Microsoft Authenticator - Frequently Asked Questions


Why is New Paltz going to use the Microsoft Authenticator system?  We already have Duo.

What is MFA?

How does the Microsoft Authenticator system work?

How do I get setup to use the Microsoft Authenticator?

What if I don't have a smart phone?

What if I change phones?

Who will need to use the Microsoft Authenticator system?

Why is New Paltz planning to use this system?

You may ask "Why is New Paltz is using the Microsoft Authenticator, Duo, or any other Multi-Factor Authentication (MFA)?".  There are a number of reasons.

  • Phishing: Phishing has continued to be a significant problem both at New Paltz and at organizations worldwide.  Although the vast majority of these phishing messages are being blocked or marked as spam here at New Paltz (and many of our faculty and staff are fantastic about reporting these messages) some do get through.  At this point, the training and simulations are not a sufficient defense on their own.
  • Password reuse: Though we want all people to use a different password for all systems - we know that doesn't always happen.  People sometimes use the same password on multiple services.  When an external service gets compromised - the passwords used at that external site may be at risk.  They may be used to try to access other accounts, including those at New Paltz.  The same is true of common passwords.
  • Brute force attacks: Hackers are often trying to just 'guess' passwords.  They are doing this based on patterns of password.
  • General security issues: The number of attacks by criminal gangs against businesses, organizations, schools, and even individuals has been increasing greatly.  It seems that a week doesn't go by without a major ransomware attack.  Many ransomware attacks start with compromised computer accounts - often of just regular users.  Once they compromise one account (faculty, staff, or student) they can use that as a foot in the door to try to trick other users, or compromise other systems.

We have a duty to protect the data of our students, faculty, staff, alumni and donors.  Even an account of someone who does not have direct access to that data - can provide a criminal a level of access to the college which could lead to a further breach.  Because of this - we need to protect accounts with more than just a user name and password.

We have been using the Duo system in some way for protecting students, faculty, and staff for the past few years now.  With the login changes that happened July 2021, we have an opportunity to move to the Microsoft system instead of Duo.  It works much the same as Duo - but the costs are significantly less.  It will also be easier to use and sign up for (as it supports some older smart phones than Duo - and can be used with text messages even if you don't have a smart phone or don't want to install another app).

What is MFA?

Multi-factor Authentication systems are those that require at least two of the following factors (only the first two being used by New Paltz).

  • Something you know (such as user names and passwords)
  • Something you have (such as an app on a smart phone, or a small key chain token) which is tied to your account
  • Something you are (biometrics such as fingerprints - don't worry - we have no intention of using biometrics at New Paltz - though you may have this in place on your smart phone or tablet via fingerprint or face ID scans).

An account protected by MFA cannot be accessed by one of those factors alone.  Were someone to get my password - but not have my smart phone, they would be unable to access accounts protected with MFA.  Vice-versa, if someone had my phone but not my password, they would also be unable to access accounts protected with MFA.

MFA is increasingly used to protect data on systems such as financial/banking accounts, email, social media, or other systems which are at high risk for compromise for criminals.  New Paltz has implemented, and is expanding the usage of, MFA to better protect the sensitive data, systems, and accounts that our faculty and staff are entrusted with.

How does Microsoft Authenticator work?

When you first log in to college services (such as email) after you were added to the Microsoft system - you'll see a screen like the one below:

Prompt from Microsoft to setup MFA

When you click "Next" you'll have the choice of two authentication types: Mobile app and Authentication phone.  If you have a smart phone - we recommend the "Mobile app" option.

Prompt from Microsoft to choose phone or app option

If you choose the mobile app option

  • You will then have two other options:
    • "Receive notifications for verification" (meaning you'll get a pop-up on your phone which you'll have to confirm)
    • "Use verification code" (this means that when you log in - you'll have to go into the app and get the 6 digit code that it displays).
  • Choose one of these buttons (we recommend the first) and click Setup.  You will be shown a link to get the free Microsoft Authenticator app (for iPhone or Android) with instructions on how to setup the app, and a QR code to scan with your phone's camera.  Follow the instructions on-screen.
    screenshot showing the 'configure mobile app' screen - with a qr code and links to download the app
  • You'll be asked for your cell phone as a backup (in case you lose your phone, or get a new phone).


If you choose the phone option

  • Change where it says "Select your country or region" to "United States" (or the country where your cell phone number is from if you have an international number), then click Next.
    Screenshot of the phone setup page
  • You will get a text message with a six digit code.  Enter that to verify your login.

With either the app or text message option, you can reduce the amount of times you need to do this verification by clicking "Yes" when asked to "Stay signed in?".  This is not recommended for shared computers - and will not work in classrooms or computer labs on-campus as those are set to reset every time they restart.

How do I get setup?

Since August 2021, we have been focusing on getting students, faculty, and staff who were not in Duo, into this new system.  As of October 12th, 2021, all faculty, staff, and students who are not already in Duo will be in the Microsoft system.

We will then start switching students, faculty, and staff, who are already in Duo to the Microsoft system.  We'll be in communication in advance to anyone before switching them over.

What if I don't have a smart phone?

The Microsoft Authenticator system can work with a smart phone - or any phone that can receive text messages.

If you do not have a smart phone or any cell phone that can receive text messages - you can log in with a hardware security key.  We are still sorting out these options for the Microsoft system - so for now anyone who does not have a compatible smart phone, or a phone that can receive text messages, will have to be on Duo.

For now - if you're prompted to sign up for the Microsoft Authenticator system and you don't have a smart phone or any phone that can receive text messages, please email us at and we'll get an alternate login method setup for you.


What if I change phones?

If you changed phones - but still have the same phone number

If you change phones - but don't change your phone number - you can reactivate the Microsoft app yourself as follows:

  • When you see the Microsoft login prompt - click "I can't use my Microsoft Authenticator app right now"
  • Then click "Text +X XXX-XXX-XXXX" (the last two numbers will be shown) to receive a text message from Microsoft.
  • Enter the text message they send you.

Once you do that - you can reactivate the app on your new phone by going to:  At that site - you can choose "Set up Authenticator App" as well as set your preferred login option.


If you changed your phone number

If you changed your phone number and no longer can receive texts at the old phone number, please email for assistance.


Who will need to use the Microsoft Authenticator system?

As of December 2021, we have around 1/3 of all faculty/staff/students on the Microsoft system.  By the end of the Spring 2022 semester, we expect that all faculty, staff, and students, will be using the Microsoft Authentication system. 

We are working on switching people over to the new system gradually so as to avoid any support issues.




Article ID: 133154
Thu 6/10/21 1:39 PM
Tue 12/7/21 1:49 PM