Multi-Factor Authentication

The University of Calgary has deployed Multi-factor Authentication (MFA) to all faculty, staff, students, and alumni. 

 

What is MFA?

MFA requires anyone connecting to certain applications to:

  • know something secret such as your password, and;
  • possess a known device such as your cell or desk phone.

When an account password is compromised, anyone using that password will have access to all the applications and data the rightful user can access. MFA adds a second method of authentication, something physical, that requires anyone using UCalgary credentials to also hold in their possession a device, mobile or desk phone, that has been registered to with the University.

 

What to expect?

Upon enrollment, either through self-registration or assistance from IT, you will be prompted to set up your chosen authentication method.  These include, in order or preference:

  1. Confirm an authentication request on your mobile device, or;
  2. Enter a code from an authenticator app on a trusted device, or;
  3. Receive a token via text message to your mobile device, or;
  4. Accept a call to your desk or home phone (you can set up either location)

 

Once enrolled in MFA you will be asked to accept an authentication request (or provide a code) from your chosen method.  Second factor authentication will also be required when logging into MFA-enabled apps from a new device, then once every 30 days.  You do not need MFA to log into your device or for network access, MFA is required to access most online apps such as:

  • Mail and Calendar applications including Microsoft Outlook
  • My UCalgary portal (starting July 6th, 2024)
  • Desire2Learn (starting July 6th, 2024)
  • Microsoft Office applications:  Word, Excel, PowerPoint, Skype for Business
  • Microsoft OneDrive for Business, Microsoft Teams, and Zoom
  • Most other online services using your UCalgary IT account

 

Why is the University of Calgary using Multi-factor Authentication?

Multi-factor Authentication, or “MFA,” protects your account and your data from unauthorized access by requiring anyone with UCalgary credentials to present two methods of authentication:

  • Something secret that you know:  your password
  • Possession of a device known to the University:  typically, your mobile device

During a typical month, 150 UCalgary account passwords are compromised.  Hackers seize user ID’s and passwords through phishing attacks, social engineering or other means.  With MFA, stolen credentials are much harder to invoke; when an unauthorized person attempts to log into resources from a new device, they will be required to accept an authentication request on your mobile device or to enter a code provided to a physical device known to you (desk phone, SMS message).  Adding this additional authentication method provides significantly more security to personal, institutional and research data.