Summary
This article explains what Multifactor Authentication (MFA) is and how it is used in relation to employee CCS Accounts and student Bigfoot Accounts.
Related Articles
MFA – Configuration for Microsoft 365 Accounts
Frequently Asked Questions (FAQs)
What is MFA?
Multifactor Authentication (MFA), also referred to as Two-Factor Authentication (2FA), is a method of authenticating user accounts by requiring multiple pieces of identification for successful login. It reduces the risk of an account being compromised.
Is MFA required at CCS?
The Community Colleges of Spokane requires MFA with several Microsoft 365 login scenarios for both employees and students.
Why is MFA necessary at CCS?
Multifactor Authentication makes stealing account credentials more difficult. With MFA enabled, knowing an account username and password is inadequate to authenticate without also possessing another authentication factor. IT expects a drastic reduction of unauthorized account access after MFA is activated.
What Microsoft 365 login scenarios require MFA at CCS?
CCS requires MFA with the following Microsoft 365 scenarios:
On-Campus |
Off-Campus |
Changing your password for Microsoft 365 |
Changing your password for Microsoft 365 |
|
Logging into Microsoft 365 |
|
Logging into Teams |
What forms of identification does CCS require with MFA?
At the Community Colleges of Spokane, successful login with MFA requires a piece of identification from two of the following three categories:
Category |
Examples |
Something the user knows |
Password |
Something the user has |
Authenticator app (e.g. Microsoft Authenticator) One-time code/password (e.g. text sent to a mobile phone) |
Something the user is |
Voice recognition Fingerprint scan Retina scan |
For the first authentication factor, the most common scenario involves a username and password (something the user knows).
For the second authentication factor (something the user has), every employee has a choice of what to use, including:
- Mobile phone with ability to receive an SMS/text message
- Device (mobile phone, tablet, computer) with an authenticator application installed
For login scenarios requiring MFA, is an additional authentication factor required every time an employee or student logs in?
Not necessarily. When authenticating a device through multifactor authentication, an option exists to check a box that states Don't ask again for 60 days.
This option only appears at the time of a multifactor authentication prompt. Checking this box allows bypassing multifactor identification for 60 days, but ONLY on the device in which the box is checked. If multiple devices are used which require multifactor authentication, each device needs the box checked to bypass MFA for 60 days. Additionally, other events may still require an additional authentication factor before 60 days elapse. An example includes changing your password.