葫芦影业

IT Projects

centre for learning building located on the Kelowna campus

Get started with MFA!

By using multi-factor authentication (MFA), your digital identity, data and access to 葫芦影业 systems will be protected even if your username and password is compromised.

Multi-factor Authentication (MFA) at 葫芦影业

Starting in May, 葫芦影业 will begin rolling out to all faculty, staff, and students for Microsoft 365 and 葫芦影业 applications.   

Currently, 葫芦影业 M365 accounts only require a username and password to gain access to applications.  When the password is compromised, anyone using that username and password will have access to all the applications and data the rightful user is entitled to have. 

What this will mean is that when 葫芦影业 end users access the Microsoft 365 suite of products through their 葫芦影业 credentials, individuals will be required to set up multi-factor authentication to confirm they are who they say they are. 

This will include applications such as the following: 

  • Microsoft Outlook 

  • Microsoft 365 applications: Word, Excel, PowerPoint, OneDrive, and other 葫芦影业 authorized applications from the Microsoft portal 

  • Microsoft Teams, SharePoint 

For more information on the implementation timeline, please click here

Implementation timeline

Phase 0: Proof of Concept

February and March

  • Through February and March IT Services has implemented infrastructure changes as well as testing of our accounts.  

Phase 1: High-Risk Users Roll-out

April

  • Phased approach of applying MFA to certain user groups (鈥渉igh-risk鈥 users) for Microsoft 365 services. 

Phase 2:  Remaining Administrative Staff 

June - December

  • Remaining administrative staff will be using MFA for Microsoft 365 services. 

Phase 3: Faculty & Instructors

January - March 31, 2023

  • Faculty and Instructors will be using MFA for Microsoft 365 services.

Phase 4: 葫芦影业 Student Accounts

January - TBD 2023

  • All 葫芦影业 students will be using MFA for Microsoft 365 services.

Phase 5: 葫芦影业 Applications

TBD

  • MFA will be required when accessing any and all 葫芦影业 applications.

For more information on the implementation timeline, review the document. 

Commonly asked questions

MFA is a technology designed to enhance the security of the identity validation process.

Your identity information is your user name, which is validated by your password (first factor of authentication).

葫芦影业 will be requiring an additional factor by way of an application on your mobile device or a hardware token.

There are three factors that can be considered when multi-factor authentication is involved, and two of the three items must be able to be verified. The three things are as follows

  • Something you know (like a password)
  • Something you have (like a mobile device, or a hardware token)
  • Something you are (like your facial pattern, or your fingerprint)

In order to have a successful MFA login two (or in some cases all three) factors must be use to verify your identity.

  • Currently, only your password is used to verify that it鈥檚 you are logging in with your 葫芦影业 computing ID.
  • With MFA, you鈥檒l enter your password as you currently do, and then will be asked to verify your identity with the authenticator app on your mobile device, or enter a time-based code from a hardware token.
  • Even if an attacker obtains your password, they won鈥檛 be able to complete the login process without the time-based code.  This is how MFA acts as an additional layer of defense to protect against unauthorized access to your data.

鈥淢ulti-factor鈥 refers to using two or more independent items to verify your identity, typically:

  1. Some you know (i.e. your 葫芦影业 username and password), and
  2. Something you have (i.e. a time-based password from your mobile device/hardware token).

This creates a layered defense, preventing further unauthorized access from your 葫芦影业 account if your password is compromised.

You can set-up MFA using one of two methods below:

  1. The Microsoft Authenticator mobile app
  2. Generate a digital code using a token

Implementing MFA is rated as the number one activity an organization can do to improve their IT security posture. 葫芦影业 has been impacted by compromised accounts. 

MFA has many benefits including enhancing 葫芦影业鈥檚 security.  By requiring users to identify themselves by more than just a username and password, we are significantly reducing the risk of malicious attacks and cyber identify theft.

MFA reduces the risk of a security breach and sensitive data stays protected.  It also ensures security for personal, institutional, and research data.  The reality is that with any organization including 葫芦影业, employees do fall for phishing scams and do share passwords.  If 葫芦影业 does not roll out MFA, we are left vulnerable to attacks and one of the biggest security threats today is the risk of compromised credentials.

MFA will be rolled out college-wide to active faculty, staff, and students starting mid-May.  You will receive an email notice to your 葫芦影业 email account with detailed instructions a few days before your account will be affected.

Once MFA has been applied to your account, you will be prompted to set up MFA to access Microsoft 365 applications and related systems.

You may need to MFA more often under certain circumstances, such as connecting from public wi-fi, travel, unusual locations or IP addresses, new devices, accessing new services, or other detected risk factors.

In those cases you will be asked to provide your MFA verification code to verify your identity before granting access, to keep your account safe.

Opt in now to set up MFA

First, select the device you are planning to use for MFA.  葫芦影业 recommends installing and using the Microsoft Authenticator mobile app, as it provides both online push notifications and offline authentication code options for sign-in, which is useful if you are travelling abroad without data.   If you do not have a smartphone, you must use a hardware token.

The Microsoft Authenticator takes up very little space on your phone, cannot control your device, and you can choose to use the app without using your data plan.

Next, for the best experience, you will need the following equipment for your MFA set up:

  1. The device you are planning to use for MFA (i.e. your mobile device or hardware token), and
  2. A laptop/desktop to assist with the enrollment.
  3. Refer to the applicable user guide below (Mobile Device or Hardware Token).

Mobile Device

  • It鈥檚 more convenient
    • Estimated 5-minute setup experience to complete the enrollment.
    • No additional devices to carry with you; most individuals already keep their mobile devices close by.
    • Authenticator mobile app benefits:
      • Lightweight app (i.e., approximately equivalent to the size of a photo)
      • No personal info collected/tracked
      • No internet/data connection needed to function
      • Free of charge to use
      • Well-known and reputable vendor
    • Other mobile app options available; many free apps are available on the app store that supports 葫芦影业's MFA.
  • MFA code can only be accessed by authorized individual of the mobile device
    • If lost or stolen, your mobile device may have biometric or other protections (e.g., your phone's passcode lock) that further protect your MFA codes from unauthorized access.

Hardware Token

  • It鈥檚 less convenient
    • Need to obtain a physical token by purchasing or submitting a to begin the enrollment process.
    • An additional device to carry with you; can be easily misplaced due to the small size.
    • Non-serviceable, non-rechargeable battery with limited life span.
    • No display backlighting: may be more difficult for some individuals to see codes.
    • More prone to "invalid code" errors; hardware tokens run on their own built-in timing devices to generate codes that may fall out of synchronization with 葫芦影业鈥檚 MFA servers. If this occurs, you will need to contact the IT Service Desk for a reset.
  • MFA code is displayed on the token and no authorization is needed to access the code
    • If lost or stolen, a hardware token has no further protections in place to prevent unauthorized access to your MFA codes.
    • You would need to immediately report a lost/stolen hardware token to the IT Service Desk to request its deactivation.

Contact Us

Have questions?  Check out our .

Still have questions?  Contact the IT HelpDesk.