Multifactor Authentication

Multifactor Authentication

Summary: Multi-factor authentication (MFA) is an extra layer of security for your University logon account, it augments the thing you “know” (your username and password) with additional authentication factors, and is used to prevent others from accessing your account, even if they know your password.

Primary users of this service: Staff

Who to contact to use this service: E: helpdesk@ucc.ie | T: +353 (0)21 490 2120 | IT Services |

Contact to discuss this service: E: l.cotter@ucc.ie | T: 4903616 | IT Services |

Strategic Focus: IT Security

Service Webpage

How Do I Enable MFA On My Account?

 There are two steps required to enable MFA on your account

  1. Request that your account is enabled for MFA

    Request that your account is enabled for MFA by completing the Self Service Request on https://Servicedesk.ucc.ie , or by contacting the service desk at E: helpdesk@ucc.ie | T: +353 (0)21 490 2120

  2. Complete the setup of MFA by logging on to email.ucc.ie
     
    See the video below on how to set up MFA through Settings on email.ucc.ie.

What is Multifactor Authentication?

Multi-factor authentication (MFA) is an extra layer of security for your University logon account. Verifying your identity using an additional factor (something you have in your possession, such as your phone) prevents others from accessing your account, even if they know your password

Additional factors used for verification include; security codes sent as text messages to mobile phones, mobile phone approval apps, automatically generated telephone calls to your work desk phone or specialised authentication fobs. You may be familiar with some of the practices that are already widely used for online banking and purchasing.

Why is UCC introducting Multifactor Authentication?

Multifactor Authentication helps fight against phishing, social engineering and password brute-force attacks and helps to secure your logins from attackers exploiting weak or stolen credentials.

Due to the number of attempted account compromises IT Services is increasing account security by augmenting the thing you “know” (your username and password) with additional authentication factors, allowing you to use approval security requests sent to a mobile and more, to protect your personal data and institutional system.

 

How Does It Work?

Usually you use just a username and password to logon to services. With MFA enabled on your account, an additional authentication factor is required to complete the logon to services that require it. The additional factor uses something that you have in your possession, such as a mobile phone. When you logon to a service enabled for MFA, after you enter your logon username and password, a verification code or other form of approval is requested from you to complete the logon process.

  • Using a computer or mobile device connected to the UCC wired and wireless networks with your MFA enabled account

    MFA will recognise the device you are logging on from is part of the UCC network and will not prompt for the additional verification.

  • Using a computer or mobile device not connected to the UCC wired or wireless networks with your MFA enabled account

    The first time you logon to an MFA enabled service you will need to complete the logon process using the extra approval. Subsequent logons may also prompt for the additional approval, particularly so if you connect your device to different networks and/or use them from different locations (nationally or abroad) Additionally, the first time you use another new application on the device to logon, you will be prompted for the additional approval.

MFA will always prompt for additional approval when you attempt to reconfigure your account security settings.

Unsolicited Logon Approval Requests

Why would I receive a logon approval request or security code when I am not trying to logon to a UCC service?

An unsolicited request to approve a logon that you have not initiated usually means that someone else knows your logon username and password, and are trying to use it. Do not approve these requests, change your password and report the event to servicedesk@ucc.ie and itsecurity@ucc.ie

What Services are enabled for MFA?

Currently Multi Factor Authentication is enabled for UCC’s Microsoft Office365 services (email , both web access & Microsoft Outlook and other Mail applications, OneDrive, SharePoint Sites, Skype for Business and Teams), VirtualApp off campus and shortly CRM also. Additional services will be subject to MFA in the near future.

UCC IT Services currently recommend security codes sent to a mobile phone as the preferred method to use for approval requests, though you can also choose other options that are available through the Settings option available on your own account (see above). You may also wish to configure an alternative or second measure for approval.

In addition to my UCC networked computer, I also use mobile devices (Phone, laptop…), do I need to configure something on them also?

It is a good idea to make a list of the devices and applications you use on them to access UCC MFA enabled services, e.g.

Devices/

Applications

Desktop PC

Laptop

Iphone

Ipad

Email

Yes, MS Outlook

Yes, MS Outlook

Yes, Mail

Yes, Mail

Calendar

Yes, MS Outlook

Yes, MS Outlook

Yes, Calendar

 

OneDrive

Yes

Yes

 

 

Teams

Yes

 

 

 

Sharepoint

Yes

 

 

 

Skype for Business

Yes

Yes

 

 

When you have completed the setup of MFA on your account, you are good to go. When you  attempt to logon while away from the UCC network  you will be prompted to approve the logon request the first time you open the applications on each device. If an application no longer works, it could mean that it is not MFA aware and you will need to create an App Password for that application

 

What Are App Passwords?

Why and how do I use them?

Some older applications, such as mail apps on mobile phones, are not aware of or work natively with Multifactor Authentication so App Passwords help them interoperate with services that require it. App Passwords are managed through the same Settings option used to setup MFA on your account. You must create APP passwords through Settings before you can use them.

When configuring these non-compatible applications to work with MFA, instead of typing your regular logon password, use the App Password instead in its place.

 

Mobile Number Security

I am concerned about the security of my mobile number or that it may be used for purpose other than MFA?

If you use your mobile number for MFA, it is stored in encrypted format as part of your logon account. Only you can view and change it. It is not accessible to UCC IT Services staff or others.

Your mobile phone number will only be used for authentication with UCC MFA enabled Services.

What if I lose or change my phone or number?

If you change your phone but retain your number, you can continue to use as before. If you change your phone number and no longer have access to the old number and/or its phone then you will need to contact IT services to reset your account

Contact the servicedesk@ucc.ie and/or Itsecurity@ucc.ie

Will I be billed for receiving SMS text messages to my phone?

Ordinarily mobile operators do not charge for receiving SMS text messages worldwide, e.g. Three and Vodafone, but if in doubt check with your mobile provider either online or in store.

IT Services Department

Seirbhísí TF

Room 3.34, 3rd floor, T12 YN60

Top