Passwords can be compromised. There is a more effective option for you to safeguard your computer account, university data, and personal information. Western is now offering Multi-factor Authentication (MFA) to the campus community.
Register for MFA
- BEFORE you register for MFA, please Verify/Change your authentication methods / contact info to make sure you have something other than just your office phone listed.
- If you have a mobile phone, set up the Microsoft Authenticator App. If you do not have a mobile phone, you may use another mobile device or a land phone line to do MFA. Note: you must be working in proximity to the phone in case you have to do MFA. Your third choice is to purchase a FIDO2 key. These may be purchased from any vendor. The key plugs into your hardware and gives you mobility. If you cannot do any of these methods, please fill out this request form for a University-supplied hardware device.
- After adding your additional verification method, click the opt-in to MFA now link and follow the instructions.
- The next time you sign into Western's Office 365 service (which also provides authentication to Canvas) you may be prompted to add or verify alternate contact information. Follow the instructions to complete.
Any faculty, staff, or student can opt-in to MFA now for the added security it provides. For those who don't opt-in, we will be rolling out MFA to staff during fall quarter and continue the process for faculty and students throughout the year. When MFA is deployed to your department, you will be prompted to set up MFA the next time you sign in to any of the services that use the Microsoft sign-in screen. At this point you must complete the setup process, but fortunately it takes only a few minutes. It is very similar to the process all faculty, staff, and students completed to register alternate contact information for Microsoft's Self Service Password Reset.
The setup process will guide you through adding an authentication phone number, and you will have the option of adding an alternate number and enabling the Authenticator app. Links at the bottom of this page will take you to Microsoft's step-by-step instructions for adding each option.
What is Multi-factor Authentication?
Multi-factor Authentication (MFA), sometimes called Two-factor Authentication (2FA), is a process that verifies your identity by requiring two authentication methods: something you know (password) and something you have (trusted device like a phone). This adds a layer of security because someone cannot access your computer account with just your password.
Once enrolled in MFA at Western, you will be prompted to 1) enter your firstname.lastname@example.org and password; and 2) authenticate with your second factor (one of the following):
- verification code or other notification sent to your Microsoft Authenticator app on your iOS or Android smartphone, tablet, or smartwatch;
- code sent via text message or voice call to your mobile phone;
- voice call to your landline (using a location-specific phone is not recommended unless you do not have a better option)
The Microsoft Authenticator app is strongly recommended, because you don't have to copy/paste any codes. You simply tap the APPROVE button on your smartphone or smartwatch. Installing the Authenticator app on a second device is also recommended just in case something happens to your primary device.
If the authenticator app, text message, or voice call are not good second factor options for you because you don't have a mobile phone, lack reliable cell service, or have other concerns, FIDO2 keys are a great option for strong security and can also be configured for passwordless authentication. You may purchase a FIDO2 key from any vendor, but it must be from a Microsoft-supported and compatible manufacturer. FIDO2 keys may be connected to your devices by USB, Bluetooth, or NFC. Most FIDO2 keys have a USB-A or USB-C connector and a subset of keys support Bluetooth and NFC. You will probably need a key that supports Bluetooth or NFC to support a mobile device. Before purchasing, verify that the key you choose will support authentication on all your devices. Feel free to contact the Help Desk to discuss these alternative second factor physical devices.
When will I need to enter a second factor? Will I have to do this every time I want to access my email, Office 365 apps, or Canvas?
You will need to provide a second factor when you access applications that use our Microsoft sign-in from off-campus or over a personal cellular data connection.
- Web apps will prompt you with your second factor periodically depending on various factors (e.g., security and privacy settings of your device or browser)
- Desktop and mobile apps, such as the Outlook app, will likely prompt you only when you need to re-authenticate due to events like a password change or major app update or reinstallation.
Web pages and apps that use the Microsoft sign-in include:
- Outlook desktop and mobile apps
- Skype for Business & Microsoft Teams
- Office 365 apps (Word, Excel, PowerPoint, etc.)
- G Suite
- CMM Contracts Module
What if I Have Problems?
Keeping your account, data, and identity safe is great but we recognize that using more than just a password might seem like an inconvenience and you might occasionally run into a problem. The Help Desk (email@example.com) is here to help you if you have questions or issues. We offer a number of links below that can also help answer your questions.
How to set up Azure Multi-factor Authentication (Short Video 3:37)
Set up authenticator app as your MFA authentication method (Document)
Verify/Change your authentication methods / contact info (Document)