What is Multi-Factor Authentication (MFA)?
Multi-factor authentication (MFA) involves something you know (your username and password) and something you have (your phone). After you set up your multi-factor authentication, you will continue to use the same username and password, but you will also be prompted to provide an additional verification that you are currently trying to sign in. This extra layer of security prevents anyone but you from logging in to your account, even if they know your password. A common example would be a verification code sent via text to your cell phone when you try to log on, which you then have to enter before access is granted.
Why do I need this?
We are deploying MFA in response to a rise in the scope and sophistication of phishing and malware attacks that are targeting our faculty and staff. The high rate of successfully compromised passwords is a serious and pervasive threat to information security at OTC.
What devices are supported?
iOS smartphones and tablets
Android smartphones and tablets
Basic cell phones with and without text messaging capabilities
Landlines (desk phones)
It is strongly recommended that you add an additional device to your MFA setup to serve as a backup.
I don’t have a smartphone, basic cell phone, landline, tablet, hardware token, or I am unable to use MFA.
If you have concerns about meeting this requirement, please contact the Help Desk at 417-447-7548.
Where can I obtain a hardware token?
You can obtain a hardware token by contacting the OTC Help Desk at 417-447-7548.
I have a YubiKey, can I use this instead of a hardware token?
Yes. Yubikeys are allowed to be use with Microsoft MFA, but they are not officially supported by OTC. You can attempt to setup you key using Yubico's official documentation.
How often do I need to use MFA?
That depends on:
In general, you should be asked to authenticate every 8 hours per browser or app on each device
I was suddenly asked to provide MFA verification when I did not expect it. Why might that happen?
If you receive an MFA verification request when you are NOT attempting to log in to an OTC system, do not approve the request, or select DENY. In some cases, these requests could be initiated by someone attempting to gain access to your account. If you are concerned about this request, feel free to contact the OTC Help Desk.
I didn’t receive the text message or the verification times out.
Delivery of SMS messages are not guaranteed because there are uncontrollable factors that might affect the reliability of the service. If you often have problems with reliably receiving text messages, please try to use the Microsoft Authenticator app or a phone call instead. The mobile app can receive push notifications both over cellular or Wi-Fi connections. In addition, the Microsoft Authenticator app can generate verification codes when the device has no signal at all.
I have lost my device or can no longer use it to perform MFA verification.
If you have set up MFA on a device that was lost, stolen, or is otherwise no longer accessible, you'll need to call the Help Desk at 417-447-7548 to verify your identity and have your Multi-Factor Authentication reset.
Once reset, you will need to set it up again using this link: https://aka.ms/mfasetup
Alternatively, you will be prompted for setup through: https://portal.office.com
If you have NOT set up Multi-Factor Authentication, you may receive SAML and other authentication errors until you have completed the MFA setup when trying to log into MyOTC, Canvas, the OTC Help Desk site, and other OTC resources.
Why isn’t third-party email offered as an MFA verification method?
OTC is using Microsoft Multi-Factor Authentication service to provide MFA service. Microsoft does not support third-party email as a verification method for their MFA service. Microsoft's documentation website offers a list of supported authentication methods.
If I use my personal phone number for MFA, where does that phone number go? Can/will it be used for other purposes?
Phone numbers provided for MFA are stored by Microsoft. They are not used or transmitted to any other OTC service or system. See Microsoft’s privacy notice for more information on their privacy policies.
Can I use MFA without data and/or a text plan for my device?
The verification code option works without a data plan, text plan, or even a connection. Once installed the Microsoft Authenticator App can generate a verification code without the need for either a cellular signal or data plan.
If I authenticate using my personal phone (smart or cell) will I be charged?
Charges depend on your carrier and plan but are very nominal. The push notification is 2kb. The SMS text is standard text pricing. The phone call is the cost of a standard call. To avoid charges, you can use the Microsoft Authenticator app with verification codes.