Microsoft Authenticator - Frequently Asked Questions

 

Why is New Paltz using the Microsoft Authenticator system?

What is MFA?

How does the Microsoft Authenticator system work?

How do I get setup to use the Microsoft Authenticator?

What if I don't have a smart phone?

What if I change phones?

What if I'm travelling internationally?

Who will need to use the Microsoft Authenticator system?

Why is New Paltz using this system?

You may ask "Why is New Paltz is using the Microsoft Authenticator, or any other Multi-Factor Authentication (MFA)?".  There are a number of reasons.

  • Phishing: Phishing (fraudulent attempts to get people's username & password) has continued to be a significant problem both at New Paltz and at organizations worldwide.  Although the vast majority of these phishing messages are being blocked or marked as spam here at New Paltz (and many of our faculty and staff are fantastic about reporting these messages) some do get through.  At this point, the training and simulations are not a sufficient defense on their own.
  • Password reuse: Though we want all people to use a different password for all systems - we know that doesn't always happen.  People sometimes use the same password on multiple services.  When an external service gets compromised - the passwords used at that external site may be at risk.  They may be used to try to access other accounts, including those at New Paltz.  The same is true of common passwords.
  • Brute force attacks: Hackers are often trying to just 'guess' passwords.  They are doing this based on patterns of password.
  • General security issues: The number of attacks by criminal gangs against businesses, organizations, schools, and even individuals has been increasing greatly.  It seems that a week doesn't go by without a major ransomware attack.  Many ransomware attacks start with compromised computer accounts - often of just regular users.  Once they compromise one account (faculty, staff, or student) they can use that as a foot in the door to try to trick other users, or compromise other systems.

We have a duty to protect the data of our students, faculty, staff, alumni and donors.  Even an account of someone who does not have direct access to that data - can provide a criminal a level of access to the college which could lead to a further breach.  Because of this - we need to protect accounts with more than just a user name and password.

 

What is MFA?

Multi-factor Authentication systems are those that require at least two of the following factors (only the first two being used by New Paltz).

  • Something you know (such as user names and passwords)
  • Something you have (such as an app on a smart phone, or a small key chain token) which is tied to your account
  • Something you are (biometrics such as fingerprints - don't worry - we have no intention of using biometrics at New Paltz - though you may have this in place on your smart phone or tablet via fingerprint or face ID scans).

An account protected by MFA cannot be accessed by one of those factors alone.  Were someone to get my password - but not have my smart phone, they would be unable to access accounts protected with MFA.  Vice-versa, if someone had my phone but not my password, they would also be unable to access accounts protected with MFA.

MFA is increasingly used to protect data on systems such as financial/banking accounts, email, social media, or other systems which are at high risk for compromise for criminals.  New Paltz has implemented, and is expanding the usage of, MFA to better protect the sensitive data, systems, and accounts that our faculty and staff are entrusted with.

How does Microsoft Authenticator work?

When you first log in to college services (such as email) after you were added to the Microsoft system - you'll see a screen like the one below:


Prompt from Microsoft to setup MFA
 

When you click "Next" you'll have the choice of two authentication types: Mobile app and Authentication phone.  If you have a smart phone - we recommend the "Mobile app" option.

Prompt from Microsoft to choose phone or app option
 

If you choose the mobile app option

  • You will then have two other options:
    • "Receive notifications for verification" (meaning you'll get a pop-up on your phone which you'll have to confirm)
    • "Use verification code" (this means that when you log in - you'll have to go into the app and get the 6 digit code that it displays).
  • Choose one of these buttons (we recommend the first) and click Setup.  You will be shown a link to get the free Microsoft Authenticator app (for iPhone or Android) with instructions on how to setup the app, and a QR code to scan with your phone's camera.  Follow the instructions on-screen.
    screenshot showing the 'configure mobile app' screen - with a qr code and links to download the app
  • You'll be asked for your cell phone as a backup (in case you lose your phone, or get a new phone).

 

If you choose the phone option

  • Change where it says "Select your country or region" to "United States" (or the country where your cell phone number is from if you have an international number), then click Next.
    Screenshot of the phone setup page
     
  • You will get a text message with a six digit code.  Enter that to verify your login.

With either the app or text message option, you can reduce the amount of times you need to do this verification by clicking "Yes" when asked to "Stay signed in?".  This is not recommended for shared computers - and will not work in classrooms or computer labs on-campus as those are set to reset every time they restart.

How do I get setup?

Faculty, staff, and students, are automatically enrolled in the system within 24 hours of their account being setup here.  When you login to your New Paltz account for the first time you should be prompted to set it up.

What if I don't have a smart phone and cannot receive texts?

The Microsoft Authenticator system can work with a smart phone - or any phone that can receive text messages.

If you do not have a smart phone or any cell phone that can receive text messages - you can log in with a hardware security key.  Please contact our Service Desk (845-257-HELP or via servicedesk@newpaltz.edu) and let them know you do not have a smart phone or any cell phone that can receive texts.

 

What if I change phones?

If you changed phones - but still have the same phone number

If you change phones - but don't change your phone number - you can reactivate the Microsoft app yourself as follows:

  • When you see the Microsoft login prompt - click "I can't use my Microsoft Authenticator app right now"
  • Then click "Text +X XXX-XXX-XXXX" (the last two numbers will be shown) to receive a text message from Microsoft.
  • Enter the text message they send you.

Once you do that - you can reactivate the app on your new phone by going to: https://aka.ms/mfasetup.  At that site - you can choose "Set up Authenticator App" as well as set your preferred login option.

 

If you changed your phone number

If you changed your phone number and no longer can receive texts at the old phone number, please contact our Service Desk (845-257-HELP or servicedesk@newpaltz.edu) for assistance.

 

What if I am travelling internationally?

If you think of this before you travel - you want to make sure that you are setup with the Microsoft Authenticator app - not just the text message option.

With the app option - it will continue to work if you travel and even if you change cell phone number.  If you go overseas without setting up the app, you won't be able to login until you contact us for support.

If you aren't using the app (and are only getting text messages) setup the app on phone by going to: https://aka.ms/mfasetup.  At that site - you can choose "Mobile app" and follow the prompts to setup the app, as well as set your preferred login option.

 

Who will need to use the Microsoft Authenticator system?

All faculty, staff, and students, as well as recent alumni who still have their Office 365 accounts for ~9 months after graduation, will need to use this system.

 

Details

Article ID: 133154
Created
Thu 6/10/21 1:39 PM
Modified
Fri 7/1/22 11:48 AM