General MFA Background FAQs
What is Multi-Factor Authentication (MFA)?
Multi-factor authentication (MFA) strengthens account security by requiring two factors to verify your identity. These factors usually include something you know (like a username and password) plus something you own (like a smartphone). MFA protects against phishing, social engineering, and password brute-force attacks and secures your logins from attackers exploiting weak or stolen credentials. With MFA, your password alone is no longer enough to access your account, dramatically improving account security.
What is a security “factor"?
The “factor" in MFA refers to a method of verifying your identity. The most basic type of factor is your password, which is often the primary, or initial authentication factor you'll be prompted for. Your organization may choose to ask for more factors to complement your password. These additional factors could range from an app on your phone that generates a code for you to enter after you've typed in your password, to a USB key you have to insert into your computer, or even a fingerprint scan.
Why is MFA required?
MFA is an effective way to provide enhanced security. Traditional usernames and passwords can be stolen, and they've become increasingly more vulnerable to malicious activity, and cyber attacks like phishing or brute force attacks. MFA creates multiple layers of security to help increase the confidence that the user requesting access is actually who they claim to be. Reports show that applications and identities are the initial targets in 86% of breaches. It has become a necessity to protect our applications and identities through a second layer of security.
Why isn't primary authentication enough, what's wrong with passwords?
- One set of login credentials (such as username and password) is not solving important access challenges.
- Passwords, in addition to being difficult to manage, are vulnerable to a variety of attacks like phishing, social engineering, etc.
- By boiling all applications down to one username and password, security strength is only as strong as that one set of credentials. If it's a bad password, your security situation hasn't improved.
- If hackers get a hold of a user's login credentials, they can access all of the user's resources. This is especially a threat if that user has access to privileged information or mission-critical data.
What are the benefits of MFA?
- Lower the chances of end-user identities (and, subsequently, their IT resources) becoming compromised.
- Even if hackers have a user's password, we can stop them by adding a personal, time-sensitive factor to the authentication process.
- Peace of mind for enterprise, knowing that users sensitive data is made safer by an additional security layer.
- MFA also adds a sense of mindfulness to authentication. By taking the time to add their second factor, users are reminded of the importance of tight identity security.
MyWisconsin ID-Specific MFA Product FAQs
How does MyWisconsin ID keep MFA factors secure?
MyWisconsin ID encrypts your user credentials using two different software locks called keys. It stores user data and the keys used to unlock that data in separate databases. For extra security, it then encrypts the keys in three different ways for even stronger protection. No one person at MyWisconsin ID can access the encrypted master key, and MyWisconsin ID maintains an audit trail to show how it manages the keys.
Which MFA factors does MyWisconsin ID support?
MyWisconsin ID supports a number of factors: passwords, login codes sent via mobile apps or SMS, push notifications (Okta Verify with Push), email, plug-in and wireless-enabled hardware keys, and biometrics (Windows Hello, Apple TouchID).
What is Okta Verify?
Okta Verify is a mobile application from Okta that can be used to verify a user for MFA purposes. You receive a push notification on your mobile to confirm the second factor after the factor is set up. Please refer here for additional, detailed
Okta Verify FAQs.
Do I need to set up MFA again if I registered previously?
No. Once done or configured, you need not set up a factor again.
Can I turn off MFA?
MFA is enabled and enforced on all accounts. Multiple MFA methods are enabled for users to enroll in MFA, including MyWisconsin ID Verify, Google Authenticator, FIDO2, and SMS. Users can choose which MFA methods they choose to enroll with. That lets you choose the factor that best suits your working style. Are you constantly checking your phone? Then MyWisconsin ID Verify may be the right factor for you.
MyWisconsin ID-Specific MFA Product How-To/Troubleshooting FAQs
How do I set up and register my MFA?
- User accesses Application / MyWisconsin ID Dashboard
- User is redirected to MyWisconsin ID login page
- User submits username and password
- User is successfully logged in
- User is prompted to enroll in MFA factors
- User enrolls in 1 or more factors
- User redirected to Application / MyWisconsin ID Dashboard
How do I register a new device for MFA?
To register a new device you need to reset your MFA and then set it up again with the new device.
How do I reset my MFA?
- Go to your MyWisconsin ID Dashboard, where you'll be redirected to the MyWisconsin ID login page
- Submit your username and password
- If prompted, add your second factor for authentication
- Once you're logged in, go to the
Settings page, and click on
Edit Profile
- For security, you'll be prompted to provide your password and/or second factor
- Click
Remove for factor to reset
- Click on
Set up for factor you wish to reset
What can I do if I am stuck on the “Enrolling Your Device" screen on the phone I want to use for MFA?
If you get stuck in a loop when attempting to register via SMS/Email/QR code, or you are not getting any code to enter or any push notification, it means your device may not have enrolled correctly. In this case, you need to reset MFA from your account, uninstall MyWisconsin ID Verify on the device, install it again, and then set up the MFA again.