No. Microsoft is mandating this change by default for ALL organizations. It is not configurable.

this can occur when you’re using your phone to login to a service and authenticate using the app. In this scenario, select “I can’t see the number” on the screen. This will hide the dialog for five seconds so you can see the number (example shown below).

Older versions of Microsoft Authenticator may need to be upgraded to the latest version. Download the latest versions from the App Store and Google Play Store. The minimum version required for Android is 6.2006.4198, and the minimum version for iOS is 6.4.12. See here for more information.

Older versions of Microsoft Authenticator may appear different. Users need to upgrade to the latest version of Microsoft Authenticator for the best experience. Download the latest versions from the App Store and Google Play Store. The minimum version required for Android is 6.2006.4198, and the minimum version for iOS is 6.4.12. See here for more information.

If a user is running an older version of Microsoft Authenticator that does not support number matching, authentication won’t work if number matching is enabled. Users need to upgrade to the latest version of Microsoft Authenticator to use it for sign-in if they use Android versions prior to 6.2006.4198, or iOS versions prior to 6.4.12.

No, Apple Watch does not currently support number matching. You may need uninstall the Microsoft Authenticator Apple Watch app.

MFA helps protect your account by adding an extra step to verify that you are who you say you are when you log on. In addition to your password, your account will be protected by “something you have,” such as a smart phone, mobile phone or a hardware token. This helps prevents hackers from gaining access to your account even if they know your password. 

Hackers will always try to get our passwords, whether through phishing attacks, guessing attacks or by compromising other websites. MFA provides you the peace of mind that, even if your password is compromised, the hackers will not be able to access and use your account to further their attacks. 

All members of the McMaster community, including faculty, staff, and students. 

All McMaster students, faculty and staff are required to implement MFA on their Microsoft services/applications by April 2022. A rolling implementation will begin in January 2022, with information and support to be shared in advance and throughout the winter semester. However, there’s no need to wait! You can start today! McMaster students, faculty and staff can sign up for and use MFA right now. 

There are several options to choose as your second factor:

• The Microsoft Authenticator smart phone app is the recommended method because of its ease of use and  enhanced security. The app can be configured to use either a push notification (most convenient) or a verification code (most secure). The Microsoft Authenticator app includes additional benefits that you can leverage to protect your personal account. Click here for more information about the Microsoft Authenticator app.
• A hardware token is a small fob that provides you with a six-digit code that changes every minute and is used as your second factor.
  How to request a hardware token.
• SMS text messages can be used to send a 6-digit code to your mobile phone, then entering that code at log in as the second factor.
• Phone calls can be placed to your mobile or office phone to provide you a 6-digit code, then entering that code at log in as the second factor.

The Microsoft Authenticator App is the recommended method for second factor. You can download it by visiting the Microsoft Website here.

Hardware Token Request Instructions

After you register for MFA, you will be asked to assert your second factor the first time you log on. You will not be asked to assert your second factor again when you log on from that device and in that location for at least 30 days (for employees) or 90 days (for students). 

Only a few minutes. It is amazingly easy! Register here! 

The Microsoft Authenticator app software token method does not require an internet connection and does not use cellular data. You can use it even your device is in airplane mode. 

The Microsoft Authenticator mobile app is the recommended method for most users. It provides both online and offline code options to log in, which is useful if you are at an offline location. The Microsoft Authenticator app takes up very little space on your phone, and you can use the app without an internet connection or cellular data. 

Not necessarily. Your password can still be compromised, and you will need to change it if that happens. We still recommend all the advice that we have always recommended with regards to secure passwords: use a unique and strong password that does not contain any dictionary words and a variety of character sets and continue to be on the lookout for phishing emails. If your password does not get compromised, you will not need to change it.

Password complexity requirement is different from multifactor authentication. You still need to change your MacID password when required if you suspect your MacID has been compromised.

When you log into your account and get prompted to use MFA

If you don’t have access to your app or have access to your app but don’t have access to Cellular/Wi-Fi and want to use a verification code click “I can’t use my Microsoft Authenticator app right now.”

Then; “use a verification code.”

On your phone, Open your MFA app and click on your “McMaster University account”.

From there, you will see a “One-time password code” that will change every 30 seconds.

Type in the code in the text box and you should be logged into your account without the use of the internet.

Hardware Token Request Instructions 

When you register, you will be asked to setup multiple methods that can each be used to assert your second factor, then select one as the primary method. If you forget your primary at home, you can use one of the others that you configured. If that does not solve the problem, please contact the UTS Client Services for further assistance. 

You can setup more than one device. We highly recommend that everyone add at least 2 devices.

The Microsoft Authenticator mobile app is the recommended method for most users. It provides both online and offline code options to log in, which is useful if you are at an offline location. The Microsoft Authenticator app takes up very little space on your phone, and you can use the app without an internet connection or cellular data.

Text messages and voice calls are sent only when you request them and would be billed by your carrier like any other text message or inbound voice call. The Microsoft Authenticator app push notification method uses very little cellular data and will use Wi-Fi if available. The Microsoft Authenticator app software token method does not require an internet connection, and as such, does not incur any expense.

The Microsoft Authenticator app software token method does not require an internet connection and does not use cellular data. You can use it even your device is in airplane mode.

The Microsoft Authenticator app software token method does not require an internet connection and does not use cellular data. You can use it even your device is in airplane mode. 

When you received a push notification for a log on that you did not initiate, select DENY to prevent unauthorized access to your account. In these cases, your password may be compromised, and we recommend that you change your password immediately. Click here to go to the password management page.

No, the Microsoft Authenticator app is light weight and not intrusive.  The app requires access to your camera to setup MFA using the software token method (i.e., to read the QR code), and does not access any other data on your phone. The app does not collect any information from your phone to send to McMaster or Microsoft.

Open the Microsoft Authenticator app and click on Settings. Use Logs to control what data is sent to Microsoft. 

Yes, all former Professors and Professors Emeriti will be required to use MFA.

No, it is not a requirement that you use MFA to login. You have the option to signup voluntarily if you feel if provides you the best security protection for your account.

Yes, other universities and colleges are using MFA to better protect their data and accounts.

Select “work or school account”. 

No, you enroll only once when you sign up for MFA. 

No. MFA does not cause any slowdown to the performance of your applications. 

Yes, you can change/update or add more verification methods at any time by visiting your security information.

No, after asserting your second factor, your computer will be trusted from that location and device for 30 days (for staff) or 90 days (for students). You will not be prompted to assert your second factor again unless you switch locations or log on from a different device.

When you received a push notification for a log on that you did not initiate, select DENY to prevent unauthorized access to your account. In these cases, your password may be compromised, and we recommend that you change your password immediately. Click here to go to the password management page. 

Yes, you can change/update or add more verification methods at any time by visiting your security information. 

The Microsoft authenticator app as it is light weight and non-intrusive to the phone as well as does not require data or cell service. If you do not have a device we recommend the hardware token. 

Change/update your default-sign-in method by visiting your security information.

Yes you can use the MFA app internationally at any time free of charge.

“Legacy authentication” is a term Microsoft sometimes uses to describe basic authentication when used with its cloud-based services. This is in contrast with the term “modern authentication” which provides more security and capabilities.

As part of the ongoing effort to keep McMaster systems secure, legacy authentication has been disabled for students using Microsoft 365 email. Applications that do not support modern authentication will not be able to connect to a Microsoft 365 email account. The recommendation is to use a McMaster supported email client, Outlook Web Access.

This list is not intended to be comprehensive; it is only a list of known client applications. If you have one which should be added, please let us know.

• Outlook 2013 without special settings enabled (we recommend you upgrade)
• Outlook 2010 or earlier
• Mac Mail on Mac OS 10.13 or earlier
• Thunderbird
• Eudora
• Pine
• Android Touchdown
• Android BlueMail
• Any client application on iPhone 5 and lower (can use browsers to OWA)
• Any client application on iPad 4th generation and lower (can use browsers to OWA)
• Mail on iOS 10 or lower
• Any client application on Chromebooks (can use browsers to OWA)
• Most IMAP4 or POP3 clients
• Exchange Online PowerShell module

Legacy authentication cannot be protected by Multi-factor Authentication (MFA). Because the password is known to the application, it is less secure than modern authentication. If legacy authentication is not blocked for your account, 3rd party applications can ask for your credentials and have your password without you being aware they do.

All Microsoft cloud services are modern authentication capable.