What is Multifactor Authentication?
Multifactor Authentication (MFA) is an authentication mechanism used in addition to your username and password in order to verify your identity. This added layer of security keeps your account and personal information safer and should be used whenever possible. Even if hackers discover your password, they won't be able to access your account without completing the second authentication.
How do I enroll?
Your MFA verification device is not your computer, but another device that you have with you, such as your smartphone. It is easy to get set up with MFA. First, IT will enable MFA on your account. Once that is done, on your next logon to myUSI you will be prompted to setup MFA. USI has selected Okta as a vendor to provide this service, and all employee and student accounts are being configured to require multifactor authentication.
If you have a smartphone, the easiest way to use MFA is with the Okta Verify app that you can download from the Apple or Android store. If you don’t have a smartphone or prefer not to download an app, you can configure MFA to send you a text message, or you can configure it to call your phone. Once you have this setup, we recommend that you configure a second option as well so that you have more than one way to satisfy the MFA requirement.
If a cell phone is not an option for your multifactor device, you can purchase a USB security key, which looks like a small flash drive. Please visit this page for more information on the USB security keys.
If you would like to enroll in MFA right away, you can request to be enrolled at https://www.usi.edu/it/mfa-enroll
Set Up Multifactor Authentication
Multifactor frequently asked questions
Forgot your device? Did your phone stop working?
If you forget your device or if it stops working, you can request an MFA bypass for the day. Contact the IT Help Desk at 812-465-1080, or use the self-service bypass MFA form. If calling the Help Desk, you will be required to verify your identity, and then your account will be configured to not require MFA until the next business day. Please note when setting this up it may take up to one hour to take effect, although it usually is much quicker.
How often will I be prompted to complete MFA?
Once you have authenticated using MFA on a device or web browser, you should not be challenged again on that device or web browser during that day.
Why does it prompt me more than once/day?
If you use multiple browsers such as Firefox, Chrome, and Edge, each one will prompt you for MFA. And if you use inCognito or in-Private-Browsing, you will be prompted during each session.
Why is my cell phone prompting me on the weekend when I am not working?
You may see an MFA pop-up on your phone when you are not working, or while you are working but not from your location. If you don’t recognize it – don’t approve it! It may mean a hacker has gotten your password and is trying to access your account.
Sometimes I am logging in to something and the pop-up on my phone says I am trying to log in near Chicago? Why is that?
USI runs a number of services in the cloud, and some of these are hosted in Chicago. If the pop-up coincides with when you are logging in to something you should be fine to approve it. But if it doesn’t make sense – don’t approve it!
Want to change your authentication options?
One you have enrolled in MFA you can add or change your authentication options by accessing https://weblogin.usi.edu, selecting Settings on the dropdown by your name, and then scrolling down to Extra Verification.
Can I use Google Authenticator or Microsoft Authenticator?
Yes, these will work with Okta. However, using the Okta Verify app is simpler so we recommend it.
What are the advantages of using a USB security key?
Physical USB security keys are useful when you do not have a cell phone to use as your MFA device. They also provide the highest security for logons and are the most difficult for a hacker to get past. USB security keys have to be purchased so we don’t anticipate most people will use them, but in cases where you have no cell phone or the highest security is needed you can purchase a key and use it as your second factor device.
What if I get a new phone?
If you are configured with Okta Verify, you will need to re-enroll for MFA with your new phone. Contact the IT Help Desk for assistance in setting this up.