What is Multifactor Authentication?
Multifactor Authentication (MFA) is an authentication mechanism used in addition to your
username and password in order to verify a user’s identity. MFA should be used whenever possible because it immediately neutralizes the risks associated with compromised passwords by adding an additional layer of security to protect highly sensitive personal information.
How do I enroll?
Your MFA verification device is not the computer you use to do your work, but another device that you have with you when you are working, such as your smartphone. It is easy to get set up with MFA. First, IT has to enable MFA on your account. Once that is done, on your next logon to myUSI you will be prompted to setup MFA. USI has selected Okta as a vendor to provide this service.
If you have a smartphone, the easiest way to use MFA is with the Okta Verify app that you can download from the Apple or Android store. If you don’t have a smartphone or prefer not to download an app, you can configure MFA to send you a text message, or you can configure it to call your cell phone or even your office phone. And, you can set up multiple verification devices. In fact, for employees we recommend that you enroll Voice Call using your office phone – that way if you forget your cell phone you can still login while in the office. See the Set Up links to get started. However, we do not recommend solely relying on Voice Call with your office phone, since if that is your only form of MFA, you would not be able to login if you are not at your desk.
If a cell phone is not an option for your multifactor device and using your desk phone isn't possible because you work from multiple locations, we have USB security keys available, which looks like small flash drives. These will require a small one-time fee charged to your department (and your financial manager's approval). If you are interested in this option, please contact the IT Help Desk and we will get you more information. Please visit this page for more information on the USB security keys.
We are rolling out MFA in waves, and will contact you when your department will be enrolled, however, if you would like to enroll in MFA right away, you can request to be enrolled at https://www.usi.edu/it/mfa-enroll
Set Up Multifactor Authentication
Multifactor frequently asked questions
Forgot your device?
If you forgot your device, you can request a MFA bypass for the day. Contact the IT Help Desk for a one day bypass. Please note when setting this up it will take one hour to take effect.
How often will I be prompted to complete MFA?
Once you have authenticated using MFA on a device or web browser, you should not be challenged again on that device or web browser for an 8 hour window. This means you should expect to complete MFA authentication each day.
Why is my cell phone prompting me on the weekend when I am not working?
You may see an MFA pop-up on your phone when you are not working, or while you are working but not from your location. If you don’t recognize it – don’t approve it! It may mean a hacker has gotten your password and is trying to access your account.
Sometimes I am logging in to something and the pop-up on my phone says I am trying to log in near Chicago? Why is that?
USI runs a number of services in the cloud, and some of these are hosted in Chicago. If the pop-up coincides with when you are logging in to something you should be fine to approve it. But if it doesn’t make sense – don’t approve it!
Want to change your authentication options?
One you have enrolled in MFA you can add or change your authentication options by accessing https://weblogin.usi.edu, selecting Settings on the dropdown by your name, and then scrolling down to Extra Verification.
Can I use Google Authenticator or Microsoft Authenticator?
Yes, these will work with Okta. However, using the Okta Verify app is simpler so we recommend it.
What are the advantages of using a USB security key?
Physical USB security keys can provide the highest security for logons and are the most difficult for a hacker to get past. There is an extra cost per key so we don’t anticipate using these everywhere, but in cases where the highest security is needed we can set you up with one of these keys.
What if I get a new phone?
If you are configured with Okta Verify, you will need to re-enroll for MFA with your new phone. Contact the IT Help Desk for assistance in setting this up.