FAQs about Upcoming MFA Changes

Tags security mfa

The University of Baltimore Office of Technology Services (OTS) is introducing changes to our multi-factor authentication (MFA) process and requirements for accessing UBalt systems via single sign-on.

These changes include:

  • Faculty, staff and student workers who are already performing MFA will be required to use Microsoft’s MFA tools instead of Duo.
  • Students who are not currently performing MFA will be required to do so, also using Microsoft’s MFA tools.

These requirements will go into effect the week of September 9. The specific date will be announced prior to the change.

FAQS:

  • What is multi-factor authentication?
    • Multi-Factor authentication (MFA) is a security measure that requires users to provide more than one factor to access an account or application. MFA is a more secure way to verify user identity than a simple username and password. It can help prevent unauthorized access to accounts even if a password has been compromised. MFA has been adopted by several industries. You likely already perform MFA when accessing your banking accounts, healthcare accounts, even email and social media accounts.
       
  • Why is UBalt making these changes?
    • First and foremost, these changes will improve our overall security posture and provide increased protection of UBalt’s technology environment. Microsoft’s MFA tools provide more advanced methods of authentication that can prevent fraudulent attempts to circumvent MFA, such as MFA fatigue attacks.

      In addition to increased security, cost savings will be provided to the University by leveraging Microsoft’s MFA capabilities, which is included as a part of UBalt’s Microsoft Azure solution.

      Lastly, by requiring MFA for all students, faculty and staff, UBalt will be in alignment with the University System of Maryland’s latest technology security requirements.
       
  • What MFA methods will be available for users?
    • The most secure and recommended method to perform MFA will be using the Microsoft Authenticator app using number matching.  Detailed documentation on downloading the app and using the app to authenticate is available. 

      Physical hardware tokens that will provide a secure code for authentication will also be available by request for those who do not have smart devices or who are traveling internationally. The request process will be announced prior to the MFA change.
       
  • What support will be available to help me with the changes?
    • Documentation is available to provide step-by-step instructions for registering for MFA and performing MFA. The OTS Call Center will be available to assist with any issues by submitting a ticket, by phone, or in person in BC 131.
       
  • What will happen when the change goes into effect?
    • The first time you log into a UBalt system, you will receive a prompt to register for MFA, and set up your authentication methods. The screens will walk you through the set-up process step by step.

      After you are registered you will be prompted to perform MFA when you start a new session via single sign-on. You will only need to register one time, but you will be required to authenticate on each device you are logged into. For example, you will need to perform MFA to log in to a UBalt account on your laptop computer and to log into a UBalt account on your smart phone. 

      OTS recommends allotting 10 - 20 minutes to complete the registration process and to authenticate your accounts before starting any scheduled tasks (such as Teams meetings, online classes, etc). 
       
  • What systems or accounts will I need to perform MFA for?
    • Any UBalt system you access using your UBalt credentials will require MFA.
       
  • What can I do in advance to prepare?
    • If desired, you can download the Microsoft Authenticator app from the App Store or Google Play store on your mobile device; however, this is not necessary to do ahead of time. When the requirement goes into effect, you will receive a prompt to download the app.
       
  • When authenticating, what should I do if my authentication prompt times out?
    • If an MFA prompt times out, your application will display the below message: Uploaded Image (Thumbnail)
      You can click on 'Send another request to my Microsoft Authenticator app' or click the back button on your browser to re-send the prompt. 
Print Article

Details

Article ID: 161006
Created
Thu 8/8/24 10:55 AM
Modified
Mon 8/26/24 3:37 PM