Multi-Factor Authentication - MFA @ SCU!

What is Multi-Factor Authentication (MFA)?

MFA adds further Cybersecurity and data protection for your valuable information and intellectual property, by adding an extra process to authenticate. Presently you have used your username & password, which is relatively easy to hack, particularly with email. Southern Cross University is applying MFA to all Microsoft backed services (particularly O365 & Email as these are the most common hacking targets) for all staff and students. YouTube Video

How will Multi-Factor Authentication (MFA) protect me more?

Username and password theft by hackers, phishing and other related scams are now commonplace on the Internet. Multi-Factor Authentication uses an extra device to confirm login requests (usually via the Microsoft Authentication app on your mobile device). Only you have that application (or other method), so when the hackers attempt to access your account, a code will be sent to your phone app, or an SMS will be sent for you to approve the authentication - Thus hackers will have no possible way to gain access.

Do I have to do this all the time?

The short answer to this is no, once you have approved a login on your computer, that will be sufficient for the next 3 months. However, if you attempt to sign in on another device, it will prompt for MFA, again, providing access to that device for 3 months.

Setting up MFA

Expand this section for details: Setting up MFA

Step 1 - Go to https://email.scu.edu.au in a web browser on your computer and enter your credentials. After doing that, click Sign in.

Step 2 - Once you receive this prompt and you are ready to register for MFA, Click Next to continue

Step 3 - On your mobile device, open the App Store or Play Store on your device, search for Microsoft Authenticator and install it.

For more information on the Microsoft Authenticator app, visit the Microsoft Authenticator page on the Apple App store, or Google Play store.

Step 4 - On the Start by getting the app page, ensure you have installed the Authenticator app on your mobile device, and then select Next.

Step 5 - On your computer, remain on the Set up your account page while you set up the Microsoft Authenticator app on your mobile device.

Step 6 - On your mobile device, open the Microsoft Authenticator app, select allow notifications (if prompted). If this is the first time you’ve open the app, Select Scan a QR code, then click OK to allow the Authenticator App to scan a QR Code.

If you have already opened the app previously, Select Add account, select Work or school account and click Scan a QR code.

Step 7 - On your computer, return to the Set up your account page on your computer and select Next. Use your Mobile Device to scan the QR code page that appears on your computer. On the computer, select Next.

Step 8 - A notification is sent to the Microsoft Authenticator app on your mobile device to test your account connection.

Step 9 - On your mobile device, approve the notification in the Microsoft Authenticator app, and then select Next

Step 11 - The next time you try to log into email.scu.edu.au on your computer, the Authenticator App on your mobile phone will prompt you with Approve sign-in? Click Approve, and you will be logged into your email. Note that you may need to use your mobile devices’ finger or face recognition to open the Authenticator; this provides an extra layer of biometric protection that makes this system extremely secure!

The next screen on your computer will be your SCU email Inbox. You can elect to stay signed in if you check the Don’t show this again checkbox and click Yes. Please, only tick this on your work computer as it allows the computer to store your password, which is a potential security weakness on a shared or publicly accessed computer.

That’s MFA!

You have used another factor to prove your identity to ensure the most secure way to protect the University and your data. This simple process is all it takes to prevent almost all attacks with stolen credentials.

Cybersecurity is everyone’s business, and by using MFA, you are actively helping the University fight phishing attacks, account takeovers, intellectual property and corporate information theft.

Adding your mobile number to MFA

Expand this section for details: Adding your mobile number to MFA

The University recommends that you add your mobile number to your University account as an alternate authentication method. If you don’t have a smartphone or do not want to install the Authenticator App, you can make your phone the default sign-in method. Using a mobile number will send your mobile device an SMS code that you enter in your computer to authenticate, instead of the single click Approve of the Authenticator App.

1 - On your computer, open your browser to https://mysignins.microsoft.com/security-info, then click Add method.

2 - Select Phone from the drop-down menu, and click Add.

3 - On the next page, select Australia as the country and enter your mobile number, making sure the Text me a code radio button is selected.

Please note you will need to leave out the leading zero (0) of your number, so if your phone number is 0123 456 789, you enter 123456789 (no spaces), then click Next.

4 - You will receive a text from Microsoft - Use verification code xxxxxx for Southern Cross University authentication. Enter this code in the next window, and click Next.

You have now registered to use SMS as the second factor for MFA at SCU.

Make your phone the default sign-in method

Expand this section for details: Make your phone the default sign-in method

If you want to use SMS instead of the Authenticator App to verify your identity when challenged, use these steps to make SMS your default method.

1 - On the Security info page at https://mysignins.microsoft.com/security-info, select the Change link (next to the Default sign-in method information)

2 - Select Phone - text (your mobile number) and click confirm. Your mobile phone (text) is now the default sign-in method.

That’s it. Your mobile phone number is now the second factor, and you will receive an SMS code to verify your identity during an MFA login.

More Information

Multi-Factor Authentication - FAQ

Common problems with two-step verification for a work or school account - Microsoft Support

If you encounter any issues during this process or require further assistance, please contact the Service Desk.