Multifactor Authentication (MFA, 2FA)
Multifactor Authentication (MFA, 2FA) is a method of confirming a user’s identity with two or more pieces (mobile app) of evidence when signing on to a system or a service. It means that you have a second way of confirming who you are when signing into a system or service, in addition to your username and password.
Multifactor authentication helps keep Aalto University services and data safe ensuring that only authorised persons have access to them. Username and password are not enough for authentication in a time of cyber attacks.
When you are working outside of the Aalto network, part of our services require multifactor authentication when you are signing in. The main method for multifactor authentication (MFA) at Aalto University is Microsoft Authenticator.
Are you already using MFA and are looking for instructions on how to use it? See How to use MFA.
MFA services use two or more authentication methods, as mentioned below:
- Something you know (typically a password).
- Something you have (a trusted device that is not easily duplicated, like a phone).
- Something you are (biometrics).
Why Multifactor Authentication?
- MFA brings an additional layer of security to your user account.
In addition to the username and password, the attacker would need access to the extra authentication method you’ve defined.
- MFA is already in use at organisations around the world and can be considered a standard.
How to begin using MFA?
Register for the multifactor authentication service. You can do so either on a mobile device or on a workstation.
- Download and install the Microsoft Authenticator app from your mobile store. (Remember to accept notifications sent by the app!)
- Note: Do not sign in to the Microsoft Authenticator app.
- Go to https://aka.ms/mfasetupfor MFA.
- Sign in with your Aalto email address.
- If you don´t have an Aalto email address, enter your Aalto account in the format [email protected] and choose 'Next'. Sign in with your Aalto account in the format aalto\aaltousername and type your Aalto password. Choose 'Sign in'.
- Follow the instructions on the screen.
NOTE: If MFA registration is mandatory for your organisation, but you are unable to register at the moment, you can postpone the registration for 14 days.
After signing in to https://aka.ms/mfasetupwith your Aalto email address you are prompted to download the Microsoft Authenticator app.
If you have already downloaded the app, you can just click/tap "Next". If not, download the app. Proceed to next page.
- In the application: Add a new account and choose "Work or school account".
- In the registration screen: Proceed to the next page.
- Scan the QR Code on the screen with the application, or, on mobile, tap on "Pair your account to the app by clicking this link."
- Proceed to the next page.
- Approve the notification that is sent to your app to test the connection.
- Once approved you'll see a text "Notification approved" on the screen. Proceed to the next page.
- All set (almost)! Click Done. In the opening Security info view, we strongly recommend that you add an additional authentication method, e.g. an SMS code authentication. This is critical in case you e.g. change phones or lose your phone. Please see "Optional ways to use MFA" from https://www.aalto.fi/en/services/how-to-use-mfa
NOTE! MFA is ENABLED into use approximately 2 hours after the registration.
NOTE! You can test the functionality of the additional authentication method now by going to https://mfatest.aalto.fi with a browser
NOTE! For Aalto staff we recommend that you add also the SMS (text message verification) in addition to the Authenticator app. This helps ensure that you always have MFA available.