Multifactor Authentication (MFA)

What is MFA?

Multifactor Authentication (MFA) is an industry-standard for securing data and applications. It requires a combination of two or more credentials to verify a user’s identity for login.

Who must use MFA?

Over time, all access to online Adelphi resources will require the use of multifactor authentication. At the moment, several critical systems commonly used by faculty and administration are protected. As of August 19, 2024, students or alumni wishing to access their Adelphi email are required to use MFA. Over the next year, more and more services will be updated to also require MFA.

What will I need to do?

For MFA to work, we need to be able to reach you in at least two different ways. The preferred method (and most secure one) is by installing the Duo Mobile app on a smart device for services like Slate and SAAS and the Microsoft Authenticator app for Gmail and access to Adobe. A secondary factor could be a cell phone number that is capable of receiving SMS text messages, a secondary email address (non-Adelphi), or even a telephone number that can receive voice calls.

Our currently supported authentication methods include:

• Authenticator App (preferred): The Microsoft Authenticator app can be installed on iOS and Android devices, and will provide code or push notifications to phones, tablets and other supported devices.
• Personal Email: An external, non-Adelphi email address.
• Mobile Device: Capable of receiving a code from Microsoft via SMS text message.
• Office Phone: Faculty and staff can use their office phone for interactive authentication via a touch-tone system. Please ensure you use your own office phone number for this process and not a delegated or shared phone number. When you receive a call, you will need to push the “allow DTMF button” before completing the process.

Soon, we will start moving faculty, administration and staff from using Duo to the Microsoft Authenticator system.

When will I need to use MFA?

It depends on the service. We will do our best to not challenge you if you are present on campus or at one of our teaching centers. Secondly, we do our best to not challenge individual devices once we recognize them. However, some services provide access to much more sensitive information, and we need to be a bit more assertive in verifying your identity. Also, if you are using shared devices, you will be challenged more frequently.

How do I set up MFA?

To set up MFA for student and alumni accounts, please go to Microsoft’s My Account dashboard and sign in using your Adelphi email address and password. Once logged in, click on Update Info on the Security Info tile. There, you can verify your current MFA settings and add additional ones.

To set up MFA for faculty, administration or staff, please contact the IT Help Desk.

Does Self-Service Password Recovery (SSPR) require MFA?

Adelphi University’s Password Management Tool (PMT) allows users to quickly reset, recover or unlock their account using their mobile device or personal email. The convenience of doing this via self-service is only available if MFA is set up.

Why does MFA improve security?

Traditionally, a computer system determines who you are because you know a secret password. Unfortunately, people are predictable and will use similar passwords in different places. Moreover, passwords are disclosed very often and hackers share large lists of compromised passwords on the dark web. MFA is an approach that requires more proof to be submitted of your identity. Specifically:

• Something you know, like a password or a PIN
• Something you have, like a device or an app on a mobile device
• Something you are, like facial recognition or fingerprint scan
• Somewhere you are, like a physical location or a network

MFA works on the assumption that at least two of these “factors” must be present to authenticate somebody. The more separate factors are present, the stronger the authentication is.

For example: if an adversary recovers a victim’s password and tries to log in using that password, multifactor authentication will prompt the victim to make sure it is really them. That gives the victim another chance to protect themselves and allows the cybersecurity team to detect such attempts and respond to them much faster.