Multi-factor authentication for students
With cybersecurity threats becoming increasingly sophisticated, Concordia is joining institutions around the world in adopting multi-factor authentication (MFA) to help keep the digital assets, information and user identities of our community safe.
What is multi-factor authentication (MFA)?
In a nutshell, MFA means using something besides a single username and password to access your account. Once enabled, whenever you sign into your Concordia account you will be prompted to provide a second factor after providing your username and password.
Your second factor is a code generated by the Microsoft Authenticator app. The Microsoft Authenticator app provides push notifications to your mobile device at sign in and can be downloaded to your mobile device for free from Google Play or Apple Store. For detailed instructions on setting up MFA, please see instructions below.
Should you wish to use an alternative MFA method to sign into your accounts, you can choose to have SMS messages sent to your mobile phone or receive an automated voice phone call provide you with a second factor to access your accounts. For detailed instructions please see below.
Key Benefits
Key benefits of MFA include greater cybersecurity and a reduced risk of having your accounts accessed by someone other than yourself. MFA will protect logins for the following accounts:
- Microsoft 365 applications (Productivity Suites). This includes, but is not limited to, MS Teams, MS Outlook, SharePoint and OneDrive.
- Student Information System (SIS)
MFA will be progressively enabled on all Microsoft 365 accounts during summer 2022. It is strongly recommended that you opt in today.
Setting up MFA
To set up multi-factor authentication you must first approve activation on your accounts. To activate MFA:
Step 1: Sign in to your My CU Account in the Student Hub.
Step 2: Go to your Personal Information and Accounts tab.
Step 3: Go to My Accounts and Setting and hit the “Activate Multi-factor authentication (MFA)” button on top.
Activation will take approximately four hours after which you can configure your devices.If you wish to use the Microsoft Authenticator app, please select which type of mobile phone (or tablet) you are using for a step-by-step guide on how to configure MFA to your account.
If you prefer to receive an SMS message or an automated phone call, please select the SMS/Home phone option for a step-by-step guide on configuring MFA using these methods.
FAQ
Typically, web applications are protected with a username and password only (single-factor). This leaves sensitive data and applications vulnerable to a variety of common attacks. As Concordia adopts more online cloud applications, addressing these threats becomes critical. Unlike older desktop applications, cloud applications are accessible to anyone online. MFA is designed to protect you against attacks that rely on stealing your single-factor credentials. With MFA, someone knowing your password isn't enough to grant them access your account.
As we’ve shifted towards using more online applications out of necessity, there has been a major increase in both the volume and complexity of cyber-attacks against Concordia accounts. The need to strengthen our systems and credentials is critically important to combat the increasingly regular campaigns designed to obtain the passwords of Concordia community members.
Passwords can be obtained by cyber criminals via a variety of methods. Even if you choose a secure password and practice good cyber hygiene, your password can still be obtained by other means outside of your control.
No, you should still follow Concordia’s password guidelines and use a password that is at least 12 characters in length, contains a mix of uppercase and lowercase characters, contains at least one integer and one special character. Additionally, do not re-use your password for other accounts and services.
You will be prompted to confirm your identify via your second factor every time you log into a Microsoft 365 service (Outlook, Teams, OneDrive) through a web browser.
When using applications that access your Microsoft 365 account, such as desktop or mobile installs of Outlook, Teams or OneDrive, you will receive an MFA authentication request. This will only happen the first time the application attempts to perform a sync with MFA. Once your devices and applications are synced you will not be prompted again for two months.
MFA will protect logins for the following accounts:
- Microsoft 365 applications (Productivity Suites). This includes, but is not limited to, MS Teams, MS Outlook, SharePoint and OneDrive.
- Student Information System (SIS)
What should I do if:
Please contact the Service Desk by email at help@concordia.ca or by phone at 514-848-2424, ext. 7613.
First setup MFA on your new phone/tablet before relinquishing possession of your old phone/tablet. MFA can be set up on multiple devices at the same time.
Once your new device is configured, erase the contents of your old device if it is being discarded.
If this is not possible, please contact the Service Desk by email at help@concordia.ca or by phone at 514-848-2424, ext. 7613.
Don’t worry, your account is safe. A phone/tablet alone is not enough to log into your account. Please contact the Service Desk by email at help@concordia.ca or by phone at 514-848-2424, ext. 7613.
If you were the victim of theft while on campus, please report the incident to Campus Security & Emergency Services at 514-848-3717. They are available 24/7.
Authy is a free mobile and desktop app. It generates secure 2-step verification tokens on your device.
1-Download the Authy application at https://authy.com/download/. Select the version related to your device.
2-After the download is completed, launch the Authy application, and you will be prompted to activate the application by providing a telephone number. You can use your home phone or a trusted phone number for the activation.
3- Click on the drop-down menu for selecting the country code of your phone number and input the phone number with the area code on the right. And then click Submit.
4-Select the Receive Call option
5- You will receive a phone call to the number you provided, follow the prompts on the call and complete the activation.
6- Before performing any configuration on the application, please visit https://aka.ms/mfasetup from your computer. Sign in using your Concordia email address.
7- You should be redirected to the Concordia login page, with your email address already filled in. Enter your password and click ‘SIGN IN.’
8-Click ‘Next.’ If MFA is not yet enabled on your account, you will not see this message and will advance right to the next step.
9- Change the selected method from ‘Authentication phone’ to ‘Mobile app.’
Select ‘Use verification code’ and click ‘Set up.’
10- You will be presented with a QR code. Click on ‘Configure app without notifications’ right next to the QR code. And then copy the code displayed in the ‘Secret key’ field and switch back to the Authy application.
11-On the Authy application, click on ‘+’ Sign, paste the code you copied previously from the ‘Additional security verification’ page into the box, and then click on ‘Add account’.
12-Provide a name on the ‘Account Name’ textbox and select a preferred color. Leave the default ‘Token length’ at 6-digit, and then click on ‘Save’.
13- You should now see a 6-digit authentication code from the Authy application.
Use this code for the MFA login
Recommended step:
It is strongly recommended that you setup a master password on your Authy application to protect the 2-step verification tokens.
Please visit the support webpage from Authy for more information of how to setup a password to protect your Authy.
Disclaimer: Authy is only supported by the IT Service Desk on a best efforts basis; for certain issues you may need to contact Authy directly
