What is Multifactor Authentication?
Multi-factor authentication (MFA) is an extra layer of security for your University logon account. Verifying your identity using an additional factor (something you have in your possession, such as your phone) prevents others from accessing your account, even if they know your password
Additional factors used for verification include; security codes sent as text messages to mobile phones, mobile phone approval apps or automatically generated telephone calls to your work desk phone. You may be familiar with some of the practices that are already widely used for online banking and purchasing.
Why is UCC introducting Multifactor Authentication?
Multifactor Authentication helps fight against phishing, social engineering and password brute-force attacks and helps to secure your logins from attackers exploiting weak or stolen credentials.
Due to the number of attempted account compromises IT Services is increasing account security by augmenting the thing you “know” (your username and password) with additional authentication factors, allowing you to use approval security requests sent to a mobile and more, to protect your personal data and institutional system.
How Does It Work?
Usually you use just a username and password to logon to services. With MFA enabled on your account, an additional authentication factor is required to complete the logon to services that require it. The additional factor uses something that you have in your possession, such as a mobile phone. When you logon to a service enabled for MFA, after you enter your logon username and password, a verification code or other form of approval is requested from you to complete the logon process.
- Using a computer or mobile device connected to the UCC wired and wireless networks with your MFA enabled account
MFA will recognise the device you are logging on from is part of the UCC network and will not prompt for the additional verification.
- Using a computer or mobile device not connected to the UCC wired or wireless networks with your MFA enabled account
The first time you logon to an MFA enabled service you will need to complete the logon process using the extra approval. Subsequent logons may also prompt for the additional approval, particularly so if you connect your device to different networks and/or use them from different locations (nationally or abroad) Additionally, the first time you use another new application on the device to logon, you will be prompted for the additional approval.
MFA will always prompt for additional approval when you attempt to reconfigure your account security settings.
How Do I Enable MFA On My Account?
There are two steps required to enable MFA on your account
- Request that your account is enabled for MFA
Request that your account is enabled for MFA by completing the Self Service Request on https://Servicedesk.ucc.ie , or by contacting the service desk at E: firstname.lastname@example.org | T: +353 (0)21 490 2120
- Complete the setup of MFA by logging on to email.ucc.ie
- The video shows how to set up MFA through Settings on email.ucc.ie.
- The video shows how to set up MFA through Settings on email.ucc.ie.
What Services are enabled for MFA?
Currently Multi Factor Authentication is enabled for:
- All Microsoft Office365 services
- Email (Outlook App, and Online via email.ucc.ie)
- SharePoint Sites
- Skype for Business
Additional services will be subject to MFA in the near future.
UCC IT Services currently recommend security codes sent to a mobile phone as the preferred method to use for approval requests, though you can also choose other options that are available through the Settings option available on your own account (see above). You may also wish to configure an alternative or second measure for approval.
Phone Number Security and Other Common Questions
Why would I receive a logon approval request or security code when I am not trying to logon to a UCC service?
An unsolicited request to approve a logon that you have not initiated usually means that someone else knows your logon username and password, and are trying to use it. Do not approve these requests, change your password and report the event to email@example.com and firstname.lastname@example.org
I am concerned about the security of my phone number or that it may be used for purpose other than MFA?
If you use your phone number for MFA, it is stored in encrypted format as part of your logon account. Only you can view and change it. It is not accessible to UCC IT Services staff or others.
Your phone number will only be used for security of your account i.e. MFA and SSPR, and will not be used for any other purposes. This data is not used or transferred to any other UCC system.
What if I lose or change my phone or number?
If you change your phone but retain your number, you can continue to use as before. If you change your phone number and no longer have access to the old number and/or its phone then you will need to contact IT services to reset your account
Will I be billed for receiving SMS text messages to my phone?
Ordinarily mobile operators do not charge for receiving SMS text messages worldwide, e.g. Three and Vodafone, but if in doubt check with your mobile provider either online or in store.
If I don't have a mobile phone is there another option I can use?
Yes, if you don't have a mobile phone you can register for MFA using landline or alternatively using the Authenticator App.
Do I need to do anything to prepare prior to travelling abroad?
Prior to travel we would reccomend enabling a second means of verification, such as the Authenticator App.
What format should my phone number be in?
You will be asked to choose your area code first and then enter your phone number but drop the 0 at the start.
In addition to my UCC networked computer, I also use mobile devices (Phone, laptop…), do I need to configure something on them also?
When you attempt to logon to a device while away from the UCC network you will be prompted to approve the logon request the first time you open the applications on each device. If an application no longer works, it could mean that it is not MFA aware. If you are trying, and failing, to access email, IT Services recommends using the Outlook APP or accessing your email through email.ucc.ie
What email apps support MFA?
|Outlook Web App OWA||Online via your browser||Yes||Go to https://outlook.office.com|
|Outlook 2013||Windows||Yes||Requires manual intervention contact the Staff IT helpdesk|
|Outlook Mobile App||iOS and Android||Yes||Download from the relevant App store|
|Built in Mail App iOS||iOS 11 or higher||Yes|
|Built in Mail App iOS||iOS 10 or earlier||No||Use the Outlook App or OWA|
|Built in Mail App Android||Android||No||Use the Outlook App or OWA|
|Thunderbird||All||No||Use OWA https://office.outlook.com|
Summary: Multi-factor authentication (MFA) is an extra layer of security for your University logon account, it augments the thing you “know” (your username and password) with additional authentication factors, and is used to prevent others from accessing your account, even if they know your password.
Primary users of this service: Staff
Who to contact to use this service: E: email@example.com | T: +353 (0)21 490 2120 | IT Services |
Contact to discuss this service: E: firstname.lastname@example.org | T: 4903616 | IT Services |
Strategic Focus: IT Security