iTech
Number Matching for Multi-Factor Authentication (MFA)
Page Content
Passwords alone are no longer enough to protect sensitive information from being compromised. This is where Multi-Factor authentication (MFA) comes in. MFA requires users to provide multiple forms of identification when accessing Southern Miss online applications or campus VPN services.
When using the Microsoft Authenticator App, users were shown a prompt with a Deny/Approve button. Selecting "approve" would authenticate the user and complete the connection.
A form of cyber-attack known as "MFA Fatigue" has become more common. A user whose password has been compromised will see repeated push notifications to annoy the user into hitting "approve" - thereby giving the attacker the access they desired.
Microsoft is adding "number-matching" to comply with new MFA regulations from the U.S. Cybersecurity Agency. The number matching feature ensures that only the user who initiated the login request and has physical possession of the smart device is allowed access.
- After successfully entering your CampusID username and password, a screen will pop up with a two-digit code.
- On the smart device, the Microsoft Authenticator app will prompt as before, but will now request the entering of the two digits displayed to complete the authentication.
- Open the Microsoft Authenticator app on your smart device.
- Tap on The University of Southern Mississippi connection object.
- This will display a screen that shows a six-digit code.
- After successfully entering credentials in the VPN connection, the client will request the six-digit code you currently see in the authenticator app.
- After entering the code, the connection will be established.