Multi-factor authentication (MFA) is a key tool for protecting your information online. You can think of MFA as “something you know and something you have.” For University purposes, “something you know” refers to your NetID and password and “something you have” is a timed, unique code generated just for you.
At Syracuse University, MFA helps to prevent the unauthorized use of NetIDs and passwords by ensuring that only the account owners themselves can access their accounts. Microsoft’s MFA is currently enabled for all faculty, staff and students accessing SUMail, Office365 applications, MySlice and, as of Dec. 20, Blackboard.
Here are some answers to frequently asked questions about MFA.
Why do we use MFA?
MFA is an excellent method for enhancing user account security. With MFA enabled, a prospective thief would need access to both your password and a device you’ve configured with MFA to steal your information.
How do users log in using MFA?
Users have the fastest and easiest access to systems enabled with MFA if they use the Microsoft Authenticator App for Android, iOS or Windows Phone. If you need to manage your Microsoft Two-Factor Authentication (2FA), you can find instructions for doing so on the First-Time Setup for Microsoft Multi-Factor Authentication page on Answers.
It seems like MFA doesn’t work consistently. Sometimes I have to authenticate. Sometimes I don’t.
There are a number of variables that go into determining when you will see a prompt for MFA. The biggest predictors are the device you are using to access the system and the window of time required between authentications. We are working to consolidate systems into a common framework, which should enhance the user experience.
With the recent change to MySlice MFA on certain University machines, I haven’t had to use MFA as much. Is this still secure?
Yes, the changes we’ve made continue to provide a high level of security while increasing usability. As always, we encourage our community to be vigilant. If you see anything that looks odd, please email itsecurity@syr.edu.
Why does MFA keep changing?
The University works diligently to keep up with a rapidly shifting IT security landscape. Changes are often proactive attempts to protect systems and services from attacks other institutions have reported. The community should expect periodic changes to IT security practices, including MFA requirements, as new threats emerge.