Multi-factor authentication, using more than just a password and username, to log in to unr.edu email will begin for faculty and staff on November 1 to better protect the email system. university, and ultimately the computer network, against cyberattacks.
The Office of Information Technology is implementing the new method of signing in to Microsoft email accounts and services using a sign-in process that requires a second means of verification in addition to the user’s password, such as a code sent to the user’s smart phone.
“The process should be familiar to everyone, you’re probably using it without knowing what it’s called, we have the process for Workday and AssetWorks; and doctors’ offices and health systems use it and most banks and financial institutions use it,” said Catherine Cardwell, Dean of Academic Libraries and Acting Vice Provost, Information Technology. “Rather than just asking for a username and password, the additional verification helps reduce the likelihood of a successful cyberattack.”
The new process will be launched on Tuesday, November 1 for all Academic Faculties, Administrative Faculties, Classified Staff, Classified Schedules, Residents, Letters of Appointment, Postdoctoral Fellows, and Affiliated Contingent Workers on Campus 2. Accounts student messaging systems will be integrated into the system at a later date. Users can configure their multi-factor authentication method before the November 1 launch.
“Multi-factor authentication is one of the most secure ways to access your email in today’s digital world,” said Shamik Sengupta, director of the university’s Cybersecurity Center. “As the name suggests, it depends on several factors or means of verifying that it is indeed you who is accessing the sensitive information. In its most basic format, it usually depends on “what you know” and ” something you have”, but this can easily be extended further to make your communication even more secure.”
For both of these forms of authentication, what you know is your NetID and password, and what you have with you could be a mobile device or home/alternative phone. In most cases, this second factor is a text message you receive or a reply to an application installed on your phone.
A Knowledge Base FAQs, “Microsoft 365 Multifactor Authentication”, was developed by the Office of Information Technology which will provide solutions to the most common user issues and concerns. If, after visiting the Knowledge Base FAQ page, further assistance is required, users can contact the OIT Support Center.
The Provost’s Office sent an email announcement to all affected email users with additional information and details about the new authentication process. This letter can also be viewed on the web pages of the Office of Information Technology.
The University has configured the system to allow multiple means of authentication using one of the following methods for the second verification:
- Use your mobile phone (SMS/Text): A unique numeric code will be sent by SMS to your mobile phone.
- Use the Microsoft Authentication app – an app downloaded to your mobile phone that randomly generates numbers used as a secondary authenticator.
- Use your mobile, work or alternative phone (voice): the multi-factor authentication request will be sent and completed audibly.
These choices will be available by following the steps in the knowledge base articles linked above.
“The setup process with the new authentication process is quite simple and should only take a few minutes,” said Ben Roelofs, Director of User Services for Information Technology. “However, we anticipate that there will be questions about implementing the process, so we will be ready to help. We want this to be a simple and quick process.
On October 3, the multi-step process was implemented as a pilot program for academic libraries, the Office of Digital Learning, and human resources.
“The pilot program identified a few issues on the back-end in how the system is implemented, but nothing major, the pilot helped us solidify the system,” Cardwell said. “Everything went very well, with few calls to the help desk.”