˿����Ƶ

MFA requires users to verify their identity using two or more factors before gaining access to University services. After entering your username and password, you’ll be prompted to confirm the login using a second method such as a mobile app notification, verification code, phone call or security key. This extra step ensures that even if someone obtains your password, they cannot access your account.

When signing in to a protected service, you will: 

1. Enter your University username in the format username@umsystem.edu 
2. Enter your password 
3. Verify your identity using your chosen MFA method, such as:  
   1. Microsoft Authenticator app notification 
   2. One-time passcode from the app 
   3. SMS or voice verification code 
   4. Call to a registered landline (if applicable) 
   5. Security key 

The system will remember your device for 30 days if you select “Don’t ask again for 30 days.” After that period, or when using a new browser or device, you will be prompted to authenticate it again. 

Users without a mobile device may register a direct office line or home landline. These numbers must be uniquely assigned to you and accessible when receiving MFA verification calls. 

If you have not registered for MFA yet, you can do so at . During setup, you will be asked to: 

• Provide a mobile phone number 
• Provide an external (non-University) email address 
• Add one or more MFA methods 
• Install the Microsoft Authenticator app (recommended) 

Your phone number and external email address are used only for official University purposes. They are not shared, marketed or sold to outside entities. 

Passwords alone are not enough to protect accounts. MFA strengthens your login process by requiring evidence that you are the authorized account holder. The added factor: 

• Helps prevent unauthorized access 
• Protects against phishing attacks 
• Reduces the risk of compromised credentials and data exposure  

MFA is required for all UM System students, faculty and staff when accessing University systems that use Microsoft authentication.

• Complete the user registration process. You will be asked to provide your mobile phone number, an external (non-University) email address that you own and answers to a series of knowledge-based questions. 
• Download and install the Authenticate application for your mobile device. While not required, most users will find the application is the most convenient way obtain a login code. 

Your cell phone number and/or personal email address will not be used except for official University purposes and as required by law. ˿����Ƶ does not market or sell personal information to outside entities. 

Not much at all. After registration, most users interact with secure authentication via the mobile device application. Various IT systems (MyHR, Canvas, email, etc.) have been configured to ask for a MFA passkey for different reasons and at different times. The overall goal is to ensure that the person logging in is a legitimate user while at the same time, not being overly burdensome.

A non-University email address is required as another means to contact you if security professionals note suspicious login activity from your work account, and it may be used as one of the ways to receive a passkey for some electronic resources. 

If you don’t have a secondary email, create one. Most email services are free for use. If you have a secondary email already, but do not feel comfortable sharing it with the University, you may create a new external email account for this purpose. 

If you would like to change a question option, use the pull-down menu on the question field and select from a new set of pre-approved questions. Still having issues? The key with the knowledge-based answer is that you can remember what answer you have given the system for a particular question. You do not have to provide the correct answer, just be able to always give a consistent answer when prompted with that question. For example, it is acceptable if the question is “What is your favorite color?” to answer “elephant,” so long as you can remember the answer is “elephant” when prompted with the question: “What is your favorite color?”

The help desk may choose to use the “help desk question” to verify identity over the phone. IT support personnel cannot see answers to your other knowledge-based questions, only the help desk verification question.

You can update information at any time. Go to the Information Technology Security Office. You can then log into the User Registration/Manage Settings to update your information.