Multi-Factor Authentication FAQ's | St. George's University

Multi-Factor Authentication (MFA) FAQ’s

Why do I get so many prompts to approve my login to Office 365 applications?

Since the main goal of multi-factor authentication is to prevent someone who is not you from logging into your accounts, the process requires that you approve the login whenever you sign in differently than you did last time. This could mean from a different device (mobile phone, home computer, office computer, etc.), a different Web browser, or even a different Office 365 application (OneDrive, Outlook, Skype, etc.). Even if you have checked the “Don’t ask again for 14 days” option on the login screen, the 14-day grace period only applies to that device, application, and browser.

Should I always approve/accept/allow the login prompt?

No. If you are prompted to approve a sign in but have not tried to sign into anything, there is the possibility that there was an application that automatically started with your password saved attempting to log in or your sign-in attempt was sent twice (e.g. refreshing a log in page).

If the sign in request appears during a time when you have not attempted to sign in or open applications recently, it may be someone else attempting to access your account without your permission. If you are ever unsure, click deny and contact IT Support.

What is an app password and when is it needed?

Microsoft’s MFA solution only works with newer versions of Microsoft applications. If you are using the built-in email software on your iPhone, Android, or macOS device, an older version of Microsoft Office on your computer, or using other software that does not support MFA, you will need to use an app password instead of approving the login when prompted. An app password is a very strong, randomly-generated password. You will use this password to sign into the non-MFA application once and then you never have to enter your password for that application on that device again.

To manage app passwords please visit the app password section of your account settings.

How can I add an alternate contact method for MFA or modify my preferred method?

You can verify your sign in using a phone call, text message, or Microsoft Authenticator app (code or notification). If you would like to change your default MFA method or add an alternate one please visit the Additional Security Verification page.

How do I get back into my account and change my settings if I have a new phone number?

Navigate to the Additional Security Verification page and modify your phone number. If prompted to approve the sign in, click the “Sign in another way” link and select an alternate method. If you no longer have access to any of the backup methods or have not set them up, you will need to contact IT Support to have your MFA settings reset.

What should I do if my phone is lost or stolen?

If you have alternate authentication methods configured in your Additional Security Verification page then please select “Sign in another way” when at the MFA prompt screen. Otherwise, please contact IT Support for assistance.

Do I have to have a smartphone to verify my identity?

No, you can use any cell phone, tablet, or even a landline phone.

What is the recommended method of MFA?

The recommended method is to use the Microsoft Authenticator app on your smartphone or tablet. The free app can be downloaded from the Google Play Store or Apple App Store.

What if I do not have a signal or cellular data plan?

We recommend users enroll in multi-factor authentication using the Microsoft Authenticator app on a smartphone or tablet. The application can generate verification codes offline and does not require a voice, text, or data plan.