Two-Step Verification

2-Step Verification Overview

Summer of 2019 Graceland moved employees 2-Step Verification for Office 365.

Starting Fall of 2019 Graceland is moving all personal "Sting" accounts to 2-Step Verification for Office 365 (this includes your email) for employees, students, and alumni.

Why?
In late September of 2019 Graceland experienced a sharp inscrease in the number of compromised Sting accounts. In Sping of 2019 Graceland was the target of multiple successful attacks against Employee accounts. We will be implementing more security options for your Office 365 accounts to help prevent unauthorized access. One of those options will be 2-Step Verification.

How it will work?
When you log into Office 365 (through the Web, Computer, or Phone) you'll put in your username and password like normal. You will then be prompted for a second verification. That will be one of the following: a phone call, a text message, a confirmation press on a mobile device, or a random 6 digit code you'll enter from an authenticator app. The videos below give you an overview of how each of these options work. They are just around a minute each, so feel free to watch them all. You'll get to choose which of these you want available to use when you set up your 2-step verification and can change them.

Ready to set it up?
Head on over to our 2-step verification guide.

Video examples of your options

Here are video overviews of your four different options for 2-step verification. You will need to pick at least one during your setup. You don't have to do them all, but you can pick more than one. Whichever you pick first will be your initial default option. You can set up additional phones for your text and call options later. See "How to set up additional verification options" to change or add options, or change your default.

If you pick one of the two app options you will be required to choose at least one additional option as a backup in case you lose your device. You will also need an Authenticator App. See "Getting an Authenticator App" for information
Option 1: Text Message
Option 2: Phone Call
Option 3: App Code
Option 4: App Confirmation

2-Step Verification Guide

This guide is broken into sections to help make it easier to find what you are needing to do.

If you are looking for how to first set up your 2-step verification, head to "Your first time setting up 2-step verification".  
We have sections for how to set up each option that's available.
 
If you need help making changes to your verification options any time later, head to "Changing your options for 2-step verification".
 
The last few sections provide general information you may need to know, such as how to get and Authentication App, get your various Office 365 apps, and information about securing your mobile device.

After you provide your username password, you are going to see a new screen asking for you to provide more information. It will look something like the image below.

Show/Hide image More Information Screen
It will take just a few minutes to set up your additional verification options. Here are the steps you'll need to follow.
  1. Click the next button to continue to set up your default choice for your 2-step verification. The next screen will look something like the image below:
    Show/Hide image2-step Verification Setup Screen
    2. Depending on which option you want to use as your default you'll have different steps to follow. Open the section below that matches your choice.
  2. Setting up an Authenticator App on a mobile device
    Show/Hide instructions
      You will need an Authenticator App already installed on a mobile device to set this up. See the "Getting an Authenticator App" section of this guide on how to do this. The following instructions will go over using the Microsoft Authenticator app. If you are using another authenticator, the instructions will differ.
    1. Watch the following video to see how to set up the Microsoft Authenticator app
    2. You'll need to also set up a phone as a backup. Continue to Step 3 below for those instructions.
  3. Setting up a phone (call or text message)
    Show/Hide instructions
    1. Select Authentication Phone, select the appropriate country code, and type in your phone number.
    2. Choose how you want to be contacted (a call or a text message)
    3. Click next. You'll now be contacted by your chosen method and need to provide the confirmation
  4. You will then be told about app passwords on a screen like the one below titled "Step 4: Keep using your existing applications". Since we use 2-step verification for all of Office 365, you won't need to do anything on this screen. You can just click Done to finish your setup.
    5. Show/Hide imageMore Information Screen
If you use a mobile device to connect to your Office 365 account, you might have some additional steps. See "Setting up Office 365 on your Mobile Device" for those steps

If you wish to use the App options you will need an authenticator app. Microsoft provides an authenticator app for free on Android, iOS,and Windows phone https://www.microsoft.com/en-us/account/authenticator, but you can use any authenticator that supports Time Based One Time Passwords. This includes Authy, Google Authenticator, Symantec VIP, Sophos Authenticator, Dashlane, and more. So, if you already use one, feel free to use it instead of installing a new app.

Did you know? Many services such as Facebook and Amazon also offer 2-step verification. 
You may want to secure your personal accounts as well. The community website https://twofactorauth.org/ is a great way to find out if a service you use has support for 2FA or 2-step verification and links to the sites information on how to set it up. For TOTP support, see if they are listed as having Software Token.
Please note: 2-step verification uses a more secure method of connecting your mobile device to your account. Many apps for email do not yet support it. You will need to either use an app that supports 2-step verification, or use an app password if it doesn't. Information on App Passwords is in the next section.

List of apps supporting 2-step verification

 

For apps that do not support 2-step verification (such as GMail or iOS 10 and before) you won't use your password when asked for it. Instead you'll type in a special app password that you have to first create. Look at the next section of this guide on how to get an app password

An App Password is a special password you create that allows apps that can't use two-step verification to access your account. It takes just a few minutes to do.

To get an App Password, follow Microsoft's Guide. Skip the first section, and start at the next section titled "To Create another app password". When you create the password, give it a meaningful name in case you ever need to delete it (such as if you lose your device).

For MiCollab: you'll need to paste the app password into the Exchange Password when asked for it

For Mobile Devices: at step 7, instead of copying the password to your clipboard you will need to type it in to your app when it asks for your password.

Important! App passwords bypass two-step verification and should be used rarely and with great caution. Do not ever write down, store, or share this password. Always create a new password when needed and delete unneeded ones at the same time.

Secure your device! If you are connecting your device to Office 365 or using your cell phone number to receive codes you will want to have your device secured.

Your device should have a lock screen that is more than just a swipe, pin, or pattern to unlock. Use a password or biometric (fingerprint/face recognition) to secure your device. Don't share your device with others. If you do, such as with a spouse or child, treat it like a shared/public computer. Don't access Office 365 through an app but instead log in and out of the web.

Remember, your Office 365 account is yours for use with Graceland and come with additional security requirements by policy, don't let others have access to it!


2-Step Verification FAQ

If you are using an app to access your Office 365 account and it keeps asking you for your password it is usually because that app doesn't support 2-step verification. You'll need to either change apps, or use an app password. See more information in the "Setting up Office on your Mobile Device" section of the 2-step verification guide.

If it's an iOS device, try removing your account and re-adding it first. Apple's mail app needs to reconnect. If that doesn't work, your version of iOS may not support 2-step verification with the mail app.

In short it makes your account safer. 2-step verification largely eliminates spoofing and phishing as viable ways for other people to get into your account. By turning it on Graceland will be much less susceptible to data loss. We are also turning off POP3 and IMAP access to your email accounts as they are older less secure methods of accessing email that ignore 2-step verification requirements. You likely are using either of those.
Currently, when you log into your Office 365 account -- such as through Outlook or a web browser -- you are required to provide just your username (email address) and your password. With 2-step verification, you will provide a confirmation that you are logging in. That confirmation will come from a phone call, a text message, or an authentication app on a mobile device.
Yes. You will need to have a way for Office 365 to verify your identity separately from the machine you are logging in on. You will be able to set up multiple ways to confirm your log in in case you cannot use one of them. You can set up your office phone and two additional phones. You can also set up an authentication app on one or more mobile devices, such as a smartphone or tablet.
No. You will be required to confirm your log in whenever you first log in on a device, after you log out of your account, or every three months or so to re-verify your access on that device. Because there are multiple ways to access information in Office 365 you may have to answer multiple MFA prompts, especially on the first day. If you only ever access your Office 365 account on a single device you will rarely have to provide an MFA confirmation.

No. The goal of 2-step verification is to make it highly improbable for someone to pretend to be you not to make it impossible. It makes it hard enough that it is unlikely you will be breached. However, it is theoretically possible for someone to get access to one of your additional verification, such as by stealing a phone. Security researches have already proven that text messages can be intercepted or phones hijacked. However, 2-step verification by its nature is more secure than just a password.

Yes. Many other services, such as Amazon or Facebook also support 2-step verification, also known as 2-factor and multi-factor authentication. To find out if one of your other services uses it, and to get links to help set it up, go to the publicly maintained list at https://twofactorauth.org/ and search for the website or provider of the service you want to set up. It will list the types of factors that the provider supports (if any). If you see a check under "Software Token" they likely support an authenticator app just like Office 365 does (some companies have their own proprietary apps).