Multi-Factor Authentication (MFA)

All faculty, staff and student accounts are now required to utilize MFA when authenticating to WSCO’s Systems from off campus.

Washington State College is taking extra steps to make sure you are who you say you are when you sign in. This extra security verification is also known as multi-factor authentication (MFA). It consists of a combination of your username, password, and a mobile device or phone. We will be using a "time based" MFA system where you will use a phone app to enter a 6-digit code to finish signing in.

MFA is more secure than just a password because it relies on two forms of Authentication:

  • Something you know, like your password.
  • Something you have, like a phone or other device that you carry.

Multi factor authentication can help stop malicious hackers from pretending to be you. Even if they have your password, the odds are that they don’t have your device, too. If you are not actively logging in, do not approve a login request, and report it to the IT Helpdesk for investigation. Also, IT Helpdesk or other staff will never ask you for these codes to approve a login request for them. Never provide these codes to anyone other than your normal login process.

What you need to do to prepare: visit your phone’s app store (or Google Play store if using Android) and download one of the following authenticator apps:

  • Google Authenticator
  • Sophos Authenticator
  • Microsoft Authenticator
  • Authy

If you already use one of these for another service, you may use the one you have.

If you have a VPN account this will be the same phone application you will use for VPN multi factor authentication when it is deployed on June 1.

What will it look like when deployed:

You will visit https://my.wscc.edu and login like normal.
On your first sign in, you’ll be directed to a page with a custom QR code (see screenshot below) that you will scan with your authenticator phone app.
You will enter the 6 digit numeric code on your app in the box labeled, “Enter your authenticator code,” and press “Submit” to continue.
For all future sign-ins you will just open the app and enter the 6-digit code that is shown on your authenticator. You only scan the QR code on the first time, or if you need it to be reset in the future when you get a new phone.

Screenshot of first-time sign in with QR code:

MFA screenshot

Screenshot of a normal login after your phone is registered:

MFA screenshot

Here are the app store links for Google Authenticator:

iPhone: https://apps.apple.com/us/app/google-authenticator/id388497605

All iPhone authenticator apps: https://www.apple.com/us/search/Authenticator?page=1&sel=explore&src=globalnav

Android: https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2

All Android authenticator apps: https://play.google.com/store/search?q=authenticator&c=apps&pli=1

Here is a list by browser of some of the top rated plugins to handle MFA. This would be intended for students who can’t or won’t use a phone, but do have a device of some variety.

Chrome Authenticator - https://chrome.google.com/webstore/detail/authenticator/bhghoamapcdpbohphigoooaddinpkbai

Firefox Authenticator - https://addons.mozilla.org/en-US/firefox/addon/auth-helper/

Microsoft Edge Authenticator - https://microsoftedge.microsoft.com/addons/detail/authenticator-2fa-client/ocglkepbibnalbgmbachknglpdipeoio