What is MFA?
Multi-factor authentication is a login method that provides enhanced security by asking you to provide two forms of identification, or, factors. These factors generally refer to something you know (e.g. password), something you have (e.g. mobile phone), or something you are (e.g. thumbprint).
What does MFA look like for me?
MFA is required for all faculty, staff, and students. For additional security, you will also be asked to confirm the login attempt by either responding to a prompt on your mobile device or entering a numeric one-time code that would be sent to you. This may sound familiar as it is similar to how you might sign in to online banking.
The first time you sign in to login.pugetsound.edu, you will be asked to set up a second factor of your choosing. Every subsequent time you sign in, you will experience the two-step login process which will help protect your account and data.
One important thing to note: the prompt will always follow a successful sign-in attempt with the correct username/password. If you receive a prompt but did not personally try to log in, do not confirm the login attempt or provide the code to any other party. Further, this may indicate that your credentials have been compromised and we would recommend changing your password and/or calling the Service Desk at 253-879-8585.
How often will I be prompted for MFA?
Generally speaking, you will be prompted for multi-factor authentication once per day. When you log in for the first time in a day, you can check the box next to "Do not challenge me on this device for the next 12 hours." We recommend that you only do that on a device you own.
If you log in on a new device or in a new browser, you will need to go through the two-step login process again as your login session is specific to the browser you are in. We recommend checking your default browser settings to make sure the browser you normally use matches the default on your system.
Why do I need to use MFA?
As phishing, ransomware, and data breaches continue occurring in our digital landscape, simply requiring a username/password for login may not be enough to protect your account from malicious attackers. If your credentials become exposed and an unknown party tries to use it to access Puget Sound systems, it will be significantly more challenging for them to take over your account or gain access to your data if a two-step login process is in place.