FAQ for MFA (Multi-Factor Authentication)

Summary

This article answers some common questions regarding the implementation/use of MFA here at PGCC.

Body

Frequently asked questions about PGCC's Multi-Factor Authentication (MFA) options

 

What is MFA?

Multi-factor authentication (MFA) is a security enhancement that requires two forms of verification when using your PGCC Logon and adds critical protection for your sign-on credentials.

Why is MFA needed?

We are deploying MFA for PGCC Logon in response to a dramatic rise in the scope and sophistication of phishing, spear phishing, and malware attacks that are targeting our students, faculty and staff. The high rate of successfully compromised passwords is a serious and pervasive threat to information security at PGCC.

When signing in to pgcc resources online, users have always been asked to provide a username and password. However, this single method of authentication creates a single point of failure — if a malicious party obtains a user's password through phishing, hacking, or brute force guessing, that account is compromised.

Multi-factor authentication adds an additional layer of security by verifying not only that the user knows a password, but that the user also has access to a registered device, like a personal smartphone.

Who is impacted by MFA?

Students, Faculty, and Staff

What are authentication options?

One-time Passcodes Yubikey Token

What is One-Time Passcode?

  • One-time Passcode is a temporary code delivered via SMS text to the user’s mobile phone each time MFA is needed.
  • The passcode sent to the mobile device is entered into the MFA login screen to gain access to the system.

What is Yubikey Token?

  • A Yubikey token is a small USB-type device that is inserted into the computer.
  • You press the Yubikey button to generate a unique code each time MFA is needed

What applications/system should be protected with MFA?

All apps in myPGCC portal

How often do users need to re-authenticate?

They need to re-authenticate any time they sign-out of an SSO application or anytime they close a browser. There is also an 8 hour time out set for the persistent token.

Which authenticate method always best to choose?

We recommend you use one-time passcode SMS option as the default MFA. If you do not wish to use your phone for MFA, we recommend you use Yubikey or your non-pgcc email.

What if users don’t want to use their personal device or don’t own a smart phone?

We offer Yubikey. Please contact the service desk to make a request

How do I change or update authentication method?

Please see the document:  Confirming Multi-Factor Delivery Methods.

If I have an elevated account, do you have to enroll in MFA?

Yes

What if I forget my phone at home?

Please use your alternative MFA method - See the document:  Confirming Multi-Factor Delivery Methods.

What if I experience issues with MFA?

Please contact the PGCC Technology Service Desk at 301-546-0637 or Information Center at 301-546-7422.

When a user close out a browser that login required MFA, do I need to reauthenticate to use re-use the browser?

  1. User did not choose "Remember this Browser" - they will need to login via SSO AND also obtain and enter an OTP for MFA
  2. User chose "Remember this Browser" - they will be forced to re-authenticate, however, should not be forced to obtain and enter an MFA OTP.

Details

Details

Article ID: 145645
Created
Fri 5/5/23 2:49 PM
Modified
Thu 5/11/23 10:07 AM

Related Services / Offerings

Related Services / Offerings (1)

Assistance with safeguarding your PGCC logon