Multi-Factor Authentication (MFA)


 

Password plus proof of 2nd authentication gives you access to service with more security

 

Passwords are no longer considered to be the most secure way to protect digital data and services. Instead, many organizations are adding a second layer of security in addition to a password. Often this layer involves using something that a user physically has such as a smartphone or hardware token. An example of this is online banking where you can have a code sent to your cell phone. This is called multi-factor authentication (MFA) and it is being used at SUNY Oswego. 

In the spring and summer of 2022, MFA was enabled for many campus applications including Brightspace, myOswego, and Zoom.  In the spring of 2023, Google MFA, also called, 2-step verification was turned on for LakerApps, our Google suite of Gmail, Calendar, Drive, Classroom and associated collaboration applications such as Google Chat and Meet.  

How do I get started setting up Google MFA?

  1. Configure Google MFA to receive notifications on a phone (Video)
  2. Configure one or more of the following as a second method to receive notifications:
    1. Google backup codes (this is a great option as it does not rely on a phone; just print the codes and keep them in a secure spot)
    2. Google prompts
    3. Microsoft Authenticator

I've set up Google MFA, now how does it work?

The next time you login to Google, you will be prompted for your password and for your MFA credentials.  If the device is one you use regularly you can opt to "trust" the device and you will stop getting prompted.  If it is a device you don't use regularly or a public computer, make sure the option to "trust" the device is unchecked as it will be checked by default.  Using Google MFA documentation includes more details on how it works.

Using MFA with other campus applications

Some other campus applications also use another version of MFA that needs a separate configuration.  These applications include Brightspace, myOswego. Banner, and more.  Please use this section of the website for configuring MFA to use those applications.

How do I get started setting up MFA for other campus applications?

Start by setting up your second layer of authentication from your laptop or desktop computer. Once you set this up, MFA will be available for you to use after 4:30 pm that same day excluding weekends. 

The available options for your second layer of authentication include the following. We recommend setting up multiple ways in case you get stuck using one way.  For example, employees could set up the Microsoft Authenticator app and your office phone. That way if you happen to forget your smartphone, you could still receive a code on your office phone.

  • The Microsoft Authenticator app installed on your smartphone.  

  • A code texted to your cell phone, 

  • A code called to your cell phone, office phone, or an alternative phone. 

If you need assistance setting up MFA, you can also call, email, or stop by the CTS Help Desk during our normal business hours. 

FAQs

What are the preferred options for MFA?

We recommend choosing at least two options that are not both tied to your smartphone. Due to its security, we recommend the Microsoft Authenticator app as one of these options. The other option could be something that doesn’t use your smartphone. For example, you could set up the Microsoft Authenticator app and your office phone number.

I live in an area with poor cellular signal.  What can I do?

The Microsoft Authenticator app does not require an Internet or cellular connection in order to use it. We recommend that option.  You could also use your home phone number as your alternative phone.  

What if I set up MFA on my smartphone and I lose it or forget it?

Make sure you have set up alternative phone numbers that could be used such as your office phone.  If you have no other ways of authenticating, you can contact the CTS Help Desk for assistance.