MFA & Security
What is Multifactor Authentication?
Multi-factor authentication (MFA) is an extra layer of security for your University logon account. Verifying your identity using an additional factor (something you have in your possession, such as your phone) prevents others from accessing your account, even if they know your password.
Additional factors used for verification include; security codes sent as text messages to mobile phones, mobile phone approval apps or automatically generated telephone calls to your mobile phone. You may be familiar with some of the practices that are already widely used for online banking and purchasing.
Why is UCC introducing Multifactor Authentication?
Multifactor Authentication helps fight against phishing, social engineering and password brute-force attacks and helps to secure your logins from attackers exploiting weak or stolen credentials.
Due to the number of attempted account compromises IT Services is increasing account security by augmenting the thing you “know” (your username and password) with additional authentication factors, allowing you to use approval security requests sent to a mobile and more, to protect your personal data and institutional system.
How Does It Work?
Usually you use just your student email address and password to logon to services. With MFA enabled on your account, an additional authentication factor is required to complete the logon to services that require it. The additional factor uses something that you have in your possession, such as a mobile phone. When you logon to a service enabled for MFA, after you enter your student email address and password, a verification code or other form of approval is requested from you to complete the logon process.
The first time you logon to an MFA enabled service you will need to complete the logon process using the extra approval. Subsequent logons may also prompt for the additional approval, particularly so if you connect your device to different networks and/or use them from different locations (nationally or abroad) Additionally, the first time you use another new application on the device to logon, you will be prompted for the additional approval.
MFA will always prompt for additional approval when you attempt to reconfigure your account security settings.
How do I set up MFA?
Why would I receive a logon approval request or security code when I am not trying to logon to a UCC service?
An unsolicited request to approve a logon that you have not initiated usually means that someone else knows your logon username and password, and are trying to use it. Do not approve these requests, change your password and report the event.
I am concerned about the security of my phone number or that it may be used for purpose other than MFA?
If you use your phone number for MFA, it is stored in encrypted format as part of your logon account. Only you can view and change it. It is not accessible to UCC IT Services staff or others.
Your phone number will only be used for security of your account and will not be used for any other purposes. This data is not used or transferred to any other UCC system.
What if I lose or change my phone or number?
If you change your phone but retain your number, you can continue to use as before. If you change your phone number and no longer have access to the old number and/or its phone then you will need to contact IT services to reset your account.
If you set up a backup verification number, you could use this if you lose access to your current verification number.
Can I install the MS Authenticator app on multiple devices?
Yes. When you log in a notification will be sent to all devices with the app. You only need to approve the sign in from one device.
After you approve the sign from one device, if you try and approve the same request from another device you will get a notifications that it was denied , however this will not affect your account as you already approved the request through another device.
Will I be billed for receiving SMS text messages to my phone?
Ordinarily mobile operators do not charge for receiving SMS text messages worldwide, e.g. Three and Vodafone, but if in doubt check with your mobile provider either online or in store.
If I don't have a mobile phone is there another option I can use?
Yes, if you don't have a mobile phone you can register for MFA using a landline or alternatively using the Authenticator App.
Do I need to do anything to prepare prior to travelling abroad?
Prior to travel we would recommend enabling a second means of verification, such as the Authenticator App.
What format should my phone number be in?
You will be asked to choose your area code first and then enter your phone number but drop the 0 at the start.
IT Security: Protect your PC
Use these four steps to protect your computer:
- Turn on your Firewall. A firewall helps protect your computer from hackers who might try to delete information, crash your computer, or even steal your passwords or credit card details.
- Keep your Operating System up to date. High priority updates are critical to the security and reliability of your computer. They offer the latest protection against malicious online activities.
- Use updated Antivirus and Antispyware Software. Viruses and spyware are two kinds of malicious software against which you need to protect your computer. You need antivirus technology to help prevent viruses, and you need to keep it regularly updated.
- Require a password to login to your computer. Disable automatic login to your computer and ensure a password is required to wake the computer from sleep/screensaver.