This page answers some of the more frequent questions that you may have regarding Two Factor Authentication or Self-Service Password Reset.
- What is two-factor authentication and why do I need it?
- Two-factor authentication uses two items to log you into a system, typically this is something only you know (a password) along with something you have (a cell phone number to receive a text message, or an authenticator app, security key fob, etc.).
By using a password and something physical that you have access to security is greatly improved. Because even if your password were to be leaked through password re-use at a site that was breached, or your password were guessed, an attacker will not be able to access your account because they do not have the second "factor" (the physical item you have such as a cell phone etc.). You can read more about this on our Why do I Need Two Factor article.
- What is the preferred method, or most convenient method for using two-factor?
- The preferred method to use as your second factor is the Microsoft Authenticator App on a cell phone or mobile device connected to the internet such as a tablet that you will have readily available when logging in.
Using the Microsoft Authenticator App will send you a Push notification that will appear on your device when you attempt to log in. You'll then be able to Approve or Deny the login request. If you are not actively trying to sign in click deny. An example of this notification on a cell phone is shown below:
- Do I have to use two-factor every time I log in?
- No! You can choose to remember a browser for 30 days at a time. By selecting the Don't ask again for 30 days option as shown below:
This option will be cleared if you also clear your browser's cookies or history. This option must also be checked on each browser / device you wish to have remembered.
- I got a new phone and now my authenticator app needs setup again. How can I do that?
- If you still have access to the other options (text, call, etc.) that you setup for SSPR or 2FA, you can follow the steps on Adding another Authentication Method to add the Microsoft Authenticator app as an option on your new phone.
When you get to the screen showing your current methods for sign-ins, be sure to click the Delete button next to your old Microsoft Authenticator option that's listed.