Multi-Factor Authentication (MFA): Difference between revisions
mNo edit summary |
mNo edit summary |
||
Line 4: | Line 4: | ||
'''https://www.imperial.ac.uk/admin-services/ict/self-service/be-secure/mfa/''' | '''https://www.imperial.ac.uk/admin-services/ict/self-service/be-secure/mfa/''' | ||
There's no need to repeat what they say, but it is universally accepted to be a good idea to enable MFA on personal communications and collaboration services. | There's no need to repeat what they say, but it is universally accepted to be a good idea to enable MFA on personal communications and collaboration services. All you need is a mobile phone. | ||
== How To Enable MFA On Your Office365 Account == | == How To Enable MFA On Your Office365 Account == | ||
Line 10: | Line 10: | ||
== Do I Need Anything Special To Use MFA? == | == Do I Need Anything Special To Use MFA? == | ||
The use of MFA for Office 365 does assume that you're an Office 365 user, which further assumes that you're likely to have a smartphone. ICT stats show that well over 99.9% of Imperial users also either use Imperial Wi-Fi on a smartphone, or read their email on a smartphone. | The use of MFA for Office 365 does assume that you're an Office 365 user, which further assumes that you're likely to have a smartphone. ICT stats show that well over 99.9% of Imperial users also either use Imperial Wi-Fi on a smartphone, or read their email on a smartphone. The easiest way to get up and running is to install the app on your phone called "Microsoft Authenticator". Other authenticators are available if you prefer to support yourself. | ||
If you only have a "dumbphone" you can still use MFA, but instead of using an app to receive your codes you get a text message. The effect is the same but it's not quite so secure if you understand how text messaging works (as an exercise for the student, read up on Signalling System No.7 vulnerabilities). | If you only have a "dumbphone" you can still use MFA, but instead of using an app to receive your codes you get a text message. The effect is the same but it's not quite so secure if you understand how text messaging works (as an exercise for the student, read up on Signalling System No.7 vulnerabilities). | ||
== OK I Enabled MFA On My Phone. What Now? == | |||
Ideally, you should reboot your PC. If you don't want to just yet, at the very least log out of your email, Skype, Teams and SharePoint. When you log in to these services again you will be prompted for your password as normal. Then, if MFA is set up correctly, you will receive a separate login code on your registered phone. Enter that, and you're all done. | |||
== I Can't Log In Any More After Enabling MFA == | |||
== I Don't Want To Enable MFA On My Personal Phone == | == I Don't Want To Enable MFA On My Personal Phone == | ||
Presumably you have good reasons to reject a security enhancement for the sake of receiving a text code every so often when you're off site. It would probably be best to talk to your local IT staff about your concerns. | Presumably you have good reasons to reject a security enhancement for the sake of receiving a text code every so often when you're off site. It would probably be best to talk to your local IT staff about your concerns. MFA is an extremely robust security measure, and not using it will greatly increase the risk of an account compromise. |
Revision as of 10:08, 7 May 2020
Multi-Factor Authentication (MFA)
In 2020 Imperial will be making MFA compulsory on some sensitive services, such as Office365, and will roll it out to other services as the need arises. Their overview and reasoning is here: https://www.imperial.ac.uk/admin-services/ict/self-service/be-secure/mfa/
There's no need to repeat what they say, but it is universally accepted to be a good idea to enable MFA on personal communications and collaboration services. All you need is a mobile phone.
How To Enable MFA On Your Office365 Account
First of all, ICT have to provision your account for this feature - you can't just decide to turn it on yourself. You will get an email from the "ICT Security Officer" when MFA is ready to be enabled on your account. Once it has been provisioned for you, Imperial's instructions are here: https://www.imperial.ac.uk/admin-services/ict/self-service/be-secure/mfa/setup-mfa/
Do I Need Anything Special To Use MFA?
The use of MFA for Office 365 does assume that you're an Office 365 user, which further assumes that you're likely to have a smartphone. ICT stats show that well over 99.9% of Imperial users also either use Imperial Wi-Fi on a smartphone, or read their email on a smartphone. The easiest way to get up and running is to install the app on your phone called "Microsoft Authenticator". Other authenticators are available if you prefer to support yourself.
If you only have a "dumbphone" you can still use MFA, but instead of using an app to receive your codes you get a text message. The effect is the same but it's not quite so secure if you understand how text messaging works (as an exercise for the student, read up on Signalling System No.7 vulnerabilities).
OK I Enabled MFA On My Phone. What Now?
Ideally, you should reboot your PC. If you don't want to just yet, at the very least log out of your email, Skype, Teams and SharePoint. When you log in to these services again you will be prompted for your password as normal. Then, if MFA is set up correctly, you will receive a separate login code on your registered phone. Enter that, and you're all done.
I Can't Log In Any More After Enabling MFA
I Don't Want To Enable MFA On My Personal Phone
Presumably you have good reasons to reject a security enhancement for the sake of receiving a text code every so often when you're off site. It would probably be best to talk to your local IT staff about your concerns. MFA is an extremely robust security measure, and not using it will greatly increase the risk of an account compromise.