As part of Villanova’s continuing efforts to enhance data protection, the University is requiring multi-factor authentication (MFA) to access critical web-based resources such as Outlook, Teams, MyNova, Zoom, and Brightspace. Below, find the answers to frequently asked questions about using the University's new MFA solution, Microsoft Authenticator.
General FAQs
Why do I need to use multi-factor authentication (MFA)?
Passwords are becoming increasingly easy to compromise. They can often be guessed or stolen by cyber criminals, giving them access to your sensitive information. Multi-factor authentication (MFA) adds a second layer of security to your accounts by requiring you to not only enter your password but verify your identity through another method, such as number matching with Microsoft Authenticator. If someone else tries to log-in using your password, you will be notified by Authenticator and can reject their verification attempt. This prevents anyone but you from accessing your accounts.
Can I use the Microsoft Authenticator app for more than one account (e.g., Villanova Account and privileged account)?
Yes, Microsoft Authenticator is built to manage multiple accounts. You can follow our same instructions on how to enroll; you will just sign into the Microsoft security dashboard using the appropriate alternate account.
Once a second account is added, it will appear in your Authenticator App similar to the below image.
Why isn't SMS/telephony an option with Microsoft Authenticator?
To best protect our community and our University, we are discontinuing the use of codes via SMS (text message) and telephony (phone calls) as an authenticator factor. Both the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have advised against using SMS/telephony, as they are highly prone to compromise through methods such as SIM swapping, social engineering, and man-in-the-middle attacks. The Microsoft Authenticator app provides a more secure, resilient mode of authentication via number matching.
How do I update my Microsoft Authenticator app to the latest version?
Microsoft Authenticator should update automatically to the latest version via the iOS App Store or Google Play Store on supported mobile OS versions. Should you need to manually update the Microsoft Authenticator app, please follow the instructions below.
Can I use Microsoft Authenticator when traveling internationally?
Yes! If you have internet connection, you can receive a Number Matching prompt to the Microsoft Authenticator app.
If you believe the country you are traveling to is considered high risk, please contact the Service Desk to verify and get permission.
Troubleshooting FAQs
I don't have a smartphone. How can I use Microsoft Authenticator?
You can use Microsoft Authenticator with another smart device, such as a tablet.
We understand not everyone has access to a smart device. While the Microsoft Authenticator mobile app is recommended for the best convenience and security, Villanova does offer the alternative of using a hardware security key. Please submit a ticket through the Support Portal to discuss next steps.
I got an unexpected login prompt. What do I do?
If you are prompted to approve a login that you did not initiate, we advise you exercise caution and assume someone without authorization is trying to access your account. Choose "No, it's not me" in the Microsoft Authenticator app to block the request. Then, contact the Service Desk at 610-519-7777 or support@villanova.edu.
I got locked out of my account. What do I do?
Your account will lock when there are too many failed attempts to authenticate. Should this occur, please contact the Service Desk at 610-519-7777 or support@villanova.edu for assistance.
Security FAQs
What data is stored by Microsoft Authenticator?
Authenticator collects three types of information:
-
Account info you provide when you add your account. After adding your account, depending on the features you enable for the account, your account data might sync down to the app. This data is stored on your device and can be removed by removing your account.
-
Non-personally identifiable usage data, such as aggregate details about success or failure of important operations that are used to detect decreased reliability and bugs. This minimal data is needed to keep the app updated and secure. You need to accept the notice of this data collection when you use the app for the first time.
You can also allow the sharing of additional non-personal usage data by turning on the "Usage Data" toggle button on the app's Settings page or when you use the app for the first time. This data allows our engineers to improve the app in ways that are important to you. This setting can be turned on or off at any time.
-
Diagnostic log data that stays only in the app until you select Send feedback in the app's top menu to send logs to Microsoft. These logs can contain personal data such as email addresses, server addresses, or IP addresses. They also can contain device data such as device name and operating system version. Any personal data collected is limited to information needed to help troubleshoot app issues. Authenticator engineers will use them only to troubleshoot customer-reported issues.
For more information, review the Microsoft Privacy Statement.
What does the Microsoft Authenticator app access on my mobile device?
The Microsoft Authenticator app does not access your other apps or other data on your mobile device; it uses some base functionality of the device and a certificate that identifies your device to ensure accurate identification.
During the sign up process, you will be asked to scan a QR code. The Microsoft Authenticator app will request access to the camera when activating the app. This is the only time that the camera will be activated by Microsoft Authenticator. Under no circumstance does Microsoft Authenticator activate devices such as microphone or GPS.
What operating systems is Microsoft Authenticator supported on?
Microsoft Authenticator is a mobile application available for Android and iOS operating systems. Microsoft no longer supports Authenticator versions that are more than one year old, so always keep your device up to date.
To comply with our policies, if an operating system is no longer supported by the vendor such as Microsoft or Apple, and/or security updates and enhancements are not made available from the vendor, Technology Services will also no longer support the Microsoft Authenticator multi-factor authentication solution on that operating system.
What is Villanova's standard for multi-factor authentication (MFA)?
As part of Villanova's information security standards, the following must be protected behind MFA:
- All applications that require authentication for access, such as Brightspace
- Applications that are internet accessible and store, transmit or process data that is classified as Restricted or Private, including Office 365 and NOVASIS.
To create a smooth and secure MFA experience for new applications, Technology Services provides assistance integrating with our Single Sign On (SSO) authentication services.
For additional information, visit Microsoft's Authenticator FAQ page.