Summary (what you get)
Multi-factor Authentication (MFA) provides a layer of security by requiring additional credentials, like a PIN or answering a challenge question, beyond providing your username and password. It prevents anyone from accessing MFA-enabled systems without satisfying the MFA requirements.
Once MFA is activated for a particular application or web service, you will be prompted to provide additional credentials to verify your identity. Once your identity has been verified you will be granted access to the application or web service. In addition, the device from which you have authenticated will also become a trusted device.
Services include
In order to use the MFA capabilities, you must have already logged into the system that allows you to manage your HWS credentials: myaccount.hws.edu. In addition to enabling MFA, this system also allows you to reset your own password should you forget it.
When you log into the system for the first time, you will need to update the following information:
- Knowledge Based Questions – these are security questions that help the system confirm your identity if you've forgotten your password and need to reset it.
- Recovery E-mail - this is an e-mail address, other than your HWS e-mail, that provides an alternate method for the system to confirm your identity.
The system will be automatically populated with a mobile phone number, for an additional way to confirm your identity, if you've provided it in PeopleSoft. If you don't know how to update your PeopleSoft information, please see instructions on the HWS Human Resources site.
When you receive it
Multi-factor authentication is automatically available for many HWS services and applications.
Related information
In an effort to strike a balance between reducing our institutional risk of a cybersecurity breach while not being overly intrusive in the ability to access HWS applications and services used on a daily basis, the MFA capability will allow for what is called “trusted devices.” A trusted device specifically applies to the combination of the browser on your computer or mobile device (phone, tablet, etc) and the device itself. Once you have signed into a service using multi-factor authentication, the system remembers your browser and device. For a period of 30 days, you will not have to go through the additional verification step when using that same browser and device to access any MFA enabled application or web service.