The University of Calgary is deploying Multi-factor Authentication (MFA) to all faculty, staff and students.
What is MFA?
MFA requires anyone connecting to certain applications to:
- know something secret such as your password, and;
- possess a known device such as your cell or desk phone.
Currently, UCalgary accounts only require a username and password to gain access to applications along with institutional and research data. When an account password is compromised, anyone using that password will have access to all the applications and data the rightful user can access.
MFA adds a second method of authentication, something physical, that requires anyone using UCalgary credentials to also hold in their possession a device, mobile or desk phone, that has been registered to with the University.
What to expect?
Upon enrollment, either through self-registration or assistance from IT, you will be prompted to set up your chosen authentication method. These include, in order or preference:
- Confirm an authentication request on your mobile device, or;
- Enter a code from an authenticator app on a trusted device, or;
- Accept a call to your desk or home phone (you can set up either location), or;
- Receive a token via text message to your mobile device
Once enrolled in MFA you will be asked to accept an authentication request (or provide a code) from your chosen method. Second factor authentication will also be required when logging into MFA-enabled apps from a new device, then once every 30 days. You do not need MFA to log into your device or for network access, MFA is only required to access:
- Mail and Calendar applications including Microsoft Outlook
- Microsoft Office applications: Word, Excel, PowerPoint, Skype for Business
- Microsoft OneDrive for Business
- Microsoft Teams
- Adobe Creative Cloud
- Research Management System (RMS)
Why is the University of Calgary using Multi-factor Authentication?
Multi-factor Authentication, or “MFA,” protects your account and your data from unauthorized access by requiring anyone with UCalgary credentials to present two methods of authentication:
- Something secret that you know: your password
- Possession of a device known to the University: typically, your mobile device
During a typical month, 150 UCalgary accounts are compromised. Hackers seize user ID’s and passwords through phishing attacks, social engineering or other means. With MFA, stolen credentials are much harder to invoke; when an unauthorized person attempts to log into resources from a new device, they will be required to accept an authentication request on your mobile device or to enter a code provided to a physical device known to you (desk phone, SMS message). Adding this additional authentication method provides significantly more security to personal, institutional and research data.