About MFA
Why is Humber using Multi-Factor Authentication?
Multi-Factor Authentication provides a higher level of security for Humber College and reduces the risk of certain types of attacks. Passwords can be compromised easily – either through phishing attacks, guessing or other techniques cybercriminals employ. Multi-factor authentication provides an additional layer of security that protects your account even if someone else knows their password.
How does MFA work?
MFA combines at least two forms of authentication: something you know (e.g., a password) and something you have (e.g., a cell phone or an authenticator app). This way, even if someone steals your password, they cannot access your account unless they also have your mobile device or code generator in their possession.
An example of Multi-Factor Authentication is signing into your online bank account. You provide your password (something you know) but before you get access to your account you are prompted to provide a code by either text message or email (something you know) that will verify you are who you say you are. Missing either piece of identification will prevent the transaction.
Why do I need this / What are the benefits of MFA?
Hackers will always try to get access to your passwords, through phishing attacks, guessing attacks or by compromising other websites. MFA provides you the peace of mind that, even if your password is compromised, the hackers will not be able to access and use your account to further their attacks because of the added levels of verification that they do not have access to.
Who has to use MFA?
Humber Faculty, staff and students are required to use MFA
How do I find my verification code?
If you are using the Microsoft Authenticator app, after you log into a Humber site, you will be presented with a 2 digit number to enter into the Microsoft Authenticator app. Usually the app will present you with a window on your mobile device asking you for the 2 digit number. Once you enter the 2 digit number, and confirm 'yes' you will be approved to access the Humber site. If, for whatever reason, you cannot use the app, you may have the option to choose to receive a SMS text message instead of using the app. Your verification code will be sent to your mobile device at the time of login.
Will I incur additional mobile phone charges getting text message for MFA to my smart or mobile phone?
Text messages are sent only when you request them and would be billed by your carrier like any other text message or inbound voice call. The Microsoft Authenticator app push notification method uses very little cellular data and will use Wi-Fi if available.
How do I change my MFA settings?
Go to myaccount.humber.ca to change your MFA settings.
How many methods can I add?
As of November 30, 2023, the Microsoft Authenticator App needs to be set as the default method. You can setup more than one method, in fact, we highly recommend that the Humber community add at least 2 methods.
Does ITS recommended a particular authentication method?
Microsoft is making the authenticator app mandatory to have installed by November 30th, 2023.
Users who authenticate with SMS and voice methods must have the Microsoft Authenticator app installed by Thursday, November 30, 2023. Microsoft making the change to 'system preferred MFA' means that you will be prompted to use the most secure of your chosen methods. To view or change your authentication methods:
- Visit myaccount.humber.ca.
- Click on ‘update info’ on the security info tab.
For new users, download the Microsoft Authenticator app from the Apple App Store for iOS or the Google Play Store for Android. The college has no access to your personal devices after you install the app.
MFA Usage / Registration
Why are we adopting MFA now?
As we’ve shifted towards using more online applications out of necessity, there has been a major increase in both the volume and complexity of cyber-attacks against Humber accounts. The need to strengthen our systems and credentials is critically important to combat the increasingly regular campaigns designed to obtain the passwords of our community members.
Do other universities use MFA to authenticate staff, faculty, or students?
Yes, other universities and colleges are using MFA to better protect their data and accounts.
Can I use the MFA app internationally?
Yes, you can use the MFA app internationally.
How long does it take to enroll/register a device for MFA?
Only a few minutes. It is very easy!
When I am going through the registration process, I am prompted to select either my personal account or my work/school account, which one should I select?
Select “work or school account.” Enter your username@humber.ca credentials to get started.
Account Security
Is MFA a replacement for strong passwords?
No. Although MFA adds an added layer of security ITS recommends all staff and students use a password that is at least 12 characters in length, contains a mix of uppercase and lowercase characters, contains at least one integer and one special character. Additionally, do not re-use your password for other accounts and services.
Does having MFA mean that I will no longer need to change my password?
Not necessarily. Your password can still be compromised, and you will need to change it if that happens. We recommend that staff and students: use a unique and strong password that does not contain any dictionary words and a variety of character sets and continue to be on the lookout for phishing emails. If your password does not get compromised, you will not need to change it.
Password complexity requirement is different from multi-factor authentication. You still need to change your Humber account password when required if you suspect your account has been compromised.
What should I do when I get a verification request that I do not recognize?
When you receive a push notification for a log on that you did not initiate, select DENY preventing unauthorized access to your account. In these cases, your password may be compromised, and we recommend that you change your password immediately. Register for Self-Service Password Reset so that you can take full control of your password management.
What should I do if I use my phone for MFA but I lose it or someone steals it?
If you lose you lose your phone or someone steals it contact the IT Support Centre (X8888) or humber.ca/techtalk for assistance in resetting your MFA settings.
If you have any questions about MFA, please contact the IT Support Centre 416.675.6622 x8888, humber.ca/techtalk