Multifactor Authentication (MFA)
Overview
Multifactor Authentication creates a layered approach to security by requiring two or more credentials for logins. These credentials may include something you know (eg password), something you have (eg smartphone, key), and something you are (eg fingerprint). This multi-layered approach helps reduce successful login attempts from criminals and bad actors.
Multi-factor authentication dramatically improves the security of your account, compared to a traditional username and password combination.
VPN Access
If using the USF VPN, you will need to have your default MFA method changed to either Microsoft Authenticator App or phone call. This will affect all of your MFA applications (i.e. MyUSF, Email, Teams...). To change your authentication method, see How do I change my default sign in method?
Multiple authentication methods
- USF IT strongly recommends setting up multiple authentication types - such as text and authenticator app. This will help in case you lose your primary device and need a backup.
- Remember, if using VPN, your MFA authentication method must be set to the Authenticator application and/or phone number.
- Please also ensure that you are using an up-to-date app/access method for your Email. This is one of the most important steps you can take. Look below for a table of approved Email apps (clients) for your use.
What does it look like?
Depending on your preferred set-up option, you will receive a login prompt like the one below.
New look beginning Monday, February 27th
When you respond to an MFA push notification using the Authenticator app, you will be presented with a number on the screen you are using to sign in. You will need to type that number into the Authenticator app to complete the approval and sign in process. This step provides an additional layer of security to ensure you are the person actively trying to sign in.
The added security feature shows where the login attempt is occurring on a map, along with information about the specific application requesting authorization and the email address associated with the sign in attempt.
There are certain processes at USF using MFA that will not currently be affected by this change, such as the new requirement to use MFA as part of the sign in process for the Virtual Private Network (VPN) and Remote Desktop Gateway (RDG). In these situations, the Authenticator app and sign in process will default to the current tap approval without number matching as a requirement.
The phone call method of authentication will not be affected by these changes and will continue to work the same as it does now.
WHAT DO I NEED TO DO?
This number matching process using the Authenticator app is the safest and most secure way to authenticate your identity and protect your data and credentials at USF. To prepare for these changes, you should make sure your Authenticator app is updated by February 27. If the app has not been updated, the sign in process for USF systems using MFA will generate a failed authentication attempt, preventing you from signing into your USF accounts.
Additionally, Microsoft has stated Apple Watches will no longer be able to use the Authenticator app for MFA and push notification approvals. Microsoft recommends that you delete the app from your Apple Watch.
First Time Set-Up
Setting up MFA is self-service - meaning that you can set this up on your own. To begin, view the topics below or visit https://aka.ms/mfasetup
How do I perform first time set up?
Visit https://aka.ms/mfasetup and login if prompted with your USF credentials. If asked, choose 'Work or school account'. The program will walk you through first-time set-up. We strongly recommend setting up multiple methods in case you lose your device.
For instructions, visit https://support.office.com/en-us/article/set-up-multi-factor-authentication-for-microsoft-365-ace1d096-61e5-449b-a875-58eb3d74de14
How do I set up the authenticator app?
Once you have the app downloaded from your app store (click here), you can head over to https://aka.ms/mfasetup and select the "authenticator" checkbox.
For a detailed walkthrough, visit Setting up Microsoft Authenticator (MFA)
How do I change my default sign in method?
Visit https://aka.ms/mfasetup. Under Security Info, click on Change.
Select the method you wish to use from the drop down. (Select Phone - call or Microsoft Authenticator - notification if you will be using the USF VPN)
Will I be prompted every time to login?
No, but you will be required to validate your credentials with multifactor at least once per device, per 60 days. So, if you are prompted on your computer (which will happen the first time) you will not be prompted again on that same computer for 60 days. If you log into USF email or Teams from a kiosk at the airport, you will be prompted at that point in time.
I can't sync my email on my mobile phone.
Make sure you are using a supported client from the table below.
If you are using a supported client, please remove and re-add your Office 365 account to your mobile device.
Approved Email Applications
| Email program | Platform | Supported |
|---|---|---|
| Outlook Web Access | Web | Yes |
| Outlook 2016 and newer | Windows/MAC | Yes |
| Outlook 2013 and earlier | Windows/MAC | Unsupported - contact the Helpdesk for assistance |
| Outlook Mobile | iOS/Android (Mobile) | Yes |
| Built-in Mail | Newest 3 major iOS versions | Yes |
| Built-in Mail | Newest 3 major Android OS versions (with caveats depending on device manufacturer) | Only certain devices - we suggest using Outlook mobile |
| Mac mail | Newest 3 major macOS versions | Yes |
Thunderbird | All | No - Thunderbird version 77.0b1 or later will work, but is still not supported. |
If you are unable to solve your issue with this knowledge base article, please contact the USF IT Service Desk by using Chat at itchat.usf.edu, calling (813) 974-HELP (4357) or emailing help@usf.edu. If you find any errors or omissions in any knowledge base article, please contact and inform the USF IT Service Desk by calling (813) 974-HELP (4357) or emailing help@usf.edu.