ܽƵ

How can we help you today ?

 Home / Security / Information / Multifactor Authentication FAQs

Multifactor Authentication FAQs

Frequently asked questions about multifactor authentication

What is Multifactor Authentication?
Multifactor Authentication, also called 2-factor or MFA, has been adopted to secure campus resources through our Fort Lewis Microsoft accounts.  Unlike account authentication requiring only a username and password, this exchange uses an additional customized verification, greatly reducing the risk of account compromise. You are likely using multifactor now with other companies that have already adopted it for additional account security, such as your bank, streaming subscription, or other email services. In a nutshell, multifactor makes sure only you have access to your ܽƵ Microsoft account and protects the organization's data.

  • Multifactor authentication increases security as an additional barrier against cyberattacks, particularly when working remotely and traveling
  • There is a variety of choices to meet your authentication needs to ensure you can access your account, but no one else can
  • It removes the risk for hackers and cyber threats to crack your passwords, which can be very easy on repeated and simple passwords
  • Microsoft can monitor and better anticipate when others are attempting to log in to your account and disable their point of access without disturbing your experience

What happens if my ܽƵ Microsoft account gets compromised?

  • You will be locked out of your account and unable to access your email and other Microsoft apps
  • Your data and ܽƵ data you have access to may now be vulnerable and shared to threats to the organization. We all have a responsibility to protect the data we access
  • Your email address could be used to send out phishing scams, viruses, ransomware attacks, or other harmful links to your organization

How have cybersecurity threats impacted Fort Lewis College? 
ܽƵ Accounts are being targeted every day by impersonators and cyberattacks. 41 ܽƵ staff email accounts were compromised in 2021; some were repeat offenders and 6 were used to send out malicious emails to others. IT Security is watching cyber threat activity, but multifactor authentication is your frontline defense.

Since implementing MFA to all faculty and staff accounts in 2022, account compromises have dropped to almost 0! 

How much will this interfere with my daily work? 
Your initial setup of verification methods will take approximately 5-15 minutes. After that, you can adjust your methods anytime from your security settings as needed. If you primarily work on campus, you will likely forget that you even have it set up, as you will not be prompted on the campus network. When you travel or work remote, you will be reminded that Microsoft is protecting your account with an MFA prompt. The new cloud VPN connection will also ask you to authenticate with the same MFA settings upon your first login of the day. Lastly, your Workday portal will enable MFA with the same credentials and policy as your ܽƵ Microsoft resources, and prompt you when logging in off campus.

When and how often will I have to verify with MFA?

  • Multifactor Authentication has been implemented for staff and faculty Fort Lewis Microsoft accounts and the associated Microsoft applications. (Webmail, Sharepoint, Teams, etc.)
  • MFA will not affect your access to Fort Lewis pages with CAS Login processes with the exception of Workday
  • Multifactor is set to refresh and require login and authentication to your Microsoft account every 90 days
  • Accessing your account on campus will never prompt you outside of 90 days to authenticate beyond your network username and password
  • If you work from home on the same wi-fi connection, Microsoft will recognize your home internet and device and follow the 90 day rule
When will additonal verification requests be prompted for Multifactor Authentication?
  • You access your Fort Lewis Microsoft account from a new device
  • You access your Fort Lewis Microsoft account from an unfamiliar IP address/ Wi-Fi network
  • You clear your cache/cookies in the web browser used to access Office 365 Microsoft apps
  • You work from home and use the VPN to access ܽƵ resources. The new cloud OpenVPN will require MFA verification upon the first login of each day with the same MFA credentials as your Microsoft settings
  • You login to Workday off campus or from a mobile device. MFA is required by Workday and is the only exception to ܽƵ portals with CAS logins. Use the same credentials as your Microsoft settings

What about students and student workers?

  • Student workstudy accounts are accessible on campus only as a default and do not require MFA
  • However, in the event a workstudy resource needs to be accessed occasionally off campus, MFA will be required to set up with the user. Send a request for offsite access to a workstudy account by emailing askIT@fortlewis.edu
  • All active students will also have MFA enabled on ܽƵ Microsoft accounts by 5/15/2023. Newly admitted students will not have Multifactor until they have completed the process to confirm attendance. MFA will be enabled for newly confirmed students beginning 3/27/2023
  • All active students can opt into MFA early any time before 5/15/23 if desired
  • Prospective and newly admitted students will not have MFA until they submit confirmation of attendance

What if I am unable to verify when trying to log in to my account?
Example: I left my phone at home and was prompted to verify while on campus. 

If you are unable to verify with your default sign-in method, under the code entry on your browser window, click “I can’t use my Authenticator App right now”.. This should provide you with the list of other devices you have set up as methods to choose how you would like to sign in. You should always have at least 2 devices configured.

Image of approve sign in request dialog

If you are still unable to log in to your Microsoft account, reach out to the IT Help desk:

  • Call 970-247-7444 during normal College business hours Monday through Friday
  • Email AskIT@fortlewis.edu
  • Submit an online request at
  • Call our emergency cell phone at 970-749-8191
What if I get locked out of my Microsoft account outside of regular business hours?
In a critical circumstance, like a lost mobile device, Students and Staff can be granted access to their Microsoft account and bypass MFA for 5 days, to change their default method in their , and obtain a new mobile device.

This is completed by filling out the Lockout Form below. The form verifies your Fort Lewis username matches your 900 ID number and requires an IT administrator to approve access. You will receive a confirmation email if your access is granted. If there are any discrepancies with the information you provide, access will not be granted, and you will need to contact the IT Help desk during standard business hours.

This form is to be completed in emergency situations outside of business hours only. If you can wait to access your Microsoft account until the next business day, contact the help desk between 8am and 5pm at askit@fortlewis.edu or 970-247-7444.
What if I receive a notification to authenticate when I'm not actively trying to login to my Microsoft account, Workday, or VPN?
NEVER authorize a verification request from your primary method if you did not initiate it! If you receive an unexpected prompt to authenticate, someone else may be trying to get into your account!

If you don't know why, just deny!

What options do I have for authentication?
Microsoft provides several different methods for verifying your account with Multifactor Authentication. In case you do not have your default method available, you can always choose to log in to your account with a different method. 

  • Phone Call: Your Microsoft window will ask for a verification code. An automated verbal verification code will be sent to your phone number as a call to enter into your login screen
  • Phone Texted Code: Your Microsoft window will ask for a verification code. Your verification code will be send via text message to enter into your login screen
  • Microsoft Authenticator App: This is recommended as your default notification method. Your Microsoft browser window will notify that you need to authenticate. Your app will send a notification to your phone. There are several additional options to choose from within the Authenticator App:
    • One-Time Code- Your mobile device will receive a notification pop-up with a number code to enter into your browser
    • Push Notification- Your mobile device will receive a notification pop-up to verify an attempted login by clicking Approve or Deny
    • Passwordless- Your browser window will give you a 2 digit number to enter in your App notification pop-up on your mobile device
    • The Authenticator App can also be programed to lock your device screen with a password, biometric, or pin before you can approve a verification. This is as an additional safety measure in case your device is lost
    • The Authenticator App can be installed on a tablet or secondary device
  • Work Phone: Your Microsoft window will ask for a verification code. An automated verbal verification code will be sent to your phone number as a call to enter in your login screen. This is a great option for a second method in the event that you cannot use your phone or your phone is lost. Use your work phone or Teams number
  • USB Security Key: Media Services can provide a USB-C or USB-A FIDO security key to plug in to your work laptop or docking station, and complete verification by entering a set code and touching the key's touchpad. This is recommended for staff who work primarily remotely, and for those who travel often. FIDO security keys must be checked out through Media Services and reset by the user before being returned
  • Alternate Phone: additional phone numbers can be added to produce verification codes or push notifications
  • No Phone? If you do not have a cell phone or tablet, and would like to utilize the Authenticator App, wi-fi only phones are available to rent from Media Services. 

You can remove, add and update methods at any time from your Microsoft .

Is there a way to authenticate without using a phone?
Yes you can authenticate using a physical USB key. This is recommended as an alternative method if you think you’ll be using your computer somewhere where you won’t have access to a phone or mobile device, or you do not own a mobile device. The Yubiko key cannot be set as your primary authentication method, but from the authentication prompt on your browser, you can chose to sign in with a different method than your primary. Media Services offers these USB keys in Reed Library, and instructions for installing the key can be found here: ܽƵ Knowledgebase - USB FIDO2 Key

After I’ve setup MFA on a home network or my cell phone, will it continue to trigger on my trusted device?
Microsoft will learn when you access your account from the same computer and or/wi-fi network off campus. If you always use the same laptop and work on your home wi-fi connection, you will only be prompted every 90 days. If you log in from a new device, or from a new wi-fi connection, you will be prompted to authenticate each time. You will also have to authenticate once per day when connecting to the VPN or logging into Workday from off campus, regardless of the device or network. 
I accidentally dismissed my pop-up notification to authenticate on my phone.  How do I get it back? 
Notifications for the Authenticator app methods can be retrieved by opening the actual App on your device. Open the App and click on the Fort Lewis College profile. This should initiate another pop-up to authenticate.

You have about 30 seconds to authenticate before the notification expires. If you can’t get to your device within the timeframe, you can either prompt the browser window to resend the notification, or sign in a different way with another method.

What if I lose my phone, or got a new phone, and it is my primary method for authenticating?
You should be able to access your Microsoft account from your computer while on campus connected to the campus internet network without being prompted. If you are prompted with MFA, and cannot log in to your account, reach out to askit@fortlewis.edu or 970-247-7444 during business hours; if you are outside of business hours, and must get access to your account before next business day by completing the form.

From Outlook, click on the far top right initials icon on the browser and go to View Account and then click Security Info. This is where you can make changes to your current default sign-in method, add other methods, edit existing methods, and sign out on all devices if needed.

  1. Ensure you have more than one sign-in method on your account. You should have at least 2 methods set up at all times. You can also check out a FIDO key as an additional method until you get a new device, or long term as a non-phone method.
  2. Update your Security Info Settings. If your default sign-in method is your old/lost phone, or the Authenticator Mobile app, Click Change next to Default Sign-In Method and update it to another method that you can access immediately.
  3. Once you have a new phone, Add the new device from your Security Info Settings. Click Add Method to add the Phone. If your previous Phone was set up and you have a new phone number, you can alternatively click Change next to the number and update it to the new phone. You will be prompted to verify the new device.
  4. In your Security Info, Delete the Microsoft Authenticator app from your methods list. If you are able to access your old phone, uninstall the Authenticator App from the old phone.
  5. Set up the Authenticator Mobile App on your new phone from Security Info Settings. Follow the instructions above to set up the app and sync it to your Fort Lewis Microsoft account.
  6. Once you have ensured you have updated your default sign-in method, Click Sign Out Everywhere in Security Info Settings. You will be prompted to authenticate your Microsoft account to make the change. The old phone will now be unable to access your account.
Image of Security Info screen highlighting Sign Out Everywhere at the bottom of the screen
Additional FAQ’s from Microsoft:
Updated on Tue, 25 Apr 2023 by Bodine, James

In this section

Related articles