Multi-Factor authentication (MFA) - FAQs

Summary

Frequently asked questions related to multi-factor authentication (MFA)

Body

Table Of Contents

General Questions

·         What is multi-factor authentication (MFA)?

·         Why is CCS using MFA?

·         Who will use multi-factor authentication (MFA)?

·         Which CCS systems will require multi-factor authentication (MFA)?

·         Who do I contact for help with multi-factor authentication (MFA)?

Using multi-factor authentication

·         How does multi-factor authentication (MFA) work?

·         What devices can I use multi-factor authentication (MFA)?  

·         I'm staff. How do I setup multi-factor authentication in Office 365?

·         How many devices should I add?  

·         What if I forget my smartphone at home?  

·         What happens if I lose my smartphone?   

·         What if I cannot get a signal on my phone?

·         How often will I be prompted for my verification code?

·         Is MFA required when I log into Canvas, Munis, or Infinite Campus?

·         I don’t want to use my personal device. Can I set up my office phone?

·         What if I cannot get a signal on my phone?

·         I want to add an additional method or change the default method.  How do I make changes to my MFA configuration?

·         I delegate another staff member’s mailbox; how will this work if MFA is turned on for both of us?

 

General Questions

What is multi-factor authentication (MFA)?

Multi-factor authentication, also referred to as "Two-Factor Authentication" or “Two-Step Verification,” is a technology designed to protect your accounts from hackers by requiring you to provide “two” pieces of information when signing into a website or application. After you set up MFA, you’ll sign-in to your account in two steps using:

·         Something you know, like your password

·         Something you have, like your phone

Example: You sign-in to a website or application with your username and password (credentials) from a computer you've never used before. This action generates a verification code sent to a phone that you authorized. You enter the code to complete the sign-in process.

Why is CCS using MFA?

Many institutions rely on web-based systems today, such as Office 365, to share files and information. This includes K12 school districts, which have become one of the prime targets of phishing and ransomware attacks in recent years. Multi-factor authentication (MFA) is vital in the protection against these types of attacks, as a single password is no longer sufficient in preventing unauthorized access to campus resources and data.

Who will use multi-factor authentication (MFA)?  

Multi-factor authentication will be enabled for all staff accounts.

When will CCS implement multi-factor authentication (MFA)?

The MFA project has already begun deployment to all admin sites. IT is planning to implement MFA to the rest of the district at the beginning of the 23/24 school year.

Which CCS system will require multi-factor authentication (MFA)?

Most district websites will eventually require users to use multi-factor authentication (MFA) when signing in.  This will include sites like Microsoft 365 and Munis, and likely more applications in the future.

Who should I contact for help with multi-factor authentication (MFA)?

If you have questions about multi-factor authentication, you can open a ticket and select “Multi-Factor Authentication” from the drop down menu, or call 614-365-8425, email CCSHelpDesk@columbus.k12.oh.us.

Using multi-factor authentication

How does multi-factor authentication (MFA) work?

After setting up MFA, anytime you sign-in to your account from a new device (away from the district), you'll be prompted to confirm the sign-in using the verification method you selected during the setup process. For example, if you chose to have a code texted to your phone, you will be prompted to enter this code to complete the sign-in process. Or, if you chose to use an authenticator app like Microsoft Authenticator, the app will generate a random code that you will use to complete the sign-in process. This way, a lost or stolen password is basically inconsequential, and the same MFA settings that protect your account from outsiders also simplify things like password resets, as the system has a way to confirm your identity using things you normally have on-hand anyway (like your phone).

What devices can I use with multi-factor authentication (MFA)?

Your cell phone is the ideal device, because it's something you always have with you and it allows you to access email, text, voice, and app features that can be used for MFA. Any device capable of at least one of these can be used. So for example, a tablet can be set up with the authenticator app, or you can use a computer to access a separate email account to receive the verification code.

I'm staff. How do I setup multi-factor authentication in Office 365?

Staff can follow these steps to setup multi-factor authentication in Office 365. This video demonstrates how to register for multi-factor authentication using the Microsoft Authenticator app.

How many devices should I add? 

When setting up your verification options, it is strongly recommended that you add at least two verification methods. For example, you can add your cellphone as one authentication method and the Microsoft Authenticator app as a second authentication method.

What if I forget my smartphone at home? 

We strongly recommend setting up at least two authentication methods with MFA. This way you will have a backup method to choose from if one method is unavailable. For example, you could setup your smartphone for text verifications and your office and home phones to do callback.

Please contact the Service Desk at 614-365-8425 and we can assist you with a one-time, temporary passcode to access your account. This will be a randomly generated passcode and it will only work for a specific period of time.

How often do I have to provide a second factor (use my phone) to log in?

The short answer is anytime that you type in your password, you may have to use a second factor.

Currently, MFA sessions are set to expire after 30 days. This means that if you sign-in to one of the Office apps via the web and you answer "Yes" when you see the "Stay signed in?" prompt, you should only be prompted for your MFA verification code once within a 30 day period. Answering "No," however, means that you'll need to do the MFA verification again the next time you sign-in.

Is MFA required when I log into Canvas, Munis, or Infinite Campus?

Not currently, but IT is working to set up MFA on all web applications.  For now, users will be prompted just using Office 365 applications.

I don’t want to use my personal device. Can I set up my office phone?

Yes, but you can only use an office phone if you’ve been assigned a 9-digit number.  You cannot use extensions.  The ideal situation would be the use of a personal device for MFA. 

DO NOT: Register the main school line or an extension as one of your security options, because the call may not reach your desk phone.

Please Note: If you work from home, and you don’t have access to your office phone, you may not be able to do the second verification step. Log into the Unified Communications Self Care Portal to setup call forwarding. 

We can provide a FIDO2 USB key if your desk phone or setup a WebEX Soft Phone.

Contact your Site Tech and schedule setup.

What if I cannot get a signal on my phone?

A: Use the MS Authenticator app; it will show a 6-digit one-time code.

I want to add an additional method or change the default method.  How do I make changes to my MFA configuration?

All options related to your MFA options are accessible from My Account (microsoft.com). Go to Security Info > Update Info > Click + Add Sign Method or “Default sign-in method “Change.”

I delegate another staff member’s mailbox; how will this work if MFA is turned on for both of us?

 If you are truly a delegate for another user's mailbox, you shouldn't have any issues related to MFA. If you have added this user's mailbox to your Outlook and you have to enter their password to view their mail, then you are not actually set up as a delegate; you are simply logging into their email. If the latter is the case, you will need to be set up as a delegate; This is done from within the mailbox of the other user's Outlook. Contact support for more information.

Details

Details

Article ID: 4696
Created
Wed 5/3/23 1:38 PM
Modified
Thu 3/21/24 11:08 AM

Related Services / Offerings

Related Services / Offerings (1)

Multi-Factor Authentication (MFA) is an additional way of confirming your identity.