Multi-factor Authentication (MFA)

Multi-factor Authentication (MFA)

What is Multi-factor Authentication?

Multi-factor Authentication (MFA) is an approach to online security that requires you to provide more than one type of authentication for a login or other transaction.

Also known as 'Two-step Verification', MFA adds an extra layer of protection to your account and is used on a regular basis for many online transactions such as banking, shopping, or PayPal.

MFA requires you to authenticate using:

  1. Something you know: your username and password
  2. Something you have: a trusted device, such as your mobile phone, on which to receive and respond to verification requests

You must complete both authentication steps in order to access your University Microsoft 365 account when off campus or on eduroam.

Why do I need to use MFA?

Attackers are getting better at obtaining passwords (e.g. by phishing attacks). MFA adds a second layer of security to your account, making sure your account stays secure, even if someone else obtains your password. MFA is considered best practice by IT security and industry professionals.

When will I have to use MFA?

When using a device that is off campus - this includes on the eduroam network - you will be required to use MFA when logging into Microsoft 365 services (previously known as Office 365), such as Outlook (desktop client and web app), SharePoint Online and OneDrive for Business.

You will be required to use MFA when your sign-in properties are considered high risk or unusual. This includes logging in from a new location, a new device, or a new application. When this happens, you will be informed that something unusual was detected about your sign-in and prompted to verify your identity by completing MFA registration as shown below.

There are also circumstances where your user account might be considered high risk; for example, if there are suspicious activities detected or your account details have been leaked. If this happens, you will need to prove your identity by completing MFA with one of your previously registered methods. Additionally, since someone else may have had access to your account, you will be required to change your password.

Setting up Multi-factor Authentication

Multi-factor Authentication is fast becoming essential to secure cloud-based services. For this reason, you are required to set up MFA on your University Microsoft 365 account.

We recommend you set up two or more of these authentication methods:

  • Use the Microsoft Authenticator app on a mobile device (recommended)
  • Receive a code by text
  • Receive a call by phone

Toolkit Resource

The support resource on Toolkit has all the available written guides, video walkthroughs and further guidance:

Set-up Guides

Consult the user guide that corresponds to the authentication method that you want to use, more written and video guides are available on the Toolkit support resource .

MFA Fatigue Attacks

Multi-factor authentication (MFA) fatigue attacks are also known as MFA bombing or MFA spamming. This is a social engineering strategy where attackers repeatedly push authentication requests to your phone or registered device to overwhelm and trick you into approving access to your account.

If you receive a notification asking to approve a login and you are not accessing your account:

If you are unable to reset your password due to the volume of notifications, have further concerns or are looking for advice, please contact the IT service desk - chat online at myit.abdn.ac.uk or email
servicedesk@abdn.ac.uk .

FAQs