Microsoft MFA | Frequently Asked Questions (FAQs)
What is Multi-Factor Authentication (MFA)?
Multi-Factor Authentication (MFA) is an additional layer of security added to the login process which requires you to utilize a two-step verification method. In addition to something you know (your password), you are required to verify your identity by providing something you have with you. This can be a phone or other compatible hardware device that is registered to your account.
Why is FVTC requiring me to use Microsoft Multi-Factor Authentication (Microsoft MFA)?
Multi-Factor Authentication (MFA) helps to better protect access to the sensitive information that may be contained within your account, such as personal details, financial data, or education records. MFA makes it more difficult for someone to gain access to your account without your permission, even if they've stolen or guess your password.
MFA has become the industry standard for responsible cybersecurity, and is increasingly becoming required to comply with insurability best practices and consumer protection legislation.
Fox Valley Technical College makes the security and protection of your sensitive information a top priority.
What authentication methods can I use for Microsoft Multi-Factor Authentication (Microsoft MFA)?
Fox Valley Technical College recommends and encourages the use of a smartphone with the Microsoft Authenticator app installed. This is a free app available for iPhone and Android devices. Each time you login, you can verify and approve the login attempt within the Microsoft Authenticator app and complete the verification "number matching" process.
You can receive a one-time password (OTP) code via text message each time you login.
You can receive a phone call each time you login and will need to answer and respond to the prompts.
You can utilize an Authenticator app on your smartphone to generate a one-time password (OTP) code each time you login. Examples include the Microsoft Authenticator app, the Duo Mobile app, and the Google Authenticator app.
You can generate a one-time password (OTP) code using a device called a Hardware Token each time you login. These devices can be obtained from the Fox Valley Technical College IT Helpdesk.
You can utilize a FIDO2 compliant hardware security key such as a YubiKey.
How do I install and setup the Microsoft Authenticator app on my smartphone?
Please follow along with this brief walkthrough video to install and setup the Microsoft Authenticator app on your smartphone:
Where do I get the Microsoft Authenticator smartphone app?
The Microsoft Authenticator smartphone app is available for free from the Apple App Store for iOS devices or the Google Play Store for Android devices. Download it on your smartphone here.
The correct app will look like this, and is provided by Microsoft Corporation:
How do I add my FVTC account to the Microsoft Authenticator app on my smartphone?
It is highly recommended to visit the webpage MFA.fvtc.edu and follow the prompts to + Add sign-in method and choose Authenticator app. It will guide you through the process to add the app and add your account. If you do this from a computer, you will need to scan a QR code from within the Authenticator app as follows:
If you opt to manually add your FVTC account directly to the Microsoft Authenticator app, please see the step-by-step guide here: Microsoft MFA | Manually add your FVTC account to the Microsoft Authenticator smartphone app
What is "number matching" in the Microsoft Authenticator smartphone app and how does it work?
Number matching within the Microsoft Authenticator app requires you to confirm and enter a number after responding to each push notification. When you respond to an MFA push notification using the Microsoft Authenticator app, you'll be presented with a number.
You will need to confirm the sign in attempt and type that number into the app. Tap "Yes" to complete the approval.
*Note: Number matching prevents a vulnerability called "MFA Fatigue" where threat actors gain access to secured systems by bombarding a user with repeated push notifications which ultimately get approved either by accident or out of annoyance with the nonstop notifications.
What if I don't have a smartphone?
If you do not have a smartphone and need to access Fox Valley Technical College systems that require Microsoft Multi-Factor Authentication (Microsoft MFA), you can register a cell phone number and receive a text message to your cell phone with a unique one-time password (OTP) code that you will need to provide at each login attempt. Or, you can register a landline or cell phone number and receive a phone call at each login attempt. Keep in mind that you will need to be able to answer and respond to the phone call each time you login.
You may also utilize a Hardware Token device which generates a unique one-time password (OTP) code each time you login. Please contact the Fox Valley Technical College IT Helpdesk to discuss and request this device.
What if I'm in an area with no cellular service or available Wi-Fi connection?
An Authenticator app on your smartphone (such as Microsoft Authenticator, Duo Mobile or Google Authenticator) can still be used, even if you're in an area without cellular service or Wi-Fi connection. Within the app, you can generate a one-time password (OTP) code which can function even if you're offline.
If you are prompted to approve a Microsoft Authenticator push notification and you are unable to do so due to lack of cellular service or Wi-Fi connection, click the option that says "I can't use my Microsoft Authenticator app right now".
Next, click the option to "Use a verification code"
On your phone, open the Microsoft Authenticator app and tap on your Fox Valley Technical College account.
You'll be presented with a one-time password (OTP) code that lasts for 30 seconds.
Enter this one-time password (OTP) code in the sign in prompt and click "Verify"
A Hardware Token operates entirely offline and is able to generate a one-time password (OTP) code without any cellular or Wi-Fi connection. Please contact the Fox Valley Technical College IT Helpdesk to discuss and request this device.
Are Apple Watch or Android wearable devices supported with the Microsoft Authenticator app?
Apple Watch and Android wearable devices (such as Samsung Galaxy Watch) are currently incompatible with Authenticator's number matching security feature. For this reason, the Authenticator app must be opened from your smartphone to complete the number matching prompt.
What if I forget to bring my smartphone (or other authentication method) with me and still need to login?
Please call the Fox Valley Technical College IT Helpdesk at (920) 735-5644 to request a Temporary Access Pass. This is a limited-access password code which can be used for only up-to 8 hours.
What if my phone number changes or I lose or replace my smartphone (or other authentication method)?
Please visit the webpage MFA.fvtc.edu to manage and update your Microsoft MFA authentication methods. More information can be found here: Microsoft MFA | How to manage your Microsoft MFA authentication methods
If you are unable to complete the two-step verification required to access this site, please contact the Fox Valley Technical College IT Helpdesk for assistance.
What is a Hardware Token and how do I use it?
A hardware token (sometimes referred to as an authentication token) is a small battery-operated device that fits on your keychain. It has a small screen and one button—each time you press the button, a unique one-time password (OTP) code is generated and displayed on the screen.
To use this device, you will login to the online system that requires Microsoft MFA. After entering your password, you may be prompted to select your two-step verification method. Click or tap "Use a verification code".
On your Hardware Token, press the button to generate a unique one-time password (OTP) code. Enter this code at the prompt and click or tap "Verify".
A Hardware Token can only be used to generate a one-time password (OTP) code once every 30 seconds. Each OTP can be used only once. The battery in a Hardware Token is estimated to last three to five years, after which point the device must be replaced.
Individuals may have only one Hardware Token assigned to their account.
Why are FVTC Employees being switched from Duo to Microsoft MFA?
Microsoft MFA is included in Fox Valley Technical College's Microsoft 365 subscription license, and a consistent experience for all users is desirable. There are a a small handful of systems which are incompatible with the technology needed to implement Microsoft MFA, so Duo will continue to be utilized on those systems by FVTC Employees only until those systems are updated or eliminated.
How do I contact the Fox Valley Technical College IT Helpdesk?
Please call (920) 735-5644 or email firstname.lastname@example.org.