Question
What is MFA and why should I use it?
Answer
MFA stands for "Multi-Factor Authentication". For authentication, a factor is a way to confirm you are an authorized user. In the past, most authentication was done solely with a username and password. The password was the factor being used. There are three common types of factors:
- Something you know - typically a password or PIN
- Something you have - a smartphone or security key
- Something you are - a fingerprint or your face
MFA requires more than one factor to authenticate, for example: your password and a code provided on your smartphone.
Why Should I Use MFA?
Multi-factor authentication provides stronger security than a username and password alone. It provides added protection for both individuals and the MSU community. Even if someone manages to guess your password, they cannot access your account unless they also have access to your MFA credential.
Using MFA also gets you access to self-service and resetting your own password without any outside assistance. This enhances your productivity and keeps you able to access your account 24/7.
More information is available at: tech.msu.edu/network/authentication-authorization/
What Types of Credentials Does MSU Support for MFA?
MSU supports 4 types of MFA credentials:
- Okta Verify
- Install an app on your smart phone that automatically generates codes without needing wifi or cellular service. If connected to wifi/cellular, you can send a push command to approve the login and bypass entering a code [RECOMMENDED, efficient for end-users and more secure].
- SMS text messaging
- Receive codes via text to manually enter on the login site
- Voice Call
- Receive a phone call where the code is spoken for you to manually enter on the login site
- Security Key or Biometrics (Windows Hello, macOS Touch ID, etc)
- This method cannot be used to authenticate on the downloaded Big IP Edge client. You will need to use the web connection on vpn.msu.edu.
- Biometrics are device-specific. A biometric registered on one device can only be used to complete logins on that specific device. For example, a biometric registered on your laptop cannot be used to complete a login on your mobile phone or on a separate laptop.
Why Should I Register Two MFA Credentials?
Having a second MFA credential provides you with a backup in case you lose access to your primary method. For example, when you replace your smartphone, if the only credential you have is Okta Verify from the old phone, then you won't be able to log in without it and will have to contact the IT Service Desk for assistance removing the old credential.
Additional Info
For instructions how to register one of these as a MFA Credential for your account, see the following articles: