What is multi-factor authentication (MFA)?
Setting up multi-factor authentication (MFA), adds an extra layer of security to your sign-ins.
MFA refers to using two or more items to verify your identity when you sign in, typically:
Something you know (i.e. your UFV email and password); and
Something you have (i.e. a code or notification from an authenticator app on your phone).
This creates a layered defense, preventing unauthorized access from your UFV account even if your password is compromised.
Who needs to set up MFA?
MFA is mandatory for all current UFV students and employees.
Can I register MFA for more than one option?
We recommend having at least two options registered so that you have a backup in case your other method is inaccessible.
For example, you can have both the authenticator app (on your phone) and a physical security key.
Why do I need to download a MFA app?
The Microsoft Authenticator app is the supported method for MFA at UFV, but you can use an app of your choosing (e.g. Google Authenticator, Duo).
How does MFA affect me while travelling?
When traveling, especially overseas, MFA may ask to verify that it's really you when logging into UFV services.
The Microsoft Authenticator App (6 digit code option) does not require any cell plan, and it works without Wi-Fi or data connection.
Note: If you are going to be without your phone, you can request a temporary access pass.
How does MFA change the login experience?
You still use your email address and password to sign in to a UFV service.
MFA may prompt you to retrieve a 6-digit code, approve a notification on your phone, or use a security key before you gain access.
When and how often will MFA prompt me?
MFA can be triggered if your login comes from off-campus or if there is something unusual about the sign-in (e.g., a new location or a new device).
You should be prompted for MFA usually no more than once a day.
What does the 'stay signed in?' option do?
The 'stay signed in' option keeps your login session open for a longer period (up to 14 days) even when you close your browser.
Next time you are required to log in, you won't need to enter your password or pass MFA again.
Note: Only use the 'stay-signed in' option on a personal device, and never on a shared device.
Why is my browser not remembering my login?
Common reasons as to why a browser may fail to remember your MFA login, even if you select 'Stay signed in':
Your browsing history and/or cookies have been cleared;
You have enabled the browser to clear cookies and the site data when closed;
You are using incognito mode or private mode on your browser; or
You are using a different browser or device than the ones you previously authenticated to remember your MFA sign-in.
Why not use SMS or a phone call for MFA?
To ensure a higher level of security, UFV does not offer SMS text messages and phone calls as a second factor for MFA.
Since MFA was implemented at UFV, attackers have been able to develop new methods to take advantage of SMS and phone call verification.
Techniques like SIM swapping or interception can give attackers access to your SMS messages, including the MFA codes.
Additionally, SMS and phone calls are more prone to the risks of social engineering - both you and your phone provider can be targeted by social engineering scams that give the attacker access to your phone channels.
Such social engineering attacks have already been seen targeting UFV students.
Is cellular data or Wi-Fi needed for MFA?
Using the Authenticator App offered by Microsoft, you only need an internet connection to set up the app.
You do not need the internet or a cellular data plan to use the codes generated by the app.
You can also use a security key which does not require a cell phone.
How do I transfer my MFA to my new phone?
If you turned on Cloud Backup on your old device, you can use your old backup to recover your account credentials on your new device.
For more info, see the Microsoft Support article.
If you do not have access to your old device or did not set up Cloud Backup, contact IT Service Desk to have your MFA methods reset.
My mobile device was lost, stolen, or broken
Immediately contact IT Service Desk so they can generate a temporary access pass and allow you account access.
IT Service Desk will remove the stolen/lost device from your account and help you set up a new MFA method.
I do not want to use my mobile device for MFA
You can use a security key; they are similar to a USB stick and you do not need a phone to use the security key.