFA) prior to the deadlines listed above, you will see prompts similar to the ones below the next time you sign-in to a site that requires MFA verification. This will take you to the MFA registration/setup page.
Beginning this Wednesday (September 14), most campus websites will require users to use multi-factor authentication (MFA) when signing in. This will include sites like Degree Works, D2L Brightspace and SUNY HR Portal.
If you have questions about multi-factor authentication, you can open a Technology Help ticket and select “Multi-Factor Authentication” from the drop-down menu, or e-mail the IT Help Desk at ithelpdesk@buffalostate.edu.
Using multi-factor authentication
After setting up MFA, anytime you sign-in to your account from a new device (from off campus), you'll be prompted to confirm the sign-in using the verification method you selected during the setup process. For example, if you chose to have a code texted to your phone, you will be prompted to enter this code to complete the sign-in process. Or, if you chose to use an authenticator app like Microsoft Authenticator, the app will generate a random code that you will use to complete the sign-in process. This way, a lost or stolen password is basically inconsequential, and the same MFA settings that protect your account from outsiders also simplify things like password resets, as the system has a way to confirm your identity using things you normally have on-hand anyway (like your phone).
Your cell phone is the ideal device, because it's something you always have with you and it allows you to access email, text, voice, and app features that can be used for MFA. Any device capable of at least one of these can be used. So for example, a tablet can be set up with the authenticator app, or you can use a computer to access a separate email account to receive the verification code.
Students can follow these steps to enroll their Gmail accounts in 2-Step Verification.
Faculty/staff can follow these steps to setup multi-factor authentication in Office 365. This video demonstrates how to register for multi-factor authentication using the Microsoft Authenticator app.
When setting up your verification options, it is strongly recommended that you add at least two verification methods. For example, you can add your cellphone as one authentication method and the Microsoft Authenticator app as a second authentication method.
While a smartphone isn't required to use multi-factor authentication, using a smartphone is recommended because it's something you always have with you. Other devices like a tablet or landline phone (such as your office or home phone) can also be used with MFA but aren't recommended (because these are not things that you always have access to). For example, if you try to sign-in to Gmail or Office 365 from a computer in a hotel or public library, you won't be near your office or home phone to receive the verification code.
We strongly recommend setting up at least two authentication methods with MFA. This way you will have a backup method to choose from if one method is unavailable. For example, you could setup your smartphone for text verifications and your office and home phones to do callback.
If you lose your phone or suspect it's been stolen, you should contact the IT Help Desk immediately at 716-878-4357. The Help Desk can can create a time-limited Temporary Access Pass which will allow you to access the MFA setup page. This will allow you to add or update your MFA verification methods. While it's important that you contact the IT Help Desk if you lose your phone, remember that your password will still protect your account.
The Microsoft Authenticator app is designed to work internationally. If you are traveling to another country and won't have cellular service, you can configure the Authenticator app to generate an OATH verification code that can be entered (if and when you need to sign-in to your Office 365 account). If you will have cellular service while traveling, the Authenticator app can also be configured for push notifications (e.g. where you just need to tap 'Approve' on your phone if and when you need to sign-in to your Office 365 account).
Yes, MFA can handle international phone numbers. When you add your phone number on the MFA setup page (https://aka.ms/mysecurityinfo), select your country from the drop-down list and then enter your 10-digit phone number.
Currently, MFA sessions are set to expire after 30 days. This means that if you sign-in to one of the Office apps via the web and you answer "Yes" when you see the "Stay signed in?" prompt, you should only be prompted for your MFA verification code once within a 30 day period. Answering "No," however, means that you'll need to do the MFA verification again the next time you sign-in.
You should download the Outlook app from the Apple App Store and set up your account within Outlook. Outlook is the only app that Microsoft supports for this. Another option is to delete your Exchange account within the iPhone Mail app (tap Settings > Mail > Accounts > select your Buffalo State account and tap Delete) and then re-add it. This should resolve issues sending/receiving mail but is not officially supported.