Conestoga strives to provide Information Technology services to all community members with the highest availability and protections possible. As such Conestoga requires all community members to use Multi-Factor Authentication where able to provide a robust and secure user experience.
MFA can come in many forms, be it a text message, voice call, an application notification or a security key, there are many diverse and accessible options available to community members.
Configuring your MFA methods
The first step is to sign in to your
Conestoga College account at
https://mysignins.microsoft.com/security-info on a desktop or laptop. It is not recommended to set up MFA on a phone or mobile device, as you will be unable to scan the required QR code.
You will have to add at least 2 methods of authentication, though using more is encouraged if possible. You cannot set Email as a primary method and it is only used for SSPR and Account Recovery.
(a): You will be brought to a page asking you to add a method. In this step, we will look at the Authenticator App.
(b): Click on "Add method" outlined in red in the previous screenshot. The default option is "Authenticator app", click "Add".
(c): Follow the instructions in the pop-up to download the Authenticator app. You can also click on the "Download now" link to get step-by-step instructions.
(d): Continue following the steps, in the app, choose to allow notifications, then click the + button in the top right corner of the app, and select "Work or School" account.
(e): You will be shown a QR code on your display, you have to scan this QR code with your phone's camera within the Authenticator app. If you are having issues scanning the QR code, you can select "Can't Scan Image" which will provide you information to enter into the Authenticator app.
Note: The QR code reader is built into the Authenticator app, do not download a third-party QR code app.
Alternative - Manual Authenticator Setup
If you are having trouble scanning the QR code, select "Or enter code manually" on your phone, and on the pop-up on the computer screen, select "Can't Scan Image", where you will be shown a URL and Code to enter on your phone.
(a): Phone Screen
(b): Computer Screen
(f): You will see your account listed in the app.
(g): Click “Next” on your desktop to verify the setup. Then you will be prompted to approve the notification in the app.
Note: Due to changes on Microsoft's end, you will now be prompted to enter a 2-digit number shown on the screen where you are logging in when approving the sign-in request.
(h): The pop-up on the desktop will show that the notification is approved, click “Next”.
(i): You will see the Authenticator app added as a method.
Please note that deleting the Authenticator app from your device will break the setup and will prevent you from logging in with it, even if it is re-installed.
(a): Add a second method by clicking on the "Add method" button, then choosing "Phone".
(b): Select Canada as the country, and then enter your cellphone or landline/desk phone number. If you are using a cellphone, you can select "Text me a code" or "Call me", if you are using a landline or your desk phone, select "Call me", and click “Next”.
(c): Enter the code that was sent to your phone.
(d): You will be notified that adding the phone was successful.
Using a Security Key
Looking for a Security Key?
Here are the security keys that we recommend:
Setting up your Security Key
- Go to
https://mysignins.microsoft.com/security-info and login with your College Email and Password
Select “Add method” and select “Security key”
You may be prompted to sign in with two-factor authentication, this usually just results in the page reloading.
Select the type of security key you have, in most cases this will be USB.
- There is some information provided about what to do to set up the security key, namely, having it ready to plug in and then touching the button on the key.
On the page that opens, a pop-up will inform you that your security key will be set up to login to your Microsoft account, click “Ok”
You will be provided some more information about setting up the security key, the information collected by Microsoft, and the information stored on your security key. Click “OK” to continue
You will be prompted to create a security key PIN or enter an existing PIN if there is already one on your device. Make sure they PIN is something you will remember. If you lose this PIN, the security key becomes unusable.
After entering the PIN you will be prompted to touch the contact on your security key, this is usually a gold spot on the key, see your key manufacturer’s instructions for more information.
Once the setup is complete, you will be prompted to give your security key a name, this can be anything you want.
You will receive a message informing you that the key was successfully set up, and you can now log into your Microsoft account with your security key rather than your password or other 2FA method.
Using the Security Key to log in
- When logging into any Microsoft page to access your Conestoga College account, enter your full email address as normal, then on the password prompt page, select the option "Sign in with Security Key". Alternatively, if you have previously selected to sign in with a security key, you will be sent directly to the page asking you to touch the contact on your security key. You can also select another option if needed, such as a text message or app notification.
Enter the security key pin
Touch the contact on your key
You will be prompted if you want to stay signed in, just as if you had signed in with a password and second factor.
(a): Add another method, "Email", then click "Add". (b): Enter your personal email address, then click “Next”. (c): Enter the code that was sent to your email, it may take a few minutes to show up, then click "Next". (d): You will see that your email address was added to the list of authentication methods.
(a): Add another method, "Email", then click "Add".
(b): Enter your personal email address, then click “Next”.
(c): Enter the code that was sent to your email, it may take a few minutes to show up, then click "Next".
(d): You will see that your email address was added to the list of authentication methods.
Issues logging in
If you are having issues logging in, for example, if you are unable to access or use the MFA method you are prompted for, please follow these steps:
- On the page where you are prompted for your MFA method, select the button that says "I can't use my Microsoft Authenticator app right now" (or similar).
- You will be shown a list of MFA methods that you have set up. Choose an alternate method that you have access to in order to complete logging in.
If you do not have an alternate method set up, or are unable to access or use any of your alternate methods, please contact the
IT Service Desk.
Frequently Asked Questions
What is multi-factor authentication (MFA)?
- Multi-factor authentication (MFA) is a method of strengthening security on an account by requiring a secondary method of authentication outside of a primary username and password. Methods of MFA are also referred to as authentication factors.
- MFA is also sometimes referred to as Two Factor Authentication (2FA), this is similar to MFA but generally consists of fewer authentication factors.
Do I have to use MFA?
- Yes. Absolutely. Conestoga requires mandatory MFA so that we can better secure our systems and data.
What if I do not use MFA?
- If you do not setup MFA, you will lose access to any Information Technology services provides by Conestoga including but not limited to Email, Zoom, and eConestoga.
What services support MFA Protection?
MFA supported Applications include but are not limited to:
- Office 365 services – Email, SharePoint, Teams
- Conestoga VPN
- Conestoga Zoom accounts
What methods of MFA can I use?
- Text Message
- Voice Message
- Microsoft Authenticator Application
- FIDO2 Security Keys
What devices are supported for MFA?
- Phones running Android 6.0 and newer, or iOS 11.0 and newer
- Phones capable of receiving text messages or automated calls
- Fido2 security keys (I.e. Yubikey, Feitian keys)
Isn't my password enough?
- MFA helps to ensure that your account remains secure and, in your control, even if your password is compromised
Is there any cost to MFA?
- There may be costs as charged by your carrier for text or voice calls for MFA. The Microsoft Authenticator app can be used over cellular data which your carrier may charge you for or it can be used over Wi-Fi if available.
- There are no charges with the use of a Security Key other then the purchase cost for one
How often will I have to complete an MFA login?
- Under normal conditions you would only have to complete an MFA enabled login occasionally, but the frequency of them occurring can be increased by using multiple different devices, changes in login location, or if there are unusual or suspicious activities on your account.
Will MFA slow down my devices or software?
- There will be no performance impact from MFA on your device or software.
How does an MFA login work?
- Login to any Conestoga application as you normally would
- After entering your password, you will receive the MFA prompt
- On your mobile device you will find a notification asking you to approve the sign-in
- If you are using the Authenticator App, you will be prompted to enter a 2-digit code shown on the screen of the device you are logging into when approving the request
- Once approved, the application you are trying to sign-in to will authenticate
What should I do if I receive an MFA request and I did not initiate it?
- Do not approve any MFA request that you did not start yourself. Also do not pass any MFA codes for your account to another person.
- No other person should have access to your MFA devices or account.
Can I use Microsoft Authenticator on multiple devices?
Yes, you can set up and use the Microsoft Authenticator app on multiple devices simultaneously. If you don't want to use an app, you can also authenticate using a phone number or a security key.
Only one method will be selected as the default authentication method, if that method is unavailable then it is possible to select a backup method to be used to authenticate.
I've switched devices and/or need to reactivate Microsoft Authenticator
- You can always add new devices, phone numbers, and security keys by going to https://mysignins.microsoft.com/security-info and selecting Add Method. We highly recommend that you have multiple methods on your account in case one of those methods is unavailable.
- If you have lost all MFA methods and devices you can always contact IT to help you register a new method or device and sign-in to your account to set up methods again.
What if I can't or don't want to use the Microsoft Authenticator app?
- The College's system is authenticated by Microsoft, and it is a Microsoft based server that is validating who you are and what you can access. Because of this, the College highly recommends using the Microsoft Authenticator app. However, there are other alternative MFA methods that you can use such as Duo Security, Google Authenticator, LastPass and Authy. If you do not want to use an app, you can add a phone number to receive a phone call or text, or you can use a security key. Any of these methods can be added by navigating to https://mysignins.microsoft.com/security-info.
What if I don't have a cellphone, or don't want to use my personal phone?
- You can use a Security Key if you don't want to use your cellphone to authenticate. Security keys come in many different types but the most common is a USB key that you can connect to your computer to authenticate along with a pin.
What is a security key?
- A Security Key (or security token) is a device that facilitates access, or stronger authentication, into other devices, online systems, and applications.
- These devices are generally USB key size that plug into your laptop or desktop but can also be used with phones through Near Field Communication (NFC). They generally have a button or contact sensor on them to prevent misuse when a user is not present.
Does Conestoga provide me with a security key?
- No, Conestoga will not provide security keys.
- Keys may be available for purchase from the on-campus bookstore or other local vendors near campus as well as online suppliers
Where can I buy a security key? How much do they cost?
- There are many different security keys, but the two online options are:
- For more options, Microsoft security key partners can be found here - https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-fido2-hardware-vendor#current-partners
- There may be a local shop in your area that provides them as well, ensure that they are a supported vendor before purchasing one.
How do I use a security key?
- To log in with your Security Key when accessing your Conestoga College account, enter your full email address as normal, then on the password prompt page, select the option "Sign in with Security Key". Alternatively, if you have previously selected to sign in with a security key, you will be sent directly to the page asking you to touch the contact on your security key. You can also select another option if needed, such as a text message or app notification.
- Enter the security key pin
- Touch the contact on your key
- You will be prompted if you want to stay signed in, just as if you had signed in with a password and second factor
What happens if I lose my default MFA method?
- If you lose the phone method you setup, you can use a backup method that does not involve either the phone. Once you are in your account again you should remove the lost phone as an authentication method until it can be found again. If you do not have access to a backup method, you should contact IT.
- If you lose your Security Key, you can use other backup methods (the Authenticator app or printed one-time recovery codes) you setup when setting up multifactor authentication, to get into your account. You can also setup more than one Security Key on your account and keep it in a safe place.
Where can I learn more about MFA and how to secure my account?
How will MFA impact generic accounts?
- For things like shared mailboxes, MFA will not have any impact. If you have questions about any specific accounts, please contact IT.
As a service owner, will Conestoga provide MFA for my service/application?
- We want to protect all Conestoga applications and services with MFA, for more details on specific services or applications, please contact IT.