On this page you will find all relevant information about MFA and account security, as well as help using SSRP to reset your password.

What is Multifactor Authentication?

Multi-factor authentication (MFA) is an extra layer of security for your UCC Student IT Account. It allows you to verify your account using another factor like your phone. This prevents others from accessing your account, even if they know your password.

Other factors used for verification include:

• authentication applications for your device such as Microsoft Authenticator.
• security codes sent by SMS.
• automatic telephone calls to your phone.

You may be familiar with some of the practices that are already widely used for online banking and purchasing.

Why does UCC use Multifactor Authentication?

Multifactor Authentication helps fight against phishing, social engineering, and password brute-force attacks. This helps to secure your logins from attackers exploiting weak or stolen credentials.

IT Services is increasing account security by making MFA essential. This is because there are more attacks directed at UCC accounts. To protect your data and UCC's systems, you will need to approve security requests sent to a mobile or other factor.

How Does MFA Work?

When you logon to a service that requires MFA, after you enter your student email address and password, you'll be prompted to use your additional means of verification (additional factor as mentioned above). For example, if using the Microsoft Authenticator app as your authentication method, you'll receive a notification from this app.

UCC recommended method for MFA

UCC recommends using the Microsoft Authenticator app as your authentication method. The app uses wifi and sends a notification to your phone, requesting you to approve a sign in request.

Use on multiple devices

You can install the Microsoft Authenticator app on multiple devices. When you sign in, the notification will be sent to all the devices with the Microsoft Authenticator app but you only need to approve the sign in from one device. If you try to approve from a second device, you will get a notification that the sign-in has been denied. However this will not affect your account as you have already approved the sign-in from the first device. 

Other methods for MFA

Besides the Microsoft Authenticator app, students can also choose to:

• receive an authentication code in a text message from Microsoft or
• receive an authentication code in a phone call from Microsoft.

However, the Microsoft Authenticator app is the recommended authentication method for UCC students.

Security of my phone number

If you use your phone number for MFA, it is stored in encrypted format as part of your UCC Student IT Account. Only you can view and change it. It is not accessible to UCC IT Services staff or others.

Your phone number will only be used for security of your account and will not be used for any other purposes. This data is not used or transferred to any other UCC system.

Approval requests when you are not trying to log in

If you get a request to approve a log in or sign in that you yourself did not start, then you must not approve the request. This most likely means that someone has your username and password and is trying to access your account. DO NOT APPROVE the sign in in these circumstances, change your password immediately and notify Student IT Services.  

MFA will always prompt for additional approval when you attempt to reconfigure your account security settings.

Self Service Password Reset (SSPR) for Students

The Self-Service Password Reset (SSPR) tool enables students to reset their UCC Student IT password, from anywhere and at any time, without the need to reach out to our Student IT Helpdesk.

The SSPR tool can be used for:

• resetting a forgotten password.
• updating your current password.

To use the SSPR tool, we need you to have multi-factor authentication (as described above) set up on your student it account. You also need to have access to the device on which your MFA is set up.

Password standards

New passwords must be at least fourteen characters/digits long, containing at least three of the following four types of character

1. Uppercase characters a - z
2. Lowercase characters a - z
3. Digits 0 - 9
4. Special characters ~!@#$%^&*_-+=`|\(){}[]:;"'i><,.?/

Your password needs to be strong and secure. Watch our Instagram reel about UCC student password standards to learn more.

How to reset/change your password using SSPR

1. In a browser, navigate to https://passwordreset.microsoftonline.com (this is a Microsoft page but once you enter your UCC email address you will be taken to the UCC branded page from here onwards)
2. You will be prompted to enter your UCC student email address in the user id field. Complete the CAPTCHA and select next.
3. Select 'I forgot my password' and click Next.
4. Select your method of MFA verification. You must choose the verification method you have previously set up on your device.
5. Enter your new password in both the “new” and “confirm new” password fields. Select finish.
6. You will notice a "your password has been reset" message to confirm your password has been successfully reset.
7. The password on your account has now been reset. Please ensure you update all your devices and applications with your new password.

*Self-service password reset is the recommended way to reset your password. If you cannot logon to http://o365.ucc.ie to update your phone number, you will need to contact our student helpdesk.

How is the data you provided stored?

The data you provide is stored securely in one of the Microsoft data centres in Europe.  This data is encrypted both at rest and in transit.  This data is used for the security of your account i.e. SSPR and MFA and will not be used for any other purposes.  This data is not used or transferred to any other UCC system.

Still have a problem?

Please log a call with our Student IT Helpdesk 021-4902120 or Email sit@ucc.ie