How do I enroll in or change Multi-Factor Authentication (MFA) options?

Notes: 

An authentication factor is a way of proving that you are who you say you are when you try to sign in. The three most common kinds of factors are: 

• Something you know - Like a password, or a memorized PIN.

• Something you have - Like a cellphone, 

• Something you are - Like a fingerprint.

Multi-factor authentication (MFA) is used for additional security measures to protect Personal Information (PI). User Passwords, by themselves, are not strong enough to secure an entire user base accounts from malicious actions. MFA makes it more difficult for an unauthorized person(s) to access a target. If one factor is compromised or 'broken', the attacker still has at least one more barrier to breach before successfully breaking into the target.

SUNY Erie has implemented Microsoft's 2FA product for our cloud applications. This includes ecc.edu email, Brightspace, and Workday. You will not be prompted if attempting to sign into a SUNY Erie domain-joined computer (windows screen) or if you attempt to log in through a web browser while connected to SUNY Erie's network. This also includes when your SUNY Erie PC is connected to the SUNY Erie Virtual Private Network.

Once successfully authenticated, you have the option of delaying 2FA for 30-days on that web browser and device. For the 30-day window delay to work, you MUST use the same device and browser.

Enrollment or Initial Setup:

1. You will be prompted to set up additional authentication options after you sign in. These options can also be adjusted at any time by clicking the following link:  Additional Security Verification Options
2. Click the ‘Next’ button.
3. You will the be presented with a screen that will prompt you to choose how you want to be contacted. The initial choice is the Microsoft Authenticator App.
4.  You may  Click ‘Next’ to continue with the Microsoft Authenticator app, choose a different Authenticator App or select ‘I want to set up a different method' Click ‘Download now’
5. You will be directed to install the Microsoft Authentication app if you have not done so already.
6. Click ‘Pair your account to the app by clicking this link’
7. Click ‘Verify’
8. When you see the ‘Let’s try it out’ screen, proceed to the app and click ‘approve’
9. Back on the website, click ‘Next’

Another method is highly recommended to be configured so you have additional options to gain access to your account. The next method is prompting for a phone number.

       These instructions show how to use text messages for authentication by cell phone.

1. Select  United States(+1), and input your cell phone number (ex. 7165555555) 
2. Click the 'Next Button'. You will then receive a notice that a text message has been sent to the Authentication phone.
3. Enter the code received and click the ‘Next’ button.
4. Click the ‘Next’ Button
5. Click ‘Done’

Change Default Option: 

1. Go to Additional Security Verification Options
2. Next to ‘Default sign-in method’ (which you will use most often)  Click ‘Change’
3. In the proceeding drop-down menu and select the option desired.
4. Click Confirm.

For additional help:

• Microsoft: Manage your MFA settings