Body
Multi-Factor Authentication (MFA) combines two or more independent credentials or "factors" -- what you know (i.e. your password) with something you have (e.g. mobile phone) -- in order to create a second layer of security for your UWin Account. Even if someone has your password, they will be prevented from accessing your account when it is protected by MFA, unless they have access to your secondary authentication method.
Each user needs to configure their authentication methods for the MFA in their Microsoft work account profile. While this can be done after MFA is enabled, it is strongly recommended to do this prior to MFA being enabled.
NOTE: To purchase a security key, please go to Security Keys | Information Technology Services
- Navigate to Microsoft's My Account site (myprofile.microsoft.com) in a web browser and sign in with your UwinID@uwindsor.ca and your UWin Account password.
- Once signed in, click Update Info in the Security Info box
- Click on + Add method button to add an authentication method. You can also use this screen to change or delete one of your existing authentication methods.
Note that while there are several different authentication options that are available, one of them will be designated as a default method. You can change your default method or add or remove options.
- Select Change next to your Default sign-in method and choose from the drop-down options.
Verification Code
If you selected "Phone - text" or "Authentication app or hardware token" as your default secondary authentication method, you will be prompted to enter a verification code (which will arrive via text) or confirm your login using the Authenticator App when accessing an MFA protected service or app on a non-trusted computer or from a non-trusted location, that normally requires you to enter your password.
Enter the code or confirm the login when prompted and click on Verify to finish signing in.
To temporarily disable MFA on a specific computer, such as your home computer, you can check the box next to Don't ask again for 30 days before clicking on Verify; do not use this option on any public or shared computer.