This article contains detailed information about what Multi-Factor Authentication (MFA) is, initial setup, the different verification methods available and how to choose which ones to use, how to use it, and how to change your existing methods.
Contents:
Multi-Factor Authentication (MFA) is a security technology that helps protect your account from potential compromise by requiring the use of more than just a username and password to prove your identity during log in. Specifically, Middlebury requires the use of MFA to protect your Middlebury and GMHEC accounts.
Multi-Factor Authentication helps safeguard your Middlebury and GMHEC accounts from online criminals who would steal your credentials and use them to launch cyber attacks from our technology services and/or steal sensitive and confidential information. This helps protect not only you, but everyone else in the Middlebury and GMHEC spheres.
Use of MFA brings the following benefits:
-
Enhanced security for your account and your personal information
-
Better protection for the systems and data you access
-
A more secure way to recover a lost Middlebury password
-
Passwords that never expire!
YES! You can still use Multi-Factor Authentication, even without a smartphone. If you have any type of cell phone, you can opt to receive texts (no need to reply - just read the codes). If you only have a landline or otherwise cannot receive texts, you can opt to receive a voice call instead. Hardware tokens can also be provided for individuals without a phone—please contact the Helpdesk for assistance.
ITS enables MFA on all accounts and shares setup details in your initial account activation email. Follow the instructions given to set up the authentication methods you wish to use with your account. If you cannot find these instructions, you can also see our MFA Setup Guide (go/mfaguide/). You may find it helpful to watch a short video (2.26 min) to see how the setup process looks with a mobile device.
Important: Any device you wish to use to configure MFA must have a working network connection for setup.
If you have already set up your initial MFA methods and are looking to change the methods you currently have, please see How? under Changing your MFA Settings below.
The Microsoft Authenticator app is the recommended method for MFA, and provides the smoothest experience for travelers. Refer to our Microsoft Authenticator App article (go/mfaapp/) to learn how to download and set up the app.
Here are descriptions of the most common scenarios, along with our MFA setup recommendations for each one. Please visit our
MFA Verification Methods article for specific details about all available options and how they work.
Scenario A: I have a Smartphone, and I rarely travel in areas without cellular coverage.
- Choose Microsoft's Authenticator app with notifications.
This method is recommended when you have a device that supports Microsoft's Authenticator app and you will be in areas with consistent network access. A two-digit number will be displayed when you log into a service, and you simply enter that number into the Authenticator app and click Yes to approve the login. If you have phone sign-in enabled, you can often streamline your login process, bypassing the need to provide your password. Caution! Only approve a login when you have signed into a service you anticipate will trigger an authentication prompt.
Network access (cellular, ethernet, or wifi) IS required for the MS Authentication app to provide a notification.
Scenario B: I have a Smartphone, and I travel internationally and/or travel in areas without cellular coverage.
- Choose Microsoft's Authenticator app with a code.
This method is recommended when you have a device that supports Microsoft's Authenticator app and you will be in areas without consistent network access. When presented with an MFA prompt, you will need to input the 6-digit code displayed by the Authenticator app to complete your login.
Network access is NOT required for the MS Authentication app to provide you with a code.
Scenario C: I have a Flip or Feature phone.
- Choose Phone then specify Call or Text.
This method is recommended when you have a device that doesn’t support the Microsoft Authenticator app. When presented with an MFA prompt, you will either have to receive a phone call and press # when prompted, or receive an SMS text message and enter the provided code in order to complete your login.
Travel to areas without cellular coverage is not supported by this method.
Once you complete your MFA set up, here is what to expect:
When you log in to an MFA-protected service (such as Outlook or Google) with your username and password, you must verify your identity a second way. After correctly entering your Middlebury email address and password, you will be prompted to verify your login request. This prompt, also referred to as a "challenge", could be in the form of a phone call, text message, or mobile app notification or code, depending on the option you specified when setting up MFA. Refer to our MFA Verification Methods article for specifics about what to expect.
Important notes:
-
During the login process, you can click the checkbox to remember my device for 30 days. With this setting enabled, you may not be prompted again for Multi-Factor Authentication from that application on that device for another thirty days. Please note that some services will prompt for authentication every time, regardless of whether you selected this option or not.
-
If you ever receive an authentication prompt that you did NOT initiate yourself, do NOT allow it! This could be someone else attempting to access your account. Instead, please immediately go to go/mfasetup/ and change your password. If you have any other concerns or problems, please contact the Helpdesk by calling 802-443-2200.
Here are the most common reasons why you might want to change your MFA settings:
Tip: If you will be getting a new phone that uses the same number, make sure to set your MFA to text on the setup page before you switch. This will allow you to answer the first MFA prompt when downloading the Authenticator app on your new phone.
Here are the steps to change your MFA methods:
-
Visit go.middlebury.edu/mfasetup.
-
You will receive an MFA prompt through your current default method.
-
On the Security Info page (shown below)...
-
Your default method for receiving MFA prompts will appear at the very top, above the list of all authentication methods.
-
You'll see links to the right of each listed method that allow you to change or delete entries you set up previously.
-
If you were using the Microsoft Authenticator app on a device you no longer can or plan to use, click Delete beside the device entry to remove it.
-
To add a new method, click + Add method, choose the method you want, and follow the instructions that appear.
