Alternative Multifactor Authentication Methods

Alternative Authentication Methods for Multifactor Authentication

While the Microsoft authenticator app on a mobile device is the method of authentication we recommend using, there are some instances where using the app is not possible. Some alternative methods are using the Microsoft authenticator on a smart device that isn't connected to a network using a one-time passcode (OTP), using a hardware security key (a.k.a. FIDO2 key) that is plugged into a computer physically, or using a text message or phone call sent at time of authentication. 

These options can be used in addition to the Microsoft Authenticator app to provide a backup form of authentication in the event your primary device is unusable. 

Configuring Alternative Methods

The Microsoft authenticator does not need a cellular or internet connection to function. The authenticator app can be setup on a tablet or other smart device running Android or iOS and use the rotating one-time passcode (OTP) to authenticate. This passcode is created using a combination of shared secret key and the current time in order to verify your identity.As long as the device's time is current regardless of time zone, your code will be valid.

To use this method follow the setup instruction for the Microsoft Authenticator. You will need to be connected to the internet in some way in order to download and install the app, but after it is installed, it can be operated completely offline. While the app will use online push notifications by default, the offline OTP passcode setup occurs automatically during registration. 

Receiving a text message or phone call is an option for authentication but is the least preferred. With a text message option, you will receive a one-time use passcode by text from Microsoft when logging in. The phone call option is similar but requires you to answer the phone call from Microsoft and press the # key. Both options are automated. This option exists for people that have a phone but do not have a smart device that can run the Microsoft authenticator. Configuration instructions can be found here for the phone call method and here for texting

A security key, also known as a FIDO2 key or hardware authenticator, is a physical device that is paired to your account and plugged into a computer you wish to log in on. This device works both online and offline and looks like a flash drive, plugging into the USB port of a computer. ATUS supports security keys for Windows and Mac based computers and laptops. Once you have obtained a security key, please follow the register a security key steps of instructions from Microsoft's support article here.

Students who do not have access to any mobile devices may fill out a form to request a security key.

Faculty and Staff may receive a security key through their department purchaser. 

Anyone may purchase a key themself and register it to their account. 
The keys we recommend are:

The main difference between the two is the method they use to connect to a computer. USB Type-A is the rectangle shaped connector while the USB Type-C is the rounded connector typically found on newer devices. From a security standpoint, both perform identically. 

Users must set up at least one (non-office phone number) before adding a security key if they are setting it up when off-campus. You can switch your default authentication method to your security key after completing the setup.

 

Selecting an Authentication method when signing in

If multiple Authentication methods are enabled on your account, you will have the option to select one when signing in. You will be presented with your primary authentication method first. Below that, click I can't use My Microsoft Authenticator app right now. The text may display slighlty differently if you don't use the Microsoft Authenticator as your primary source and may instead say sign in a different way.

Microsoft authentication prompt asking to approve sign on the Microsoft Authenticator with the link I can't use my Microsoft Authenticator App right now underlined to show which link to click.

After selecting the link you will be presented with the other options available for authentication on your account. The rotating one-time passcode (OTP) that can be used with your phone offline is the option called Use a verification code.

 

Multifactor authentication options available for the account shown as an example containing the options for using a verification code, a text message and a call to phone a number.