Multi-factor authentication (MFA) - FAQs

Multi-factor authentication, also referred to as "Two-Factor Authentication" or “Two-Step Verification,” is a technology designed to protect your accounts from hackers by requiring you to provide two pieces of information when signing into a website or application. After you set up MFA, you’ll sign in to your account in two steps using:

Something you know, like your password

Something you have, like your phone

Example: You sign in to a website or application with your username and password (credentials) from a computer you've never used before. This action generates a verification code sent to a phone that you authorized. You enter the code to complete the sign-in process. 

More Information: What is Multi-factor Authentication (source: Microsoft); Two Factor Auth (2FA) (source: BrainStation). 

Many institutions rely on web-based systems today, such as Office 365 and Gmail, to share files and information. This includes higher education institutions, which have become one of the prime targets of phishing and ransomware attacks in recent years. Multi-factor authentication (MFA) is vital in the protection against these types of attacks, as a single password is no longer sufficient in preventing unauthorized access to campus resources and data.   

Multi-factor authentication will be enabled for all faculty, staff, emeriti, campus community members, and student accounts. 

Microsoft MFA will provide an overall better user experience and a more secure environment for the campus community.

By using Microsoft MFA, you will be prompted much less compared to using the current Duo MFA system. With Microsoft MFA, users can expect to be prompted to MFA every 2 weeks when accessing Fredonia online services.

If you don't set up multi-factor authentication (MFA) before the deadlines listed above, the next time you sign in to a site that requires Microsoft MFA verification, you will be prompted to start the registration process.

All SUNY Fredonia web applications that currently require MFA.

If you have questions about multi-factor authentication, you can contact the ITS Service Center at ITS Service Center or (716) 673-3407.

After setting up MFA, anytime you sign in to your account from a new device (from off campus), you'll be prompted to confirm the sign-in using the verification method you selected during the setup process. For example, if you choose to use an authenticator app like Microsoft Authenticator, the app will generate a random code that you will use to complete the sign-in process.

Your cell phone is the ideal device because it's something you always have with you and it allows you to access email, voice, and app features that can be used for MFA. Any device capable of at least one of these can be used. So for example, a tablet can be set up with the authenticator app, or you can use a computer to access a separate email account to receive the verification code.
NOTE: You are strongly encouraged to set up at least two methods of authentication. To do this, follow this guide on Adding Multiple Sign-in Methods to Microsoft MFA.

Please follow these steps to set up multi-factor authentication. This video demonstrates how to register for multi-factor authentication using the Microsoft Authenticator app.

How to register for Microsoft Entra Multi-Factor Authentication

Important: Please note that SUNY Fredonia does not permit the use of text messaging codes for MFA. SMS MFA intercept attacks pose a significant threat because they can bypass the additional layer of security provided by MFA.

When setting up your verification options, it is strongly recommended that you add at least two verification methods, but certainly as many as you can, to provide a backup method if you do not have your primary method available. For example, you can add your cellphone as one authentication method and the Microsoft Authenticator app and/or your office landline as a second authentication method. To add sign-in methods, follow this guide on Adding Multiple Sign-in Methods to Microsoft MFA.

While a smartphone isn't required to use multi-factor authentication, using a smartphone is recommended because it's something you always have with you. Other devices like a tablet or landline phone (such as your office or home phone) can also be used with MFA but aren't recommended as the primary method because these are not things that you always have access to.
For example, if you try to sign in to Gmail or Office 365 from a computer in a hotel or public library, you won't be near your office or home phone to receive the verification code. 

You are encouraged to register at least two authentication methods, but we strongly recommend setting up more authentication methods with MFA. This way you will have a backup method to choose from if one method is unavailable. For example, you could set up your smartphone for push verifications and your office and home phones to do callback. 

If you lose your phone or suspect it's been stolen, you should contact the ITS Service Center immediately at 716-673-3407. The ITS Service Center will remove your MFA methods and reset any sessions that might be open which will allow you to access the MFA setup page to add new MFA verification methods.

The Microsoft Authenticator app is designed to work internationally. If you are traveling to another country and won't have cellular service, you can configure the Authenticator app to generate an OATH verification code that can be entered (if and when you need to sign in to your Office 365 account). If you will have cellular service while traveling, the Authenticator app can also be configured for push notifications (e.g. you just need to approve the app prompt on your phone if and when you need to sign in to your account).

Yes, Microsoft MFA can handle international phone numbers. When you add your phone number on the MFA setup page, select your country from the drop-down list and then enter your 10-digit phone number. 

You can choose to have the authenticator app remember your device and browser for 14 days. You need to check the box next to “Don’t ask again for 14 days” before you approve the sign-in request. You should only be prompted for your MFA verification code once within 14 days in that device and browser.

It depends on which hardware token you are using”

If you are using the Duo-branded button token, we could issue an appropriate replacement if you need to continue using a hardware token with Microsoft MFA.

Employees who have been issued a Yubico USB hardware token could continue to use the token if they wish by installing the Yubico Authenticator app on their computers and registering it in their account as an additional authentication option for Microsoft MFA. Follow the instructions found at Using YubiKeys with Azure MFA OATH-TOTP.

No, we are not able to support personal security keys at this time.

To add/modify/remove additional sign-in methods, or to change the default method, access your Account Security info at My Sign-Ins, select Add sign-in method and follow the prompts. For more detailed information, please read this guide on Adding Multiple Sign-in Methods to Microsoft MFA.

There is an option on some browsers to automatically clear cookies and other site data whenever you close the browser. This is why Microsoft MFA doesn’t “remember” that you checked this option. Please follow this article to change your browser settings.

If your browser settings are correct, and the 14 days option is still not working, please note that the 14 days will only apply to the specific computer and browser you are using. For example, if you check this option on your laptop, and then sign in on a lab computer within 14 days, you will still have to use Microsoft MFA on the lab computer. If you sign in on Google Chrome and then sign in again on Microsoft Edge within 14 days, you will have to verify with Microsoft MFA on Microsoft Edge. This is a feature of all secure multi-factor authentication software.

Some common two-step verification problems seem to happen more frequently than any of us would like. Microsoft Support put together this article to describe fixes for the most common problems.