Body
Frequently asked questions about PGCC's Multi-Factor Authentication (MFA) options
What is MFA?
Multi-factor authentication (MFA) is a security enhancement that requires two forms of verification when using your PGCC Logon and adds critical protection for your sign-on credentials.
Why is MFA needed?
We are deploying MFA for PGCC Logon in response to a dramatic rise in the scope and sophistication of phishing, spear phishing, and malware attacks that are targeting our students, faculty and staff. The high rate of successfully compromised passwords is a serious and pervasive threat to information security at PGCC.
When signing in to pgcc resources online, users have always been asked to provide a username and password. However, this single method of authentication creates a single point of failure — if a malicious party obtains a user's password through phishing, hacking, or brute force guessing, that account is compromised.
Multi-factor authentication adds an additional layer of security by verifying not only that the user knows a password, but that the user also has access to a registered device, like a personal smartphone.
Who is impacted by MFA?
Students, Faculty, and Staff
What are authentication options?
One-time Passcodes Yubikey Token
What is One-Time Passcode?
- One-time Passcode is a temporary code delivered via SMS text to the user’s mobile phone each time MFA is needed.
- The passcode sent to the mobile device is entered into the MFA login screen to gain access to the system.
What is Yubikey Token?
- A Yubikey token is a small USB-type device that is inserted into the computer.
- You press the Yubikey button to generate a unique code each time MFA is needed
What applications/system should be protected with MFA?
All apps in myPGCC portal
How often do users need to re-authenticate?
They need to re-authenticate any time they sign-out of an SSO application or anytime they close a browser. There is also an 8 hour time out set for the persistent token.
Which authenticate method always best to choose?
We recommend you use one-time passcode SMS option as the default MFA. If you do not wish to use your phone for MFA, we recommend you use Yubikey or your non-pgcc email.
What if users don’t want to use their personal device or don’t own a smart phone?
We offer Yubikey. Please contact the service desk to make a request
How do I change or update authentication method?
Please see the document: Confirming Multi-Factor Delivery Methods.
If I have an elevated account, do you have to enroll in MFA?
Yes
What if I forget my phone at home?
Please use your alternative MFA method - See the document: Confirming Multi-Factor Delivery Methods.
What if I experience issues with MFA?
Please contact the PGCC Technology Service Desk at 301-546-0637 or Information Center at 301-546-7422.
When a user close out a browser that login required MFA, do I need to reauthenticate to use re-use the browser?
- User did not choose "Remember this Browser" - they will need to login via SSO AND also obtain and enter an OTP for MFA
- User chose "Remember this Browser" - they will be forced to re-authenticate, however, should not be forced to obtain and enter an MFA OTP.