Multi-factor authentication for faculty and staff
Keeping your information safe
Setting up multi-factor authentication on role accounts
In recent months, Concordia has onboarded all faculty and staff personal accounts to multi-factor authentication (MFA). As a second phase, role accounts will begin to be onboarded to this service starting in July 2021.
With cybersecurity threats becoming increasingly sophisticated, Concordia is joining institutions around the world in adopting multi-factor authentication (MFA) as a way to keep their employees’ digital assets, information and user identities safe.
Key benefits include greater cybersecurity and a reduced risk of having your account accessed by someone other than yourself.
What is multi-factor authentication (MFA)?
- In a nutshell, MFA means using something besides a single username and password to access your account.
- Like many banks, Concordia will now require you to sign into your Microsoft 365 accounts (Outlook, MS Teams, OneDrive) using a two-step process. You will first sign in with your Concordia username and password, followed by a prompt generated through the Microsoft Authenticator app which can be downloaded to your mobile device from Google Play or Apple Store. For detailed instructions please see below.
- Should you wish to use an alternative MFA method to sign into your Microsoft 365 accounts, you can choose to have SMS messages sent to your mobile phone or receive an automated voice phone call provide you with a second factor to access your accounts. For detailed instructions please see below.
If you do not want to use your mobile phone (or you do not have one), please fill out this form to notify IITS.
Setting up MFA
If you wish to use the Microsoft Authenticator app, please select which type of mobile phone you are using for a step-by-step guide on how to configure MFA to your account.
If you prefer to receive an SMS message or an automated phone call, please select the SMS/Home phone option for a step-by-step guide on configuring MFA using these methods.
Typically, web applications are protected with a username and password only (single-factor). This leaves sensitive data and applications vulnerable to a variety of common attacks. As Concordia adopts more online cloud applications, addressing these threats becomes critical. Unlike older desktop applications, cloud applications are accessible to anyone online. MFA is designed to protect you against attacks that rely on stealing your single-factor credentials. With MFA, someone knowing your password isn't enough to grant them access your account.
As we’ve shifted towards using more online applications out of necessity, there has been a major increase in both the volume and complexity of cyber-attacks against Concordia accounts. The need to strengthen our systems and credentials is critically important to combat the increasingly regular campaigns designed to obtain the passwords of Concordia faculty and staff.
Passwords can be obtained by cyber criminals via a variety of methods. Even if you choose a secure password and practise good cyber hygiene, your password can still be obtained by other means outside of your control.
No, you should still follow Concordia’s password guidelines and use a password that is at least 12 characters in length, contains a mix of uppercase and lowercase characters, contains at least one integer and one special character. Additionally, do not re-use your password for other accounts and services.
No. The transition to MFA seems onerous but in practice it is minimally disruptive and constitutes only a small change to your login process. It is a small investment with a huge return. IITS is here to support you through this change and help you resolve any issues and answer any questions or concerns you may have.
You will be prompted to confirm your identify via your second factor every time you log into a Microsoft 365 service (Outlook, Teams, OneDrive) through a web browser.
When using applications that access your Microsoft 365 account, such as desktop or mobile installs of Outlook, Teams or OneDrive, you will receive an MFA authentication request. This will only happen the first time the application attempts to perform a sync with MFA. Once your devices and applications are synced you will not be prompted again for two months.
Any application that accesses your Microsoft 365 account. For most individuals, this is Outlook and MS Teams.
MFA protection will be extended to VPN logins in 2021. This change will be communicated to you in advance.
Please contact the Service Desk by email at firstname.lastname@example.org or by phone at 514-848-2424, ext. 7613. Please note that the first hardware key is provided free of charge, much like staff ID cards. Replacement hardware keys will cost approximately $40, again much like staff ID cards.
Don’t worry, your account is safe. The security key alone is not enough to log into your account. Please contact the Service Desk by email at email@example.com or by phone at 514-848-2424, ext. 7613. If you were the victim of theft while on campus, please report the incident to Campus Security at 514-848-3717.
First setup MFA on your new phone before relinquishing possession of your old phone. MFA can be set up on multiple phones at the same time. Once your new phone is configured, erase the contents of your old phone. If this is not possible, please contact the Service Desk by email at firstname.lastname@example.org or by phone at 514-848-2424, ext. 7613.
If you are travelling for work or vacation and need to access your Concordia account, you will need to have your second factor with you (Smartphone or hardware key).