Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Version History

« Previous Version 2 Next »

General

What is Multifactor Authentication (MFA)?

Multifactor authentication (MFA) seeks to minimize the likelihood that others can access your data. Specifically, it enhances the security of your login information by using your phone, tablet or other device to verify your identity when you attempt to access Fairfield U's network and resources from an off-campus location.

It takes two items to access and update your information: “something you know” (like your password) and “something you have” (like your phone). For example, when you visit an ATM, one authentication factor is the ATM card you use to start the transaction - that’s the “something you have.” Next, you enter a PIN, which is the “something you know.” Without both of these factors, access will not be granted to your account.

Why Do I Need to Use MFA?

Passwords are becoming increasingly easy to compromise and they can be stolen, guessed, or hacked. New technology and hacking techniques combined with the limited pool ofpasswords most people use for multiple accounts means information online is increasingly vulnerable. In many cases, people do not realize when someone else has their password and their accounts are being accessed without authorization.

In addition, malicious emails are far too common and becoming increasingly difficult to recognize. It is easy to fall prey to these kinds of scams, most of which are used to steal account passwords. We have to take steps to ensure that we are more than just a single click away from having our paycheck stolen or becoming a victim of identity theft. Multifactor Authentication adds a second layer of security to your account to make sure that your account stays safe, even if someone else knows your password. This second factor of authentication is separate and independent from the username and password — MFA never uses or sees your password.

Who is eligible to use MFA?

The university’s implementation of MFA will include all faculty and staff.

Am I required to use two-factor authentication?

Once your NetID has been enrolled for the service, you will be required to use MFA when logging from an off-campus location into OWA (Outlook Web Access), VPN, and my.fairfield.edu.

MFA Service

Does MFA see my password?

No, the university system verifies your password with its internal systems as before, and never sends it to MFA. The MFA service only provides the second factor— “something you have.” In fact, MFA stores very little information—just enough so it can do its job.

What is the definition of “Off-Campus”?

Off-campus is anywhere other than:

  • Wi-Fi: FACSTAFF-S

All Guest Wi-Fi Networks are considered off-campus locations.

How does the MFA service work at Fairfield U?

Once you have signed up for MFA, when you attempt to access a protected university application from an off-campus location, you will be prompted to enter your username and password as usual (the first “factor”). You will then be taken to the MFA screen where you will select the device of your choice and the preferred method of verification—push notification, a phone call, or a passcode—you will use to verify that it’s you (the second “factor”).

What devices can I use for the second factor?

MFA lets you link multiple devices to your account, so you can use your mobile phone, a landline, and a hardware token, as your second factor.

When you are doing your initial setup, you may add as many devices as you like (landline and/or mobile). Subsequently, when you are logging in you can choose which device the authentication request is sent to and which authentication method you would like (via Duo Mobile App, SMS text message, or phone call).

How long does it take to enroll/register a device for MFA?

Typically, 5 minutes or less. ITS Help Desk can help with the setup process, if required

How many devices can I add?

There is no limit on the number of devices that can be added. We recommend that all users add
at least 2 devices, such as a cellphone/smartphone and a landline/desk phone.

Using MFA

How often do I need to use the second factor authentication?

You will be required to MFA every time you log in to the VPN service, when off-campus. When signing into OWA and my.fairfield.edu, you will have the option to remember your session for 24 hours. If you select this option, you will not be required to MFA on those services if you sign in again on the same device within 24 hours. This functionality is also browser based so if you switch browsers, the system will prompt you to MFA again even if you selected the option to remember your previous session.

Does it cost me money to authenticate with my phone?

“Push” authentication uses a very small amount of Internet data traffic to function (a few kilobytes per login). Text messages and voice calls are sent only when you request them, and would be billed by your carrier like any other text message or inbound voice call. The Duo mobile app also works like a token and will generate a passcode, this functionality will not require any data and works even when your smart phone is in “airplane” mode.

What if I forget my smartphone at home?

We encourage users to set up multiple authentication devices with MFA, so that when one method is unavailable, you have others from which to choose. For example, you could set up your smartphone for “push” and also your office phone and home phone to do callback. If none of your devices is available, contact the ITS Help Desk and they will be able to provide a one-time code after verifying your identity.

What happens if I lose my phone?

Contact the ITS Help Desk immediately if you lose your phone or suspect that it's been stolen.
The support specialist will disable it for MFA and help you log in using a one-time code. While it's important that you contact the Help Desk if you lose your phone, remember that your
password will still protect your account.

  • No labels

Contact the ITS Help Desk in the Library Room 230 or at (203) 254-4069 for assistance.