MFA

MFA, sometimes referred to as two-factor authentication or 2FA, is a security enhancement that allows you to present two pieces of evidence – your credentials – when logging in to an account. Your credentials fall into any of these three categories: something you know (like a password or PIN), something you have (like a smart phone), or something you are (like your fingerprint). Your credentials must come from two different categories to enhance security – so entering two different passwords would not be considered multi-factor. You probably already use MFA, some example include:

Swiping your bank card at the ATM and then entering your PIN (personal ID number).
Logging into a website that sends a numeric code to your phone, which you then enter to gain access to your account.

MFA helps protect you by adding an additional layer of security, making it harder for bad guys to log in as if they were you. Your information is safer because thieves would need to steal both your password and your phone..

When should I use MFA? Whenever possible, especially when it comes to your most sensitive data.

Primary email
Financial accounts
Health Records

MFA FAQ

What is MFA?

Multi-Factor Authentication (MFA) refers to an additional layer of security that is added to the login process.

MFA relies on two forms of authentication: something you know, and something you have with you. The something you know is your password. The something you have with you can be a mobile device or hardware token. This means that even if your password is hacked, your account will remain secure.

What are my authentication options?

You will be able to choose multiple authentication methods when you register, which you can change or update at any time. They include:

Google Prompts to Gmail or Google app on your phone (push notifications),
Google Authenticator App
Voice or Text Messages
Printable backup codes
Security key (hardware token)

App Links:

OIT recommends using push notifications to your phone as this is the easiest way to do MFA. It is also recommended to register additional methods for use as a backup.

Is MFA required?

Yes. Staff and faculty who have access to Gmail are required to use MFA.

Why are we moving to MFA?

Many banks, online services, universities, colleges, and K-12 School Districts across the world are now moving to Multi-Factor Authentication for enhanced security. Passwords can be easily broken with today's technology and hackers come up with new ways to access your data and private information, every day. We’re moving to Multi-Factor Authentication because it will better protect our systems and our data by adding an extra layer of security.

What if I forget my phone or lose my hardware token?

It's important to register multiple MFA options from the start but if you are stuck and can't login, please visit OIT or call x2957 and you will be provided a backup code. We may have you verify your identification.

How do I enroll in MFA?

Go to https://myaccount.google.com/
Select Security from the menu on the left
Scroll down and select 2-Step Verification
Follow the on-screen instructions

You can also follow these step-by-step instructions.

Why should I use my personal device to setup MFA?

Smart Phones are unique to you. This helps to ensure your account can only be accessed by the person in possession of your phone. Even if someone has your username and password, they would not be able to access your Google account without your personal device.

Can I use Google Voice to receive codes?

Using Google Voice is not recommended. If you use Google Voice to receive verification codes, you can easily create a situation where you’ve locked yourself out of your account. For example, if you are signed out of your Google Voice app, you might need a verification code to get back in. However, you won’t be able to receive this verification code because it will be sent to your Google Voice, which you can’t access.

Page updated

Report abuse