Multi-factor Authentication (MFA) for students implementation plan and FAQ

Multi-factor authentication (MFA) helps protect your account by adding an extra step to verify that you are who you say you are when you log on. In addition to your password, your account will be protected by “something you have,” such as a smart phone, mobile phone or a security key. This helps prevents hackers from gaining access to your account even if they know your password.

MFA is being launched for students on an opt-in basis on March 8, 2022.

It is strongly recommended that you opt-in before it is made mandatory on May, 17, 2022. Once MFA is mandatory it will need to be enabled before you can access your email, Loris, Zoom, MyLS, and other key IT systems. 

Frequently Asked Questions (FAQ)

We've collected some questions you may have during the MFA implementation, including topics such as: 

• About MFA
• Implementation and registration
• Account security and privacy
• Managing your MFA

If you have any additional questions, visit the Multi-factor Authentication (MFA) for Students page or contact the ICT Service Desk.

About MFA

Why do I need this / What are the benefits of MFA?

Hackers will always try to get our passwords, whether through phishing attacks, guessing attacks or by compromising other websites. MFA provides you the peace of mind that, even if your password is compromised, the hackers will not be able to access and use your account to further their attacks.

How does MFA work?

After you register for MFA, you will be prompted to provide your second factor authentication the first time you log in. You will not be asked to assert your second factor again when you log on from that device and in that location for approximately when you log on from that device and in that location for 90 days (about 3 months). You will be asked to assert your second factor if you change locations or log in using a different device.

Does it cost me money to use MFA with my smart or mobile phone?

Text messages are sent only when you request them and would be billed by your carrier like any other text message or inbound voice call. The Microsoft Authenticator app push notification method uses very little cellular data and will use Wi-Fi if available. The Microsoft Authenticator app software token method does not require an internet connection, and as such, does not incur any expense.

What if I do not have a data plan on my phone or a connection?

The Microsoft Authenticator app software token method does not require an internet connection and does not use cellular data. You can use it even your device is in airplane mode.

Will using MFA slow down the performance of my applications?

No. MFA does not cause any slow down to the performance of your applications.

Is there an easy way to sign out of all trusted devices when a trusted mobile device is lost?

Yes, log onto Microsoft’s Office portal. Go to Security Info, View Account and click on sign out everywhere.

How is MFA being implemented?

ICT is currently working on the enterprise rollout of MFA. The following chart provides an overview of the phased implementation plan.

Implementation and Registration

Am I required to use MFA?

All Laurier students, faculty and staff are required to implement MFA on their Microsoft and single sign-on (SSO) services/applications by Spring/Summer 2022. A rolling implementation for students will begin in March 2022, with information and support to be shared in advance and throughout the Winter semester.

Why are we adopting MFA now?

As we’ve shifted towards using more online applications out of necessity, there has been a major increase in both the volume and complexity of cyber-attacks against Laurier accounts. The need to strengthen our systems and credentials is critically important to combat the increasingly regular campaigns designed to obtain the passwords of our community members.

Do other universities use MFA to authenticate staff, faculty, or students?

Yes, other universities and colleges are using MFA to better protect their data and accounts.

Can I use the MFA app internationally?

Yes, you can use the MFA app internationally.

How long does it take to enroll/register a device for MFA?

Only a few minutes. It is very easy!

When I am going through the registration process, I am prompted to select either my personal account or my work/school account, which one should I select?

Select “work or school account.”

Can my parents or guardians set up MFA on my behalf using their smartphone? 

It is recommended that you set up MFA using a device that you regularly have access to enter the app or SMS message code as your second factor of authentication. Laurier does not recommend that you use someone else’s (parent or guardian’s) smartphone to set up a second factor of authentication in order to maintain security of your account.

Account Security and Privacy

Is MFA a replacement for strong passwords?

No, you should still follow Laurier’s password guidelines and use a password that is at least 12 characters in length, contains a mix of uppercase and lowercase characters, contains at least one integer and one special character. Additionally, do not re-use your password for other accounts and services.

Does having MFA mean that I will no longer need to change my password?

Not necessarily. Your password can still be compromised, and you will need to change it if that happens. We still recommend all the advice that we have always recommended with regards to secure passwords: use a unique and strong password that does not contain any dictionary words and a variety of character sets and continue to be on the lookout for phishing emails. If your password does not get compromised, you will not need to change it.

Password complexity requirement is different from multi-factor authentication. You still need to change your Laurier account password when required if you suspect your account has been compromised.

What should I do when I get a verification request that I do not recognize?

When you received a push notification for a log on that you did not initiate, select DENY to prevent unauthorized access to your account. In these cases, your password may be compromised, and we recommend that you change your password immediately.

Will I be challenged for my second factor every time I log in?

No, after your second factor, your computer will be trusted from that location and device for approximately 90 days (about 3 months). You will not be prompted to assert your second factor again unless you switch locations or log on from a different device.

Can the Microsoft Authenticator app control my phone and monitor me?

No, the Microsoft Authenticator app is light weight and not intrusive. The app requires access to your camera to setup MFA using the software token method (i.e., to read the QR code), and does not access any other data on your phone. The app does not collect any information from your phone to send to McMaster or Microsoft.

Open the Microsoft Authenticator app and click on Settings. Use Logs to control what data is sent to Microsoft.

To learn more about privacy, see the Microsoft article.

Managing Your MFA

What if I forget my mobile device at home?

When you register, you will be asked to setup multiple methods that can each be used to assert your second factor, then select one as the primary method. If you forget your primary at home, you can use one of the others that you configured. If that does not solve the problem, please contact the ICT Service Desk for further assistance.

How many devices can I add?

You can setup more than one device. We highly recommend that everyone add at least 2 devices.

What is the recommend method of verification to use?

The Microsoft Authenticator mobile app is the recommended method for most users. It provides both online and offline code options to log in, which is useful if you are at an offline location. The Microsoft Authenticator app takes up very little space on your phone, and you can use the app without an internet connection or cellular data.