What is MFA? 

Trinity College requires MFA for all staff, faculty, and students. For all other users with a Trinity email address, MFA is strongly recommended. Submit an Opt-in form to be added.  

MFA involves using a “second factor,” like the Microsoft Authenticator Application, SMS messaging, a landline phone such as your desk phone, or a security token such as a YubiKey when you log into MFA-protected resources. This helps you ensure that your accounts are protected, and only you can access them. Please visit What is: Microsoft Multifactor Authentication to learn more. 

Informational Links 

 Setup MFA | Manage Second Factors | MFA Setup Walkthrough Video | 

Common Problems with MFA Setup | Microsoft Authenticator App Help | MFA FAQs 

 

What are the Trinity-approved Multifactor Authentication Methods? 

Microsoft Multifactor Authentication Application 

Use Microsoft Authenticator for easy, secure sign-ins for all your online accounts using multi-factor authentication. For an even easier login experience, enable “Phone Sign-In.” Once enabled, you should be able to use passwordless sign-in to access your account. When signing in, you will be shown a number. Open the Authenticator app and type in or select the correct number. After putting in the number, you will have to use Face Id or fingerprint authentication, depending on your device. 

FIDO2 security key 

One of the most popular FIDO2 security keys is YubiKey. YubiKey is a USB stick that you can plug in and be set up to use as an authentication method. The YubiKey can be used as a last resort option in case you lose or do not have access to your phone or other means of verification. The user can complete a setup within the Manage “Second Factors” within their Microsoft Account. 

OATH hardware token 

One of the most popular and recommended OATH hardware tokens is Protectimus. It comes in the form of a keyfob making it more durable and reliable. Please contact the Library and Information Technology Services division to set up your hardware token. Self-setup is not permitted. 

Voice Call (Wireless or Landline) 

With phone call verification during SSPR or Azure AD Multi-Factor Authentication, an automated voice call is made to the phone number registered by the user. The user is prompted to press # on their keypad to complete the sign-in process. TIP: If you lose or do not have access to your other authentication methods, you can add a landline such as your home phone or office number. You can set it up so that your emergency contact will get a call to authenticate your login. Ensure that they know they MUST contact you before they approve any access to your account.