Passwords can be compromised. There is a more effective option for you to safeguard your computer account, university data, and personal information. Western is now offering Multi-factor Authentication (MFA) to the campus community. You can opt-in to MFA in the "How do I register for MFA?" section below.
What is Multi-factor Authentication?
Multi-factor Authentication (MFA), sometimes called Two-factor Authentication (2FA), is a process that verifies your identity by requiring two authentication methods: something you know (password) and something you have (trusted device like a phone). This adds a layer of security because someone cannot access your computer account with just your password.
Once enrolled in MFA at Western, you can verify your identify with the following steps:
- Enter your firstname.lastname@example.org and your WWU universal password
- After you enter a valid password, the recommended second factor would be one of the following:
- A verification code or other notification sent to your Microsoft Authenticator app on your iOS or Android smartphone, tablet, or smartwatch; or
- A code sent via text message or voice call to your mobile phone (using a location specific phone is not recommended)
The Microsoft Authenticator app is strongly recommended, because you don't have to copy/paste any codes. You simply tap the APPROVE button on your smartphone or smartwatch. Installing the Authenticator app on a second device is also recommended just in case something happens to your primary device.
If the authenticator app, text message, or voice call are not good second factor options for you because you don't have a mobile phone, lack reliable cell service, or have other concerns, you can consider touching a button on a FIDO2 USB security key (a thumb-drive sized device) or receiving a code sent to a hardware token (thumb-sized or credit card-sized device). Feel free to contact the Help Desk to discuss these alternative second factor physical devices.
When will I need to enter a second factor? Will I have to do this every time I want to access my email, Office 365 apps, or Canvas?
You will need to provide a second factor when you access applications that use our Microsoft sign-in from off-campus or over a personal cellular data connection.
- Web apps will prompt you with your second factor periodically depending on various factors (e.g., security and privacy settings of your device or browser)
- Desktop and mobile apps, such as the Outlook app, will likely prompt you only when you need to re-authenticate due to events like a password change or major app update or reinstallation.
Web pages and apps that use the Microsoft sign-in include:
- Outlook desktop and mobile apps
- Skype for Business & Microsoft Teams
- Office 365 apps (Word, Excel, PowerPoint, etc.)
- G Suite
- CMM Contracts Module
What if I Have Problems?
Keeping your account, data, and identity safe is great but we recognize that using more than just a password might seem like an inconvenience and you might occasionally run into a problem. The Help Desk (email@example.com) is here to help you if you have questions or issues. We offer a number of links below that can also help answer your questions.
How do I register for MFA?
- BEFORE you register for MFA, please Verify/Change your authentication methods / contact info to make sure you have something other than just your office phone listed.
- Add your mobile number and/or the Authenticator App as an additional verification method. If you do not have a mobile phone, we do not recommend registering for MFA at this time. We will soon post information about hardware tokens that can be used for MFA. The Authenticator App is recommended.
- After adding your additional verification method, click the opt-in to MFA now link and follow the instructions.
- The next time you sign into Western's Office 365 service (which also provides authentication to Canvas) you may be prompted to add or verify alternate contact information. Follow the instructions to complete.
Any faculty, staff, or student can opt-in to MFA now for the added security it provides. For those who don't opt-in, we will be rolling out MFA to employees, department by department, and to students throughout spring quarter. When MFA is deployed to your department, you will be prompted to set up MFA the next time you sign in to any of the services that use the Microsoft sign-in screen. At this point you must complete the setup process, but fortunately it takes only a few minutes. It is very similar to the process all faculty, staff, and students completed to register alternate contact information for Microsoft's Self Service Password Reset.
The setup process will guide you through adding an authentication phone number, and you will have the option of adding an alternate number and enabling the Authenticator app. The following links will take you to Microsoft's step-by-step instructions for adding each option:
How to set up Azure Multi-factor Authentication (Short Video 3:37)
Set up authenticator app as your MFA authentication method (Document)
Verify/Change your authentication methods / contact info (Document)