Elevating security by enhancing 2FA
In McGill’s ongoing efforts to strengthen our security, we will continue to introduce enhancements to Microsoft Authenticator, including:
- New features that give more context for why you receive a Two-Factor Authentication (2FA) prompt:
- App: This tells you which McGill application or service is triggering your 2FA authentication prompt, so you have an extra way to verify if it’s a legitimate request.
- Location: This shows the general geographic location of the network where the 2FA request is coming from and helps to determine if it is legitimate by providing a visual cue. Note this is an approximate location based on the IP address your device is using.
- Changing the number of authentication prompts depending on the sensitivity of the data in the system you are accessing. If you sign into systems that host sensitive or confidential data, you may have to authenticate on a daily or weekly basis. Banner and Workday already use this feature, and you will notice its gradual implementation across other applications within McGill.
Haven't set up the Microsoft Authenticator app?
Those who have not yet set up the Microsoft Authenticator app, which is one of the most secure methods of authenticating, will receive a nudge notification when signing in to authenticate. This notification encourages you to download and set up the app on your mobile device. See instructions on how to setup the app here.
Why is the Microsoft Authenticator app more secure than SMS?
With SMS (texting), hackers can trick mobile carriers into redirecting a phone number to a new device, therefore they no longer need your physical phone to access your 2FA authentication codes. The Microsoft Authenticator app doesn’t rely on your mobile carrier, meaning hackers still need access to your physical device, making it harder for them and ultimately safer and more secure for you and McGill.
Seeing an incorrect location in your 2FA prompt?
Note that this is an approximate location based on the IP address your device is currently using, rather than the exact location of the device. The location shown might reflect the network you're connected to, and not your physical location.