Tips for using multi-factor authentication

As we move more web services to the cloud-based single sign-on (SSO) experience, it will become increasingly important that you are up-to-date with your multi-factor authentication (MFA) registrations. MFA is periodically used in addition to your password to verify your account as you log in. Unlike a password, you can register more than one MFA method so you have multiple ways to provide additional verification. This is important because sometimes your primary method may stop working due to a change of device or phone number. Please review these tips to help you have a good MFA experience!

Set up one or more fallback MFA methods on your account

 When you set up MFA for the first time on your UA Little Rock account, you are required to set up two different methods. We encourage you to use the Microsoft Authenticator app (or another authenticator app of your choice) for your first method as it provides the most security and ease-of-use. However, if you lose or replace your phone, you may need to re-register your Microsoft Authenticator app on the new phone before you can continue using it to authenticate. That’s why it’s beneficial to always set up a second MFA method on your account.

Most of the time, you will only use the first method. But adding a second method means you have a fallback in case you replace your phone or change your number. You may also manage your existing methods—and set up additional ones—by visiting the account security information page.

For your additional methods, you can choose from the following list:

Phone: SMS text message
The text message sent to a mobile device is likely the most easily recognizable MFA method. It’s useful as a fallback method because it continues to work even if you replace your mobile phone—as long as you keep your original phone number!
Email message
You may register an alternate email address—it cannot be your university email address—as a fallback method. The email address method is useful because it will continue working even if you change your phone number.
Phone: Voice call
If you’d like to use your office phone for authentication, use the voice call method. However, you must have sole access to your office phone in order to use this method securely. Do not register a public or shared phone number.

When do I use alternate/fallback methods?

If you are prompted to approve your sign-in request using your primary MFA method and it is no longer working for any reason, you may utilize one of your fallback methods by selecting the Having trouble? Sign in another way link on the sign-in screen.

An image capture of the UA Little Rock MFA sign-in screen is labeled "Approve sign in request" with the instructions "We've sent a notification to your mobile device. Please open the Microsoft Authenticator app to respond." There is a large arrow pointing at the hyperlink labeled "Sign in another way".

An image capture of the UA Little Rock alternative MFA method screen is labeled "Verify your identity" and lists multiple options for approving the request such as Microsoft Authenticator app, using a verification code from a mobile app, Text to a phone number, or Call a phone number.

Update your MFA methods before you change phones or numbers

When using the Authenticator app as one of your MFA methods, losing or replacing your phone or deleting the Authenticator app is the most common way to lock yourself out of your account. When using the SMS text message or phone call MFA methods, changing your phone number can cause you to be unable to authenticate.

If you know your mobile device or phone number will be replaced, take these steps before that happens to prevent you from being locked out of your account.

Replacing your mobile device

If you are replacing your mobile device but will retain the same phone number, follow these steps while you still have access to your old mobile device:

  1. Log into your account security dashboard.
  2. Use your old mobile device to authenticate—either with the authenticator app or by using a fallback method like a text message to your phone number.
  3. Delete the existing MFA method labeled Microsoft Authenticator.

When you get your new phone, install the Microsoft Authenticator app and repeat the authenticator app setup process to add the method back to your account.

Changing your phone number

If you are changing your phone number, follow these steps before your old number is deactivated:

  1. Log into your account security dashboard.
  2. Authenticate with either the authenticator app or by using a fallback method like a text message to your phone number.
  3. Delete any existing phone methods that use the old phone number.

When you get access to your new phone number, repeat the phone number setup process to add the phone methods back to your account.

Posted in: Projects, Security
Read more about: , ,

Comments are closed.