Multifactor authentication, using more than just a password and username, to log in to unr.edu email will begin for faculty and staff on Nov. 1 to better protect the University email system, and ultimately the computer network, from cyberattacks.
The Office of Information Technology is implementing the new method to sign into Microsoft email accounts and services using a login process that requires a second means of verification in addition to the users password, such as a code that is sent to the users smart phone.
“The process should be familiar to everyone, you probably are using it without knowing what it’s called, we have the process for Workday and AssetWorks; and doctors offices and health systems use it and most banks and financial institutions are using it,” Catherine Cardwell, Dean of University Libraries and Acting Vice Provost, Information Technology, said. “Rather than just asking for a username and password, the additional verification helps to decrease the likelihood of a successful cyberattack.”
The new process will be launched Tuesday, Nov. 1 for all Academic Faculty, Administrative Faculty, Classified Staff, Classified Hourly, Residents, Letters of Appointment, Postdoctoral Scholars and On Campus Affiliate 2 Contingent Workers. Student email accounts will be brought into the system at a later date. Users may set up their multifactor authentication method prior to the Nov. 1 launch.
"Multifactor authentication is one of the most secure ways to access your email in today's digital world,” Shamik Sengupta, director of the University’s Cybersecurity Center, said. “As the name suggests, it depends on multiple factors or ways to verify that it is indeed you who is accessing the sensitive information. In its most basic format, it usually depends on ‘what you know’ and ‘something you have’ but this can be easily expanded further to make your communication even more secure."
For those two forms of authentication, the something you know is your NetID and password, and the something you have with you can be a mobile device or a home/alternate phone. In most cases, that second factor is a text message you receive, or responding to an app installed on your phone.
A Knowledge Base FAQ, “Microsoft 365 Multifactor Authentication,” has been developed by the Office of Information Technology that will provide solutions to the most common problems and concerns for users. If, after visiting the Knowledge Base FAQ page, further assistance is needed, users may contact the OIT Support Center.
The Provost’s Office has sent an email announcement to all affected email users that has additional information and details about the new authentication process. That letter may also be viewed on the Office of Information Technology webpages.
The University has configured the system to allow for multiple means of authentication using any one of the following methods for the second verification:
- Use your mobile phone (SMS/text): a unique numeric code will be sent via text to your cellphone.
- Use the Microsoft Authentication app – an application downloaded to your mobile phone that randomly generates numbers used as the secondary authenticator.
- Use your mobile, office or alternate phone (voice): the multifactor authentication request will be sent and completed auditorily.
These choices will be available when following the steps outlined in the Knowledge Base articles linked above.
“The process to get set up with the new authentication process is fairly straightforward and should only take a few minutes,” Ben Roelofs, director of User Services for Information Technology, said. “However, we anticipate there will be questions about getting the process implemented so we’ll be standing by for support. We want this to be a quick and simple process.”
On Oct. 3, the multi-step process was implemented as a pilot program for University Libraries, Office of Digital Learning, and Human Resources.
“The pilot program has identified a few hiccups on the back-end in how the system is implemented, but nothing major, the pilot has helped us to solidify the system,” Cardwell said. “It has been going very well, with few calls to the Help Desk.“