Multi-Factor Authentication General Knowledge and Common Questions
KB0013205
What is Multi-Factor Authentication?
Why did UCF implement MFA?
What type of MFA applications does UCF use?
Microsoft MFA FAQs
Configure MFA for your account
Download and Install Microsoft Authenticator App
Configuring MS Authenticator - YouTube video
Add a New Device or MFA Method
Register FIDO2 Key
What methods of MFA does Microsoft support?
What if I lose the device I use for verification?
Recommended backup setting
Why am I receiving Microsoft Authenticator Notifications?
Why am I not receiving Microsoft Authenticator Notifications?
How Do I Use the Authenticator One-Time Password Code?
Does MFA protect my privacy and the privacy of my device?
Using MFA without Internet or while Traveling
Reactivating MFA Account
Lost, Forgot, Broke, Unavailable, or Locked Out of MFA Device
Duo MFA FAQs
Enroll your Mobile Device
iPhone Device
Android Device
Adding a New Device
Hardware Authentication Tokens (Such as a Yubikey) and Duo
What are MFA push notifications?
Why am I receiving push notifications?
Why am I not receiving push notifications?
Does MFA protect my privacy and the privacy of my device?
Using the Duo "Remember Me" feature
Using MFA without Internet/Traveling
How Do I Use the Duo One-Time Passcode?
Can I use an international number as a second factor in the MFA service?
Reactivating MFA Account
Lost, Forgot, Broke, Unavailable, or Locked Out of MFA Device
What is Multi-Factor Authentication?
Multi-Factor Authentication (MFA) combines something you know (your NID and password) with something you have in your possession like a unique one-time use code (sometimes called a “token”) or a smartphone application. There are several options available for your second factor authentication, such as:
- Using a mobile application to approve your access with a touch
- Receiving a text message with a one-time use temporary code
- Receiving a phone call on your landline or cellular phone
Why did UCF implement MFA?
Today’s sophisticated cyber security threats necessitate the use of strong authentication systems to protect the confidentiality, integrity, and availability of sensitive online information resources. The Information Security Office (InfoSec) and UCF IT implemented the MFA service to protect myUCF and other systems containing sensitive information. A system protected with MFA asks users to verify their identity two different ways during the sign on process. The university’s implementation of MFA includes all faculty, staff, and student employees.
What type of MFA applications does UCF use?
UCF currently supports both Duo and Microsoft Authenticator for MFA on an application-by-application basis. UCF ISO is undergoing a project to consolidate all applications under Microsoft MFA but at this time one may get requests from both MFA providers depending upon which applications are used. Once this consolidation project is complete all applications will use Microsoft MFA.
Configure MFA for your account
Log in with your nid@ucf.edu: https://aka.ms/mfasetup
Download and Install Microsoft Authenticator App
Configuring MS Authenticator - YouTube video
https://www.youtube.com/watch?v=Q8OzabuNwHI
Adding a new Device or MFA Method
The article below will explain the process. Please use your NID@ucf.edu account when following the steps below.
If you would like to go directly to the page to update your MFA options or to add a new method, you may select this page:
What methods of MFA does Microsoft support?
- Phone Sign-in: A version of two-factor verification that lets you sign in without requiring a password, using your username and your mobile device with your fingerprint, face, or PIN. You also have the option to verify a sign-in using a phone call or text messages.
- Passwordless: There is an option to have to enroll in “passwordless” authentication. After registering your account you will be prompted with a 2 digit code to enter into your authenticator. This requires less time to authenticate vs using one’s lengthy and complex password.
- FIDO2 Security Key: Security keys are considered a stronger verification method because they require a physical key. Security keys are a password-less sign-in method. A security key is a physical device that's used with a unique PIN to sign into your work or school account. These keys can be purchased at the UCF Technology Product Center and can be used as an alternative sign on method instead of using a smart phone.
What if I lose the device I use for verification?
In the event that your verification device is stolen, lost or no longer used, you can disable that device in the MS app settings. How to disable devices:
Manage your work or school account connected devices from the Devices page
UCF recommends allowing the authenticator app to backup its MFA settings in your device’s cloud storage account (compatible with Google and Apple cloud). To double check this setting, follow these steps:
- Open the Authenticator application
- Click on the eplipsies (three dots)
- Select “Settings”
- Scroll down to the Backup section
- Toggle Cloud Backup to “on” and make note of the recovery account.
Why am I receiving MS Authenticator Notifications?
You are receiving Microsoft Authenticator notifications because you have configured the Microsoft Authenticator app to work as one of your MFA methods- which is the fastest and easiest way to authenticate using MFA. These notifications only come when there is a login attempt using your credentials. If you are receiving notifications without attempting to log in, an unauthorized user may be trying to access your account. In the event of attempted unauthorized access, you should change your NID password and contact the Support Center at (407) 823-5117.
Why am I not receiving notifications?
Usually this is due to your device not being connected to a network. This article will cover a number of troubleshooting options:
More help can be found by contacting the Support Center at (407) 823-5117.
How Do I Use the Authenticator One-Time Password Code?
1 - Open the Microsoft Authenticator application on your mobile device
2 - Select the account you are logging in as
3 - A 6-digit 'One-time password code' number will appear
4 - Enter this password code when prompted to authenticate via the "Enter a code from my authenticator app" option and then click Next.
IMPORTANT: During registration one can register any MFA client (like Google Authenticator) but please note that UCF will only accept One-time password codes from MS Authenticator. Other clients will not give an acceptable code and authentication will fail. Please only register the MS Authenticator application for MFA when using UCF resources.
Does MFA protect my privacy and the privacy of my device?
Yes. The University of Central Florida takes your privacy very seriously. Please refer to the UCF Internet Privacy Policy for more information. In fact, the MFA Service (and the MS Authenticator application) never receives your NID password. Your NID password is stored on UCF servers and is not shared with third-party applications. MFA protects your privacy by making it harder to access sensitive online information resources. MFA only stores the information you provide it (e.g., phone number). The MS Authenticator application asks for certain permissions necessary to perform its job. These permissions are not intended to gather personal information. The following list explains the purpose of each permission:
Camera:
To scan the Quick Response (QR) Code issued when enrolling a new mobile device. After the enrollment process, the camera is no longer used and this permission can be disabled without causing the application to malfunction.
Full Network Access:
Utilizes internet access to send and receive MS Authenticator notifications.
View Network Connections:
Uses the device’s network information to verify unusual connections.
Using MFA without Internet or while Traveling
If your mobile device does not have an internet connection, but you previously enrolled it in the MFA MS Authenticator application, you can use it to generate a one-time six-digit passcode to authenticate to MFA protected resources.
A FIDO2 token (Such as a YubiKey) also does not require internet access for use.
You may need to reactivate your MFA account if you:
- Delete the MS Authenticator application from your mobile device
- Remove your UCF account from your MS Authenticator application
- Obtain a new phone that has the same phone number assigned to it
To reactivate your MFA account, please https://aka.ms/mfasetup and once logged in you may update or add devices as needed.
Lost, Forgot, Broke, Unavailable, or Locked Out of MFA Device
If your primary MFA device has been misplaced, left at home, broken, or otherwise can't be used to authenticate:
- If you have an additional device enrolled, use the second device to authenticate.
- If you have no other devices enrolled, call the UCF IT Support Center (407) 823-5117 to get assistance in enrolling another device after verbally verifying your identity.
https://guide.duo.com/enrollment
https://guide.duo.com/add-device can assist in adding a new device.
Hardware Authentication Tokens (Such as a Yubikey) and Duo
Hardware authentication devices or security keys, such as a Yubikey MFA device, are available through the UCF Technology Product Center as well as online vendors such as Amazon.
Below are a few links that answer some common security key questions:
What are MFA push notifications?
|
Duo Application Notification |
|
|
Lock Screen Duo Push Notification |
|
|
Apple Watch Notification |
|
|
Android Duo Push Notification |
|
Why am I receiving push notifications?
You are receiving Duo Push notifications because you opted to receive notifications as a part of Duo Push, which is the fastest and easiest way to authenticate using MFA. These notifications only come when there is a login attempt using your credentials. If you are receiving Duo Push notifications without attempting to log in, an unauthorized user may be trying to access your account. In the event of attempted unauthorized access, you should change your NID password and contact the Support Center at (407) 823-5117.
Why am I not receiving push notifications?
https://guide.duo.com/common-issues#no-pushes will be able to help with troubleshooting this issue. More help can be found by contacting the Support Center at (407) 823-5117.
Does MFA protect my privacy and the privacy of my device?
Yes. The University of Central Florida takes your privacy very seriously. Please refer to the UCF Internet Privacy Policy for more information. In fact, the MFA Service (and the Duo Mobile application) never receives your NID password. Your NID password is stored on UCF servers and is not shared with third-party applications. MFA protects your privacy by making it harder to access sensitive online information resources. MFA only stores the information you provide it (e.g., phone number). The Duo Mobile application asks for certain permissions necessary to perform its job. These permissions are not intended to gather personal information. The following list explains the purpose of each permission:
• Camera
∙ To scan the Quick Response (QR) Code issued when enrolling a new mobile device. After the enrollment process, the camera is no longer used and this permission can be disabled without causing the application to malfunction.
• Full Network Access
∙ Utilizes internet access to send and receive Duo Push notification.
• View Network Connections
∙ Uses the device’s network information to verify unusual connections.
Using the Duo "Remember Me" feature
Simplify signing in for the next 24 hours by checking the "Remember Me" checkbox. This will relax the requirement for MFA during any future logins during that period of time.
The "Remember Me" feature is dependent upon the following:
- Using the same computer and web browser for each session
- Having cookies enabled on your web browser
Please visit this link for more details on how to use "Remember Me":
https://help.duo.com/s/article/3915?language=en_US
Using MFA without Internet/Traveling
If your mobile device does not have an internet connection, but you previously enrolled it in the MFA Duo Mobile application, you can use it to generate a one-time six-digit passcode to authenticate to MFA protected resources.
How Do I Use the Duo One-Time Passcode?
1. Open the Duo Mobile application on your mobile device and tap the University of Central Florida green key icon
2. A 6-digit passcode will appear
3. Enter this passcode when prompted to authenticate by using the Passcode option
Can I use an international number as a second factor in the MFA service?
Yes. The UCF IT MFA service will support international phone numbers. When adding a new device in the Duo Self-Service portal just be certain to change the country to match the origin of the number.
You may need to reactivate your MFA account if you:
- Delete the Duo application from your mobile device
- Remove your UCF account from your Duo application
- Obtain a new phone that has the same phone number assigned to it
To reactivate your account, follow these steps:
- Using a Web browser on a computer, navigate to my.ucf.edu
- If you are an employee, then click the "Workday" link. If you are a student, visit a site that offers MFA protection such as UCF Apps.
- When prompted for Duo, click "My Settings & Device" (you may have to authenticate prior to reactivating your device)
- Select "Device Options"
- Search for the device you want to reactivate in the list
- Next to this device, click "Reactivate"
If your device has a camera, continue to step 7; otherwise, skip to step 8 - Scan the QR Code with your device
- Open the Duo app on your device
- Click the ‘+’ button to add an account
- Hold your device so the camera centers on the QR Code
- Once the QR Code is successfully scanned, the "Continue" button will be available on your computer
- Use the link to reactive your account
- Click "Continue" and follow the instructions to finish activating your device
Lost, Forgot, Broke, Unavailable, or Locked Out of MFA Device
If your primary MFA device has been misplaced, left at home, broken, or otherwise can't be used to authenticate:
- If you have an additional device enrolled, use the second device to authenticate.
- If you have no other devices enrolled, call the UCF IT Support Center (407) 823-5117 to get assistance in enrolling another device after verbally verifying your identity.