What is MFA?
MFA is an authentication process that requires users to provide two or more forms of verification before accessing our systems or data. This means that in addition to your username and password, you will be required to provide another form of verification, such as a one-time code provided by an authenticator application on your mobile device. In our case, we will use the Microsoft Authenticator mobile app to supply your one-time codes.
For a complete list of HACC's MFA knowledge base articles, please click here.
Why is HACC shifting to use MFA?
MFA allows HACC to better secure your network account and thus protect the College's data and systems. Private businesses and even many other institutions of higher education are adopting MFA to help them better protect their users, data and systems. Because of how MFA functions, it also reduces the effectiveness of email phishing attacks. HACC is also moving to implement MFA to meet the requirements of the Gramm-Leach-Bliley Act (GLBA).
What’s the timeline for employees and students to start using MFA to log in?
Employees were migrated into MFA in 2023. MFA was enabled for students on May 26, 2026.
When will I be prompted for MFA?
Students: You will receive a prompt to enter your MFA code when signing into HACC's systems both on and off campus.
Employees: MFA will only prompt you to enter your MFA code if you are trying to access systems using HACC's CAS authentication (ex. my|HACC) while you are not connected to HACC's wired, wireless or VPN networks, or if you are accessing Application Navigator. This, however, does not include the "HACCwifi" network on the campuses as you can expect to be prompted for MFA when connected.
How often will I need to authenticate with MFA?
Students
When accessing HACC resources on campus, you will typically be required to complete MFA once per device session. After successfully authenticating, your session can remain active for up to 8 hours. If you sign out, your session expires due to inactivity, or you use a different computer or device, you will be prompted to complete MFA again.
Employees:
If you are working remotely, and not connected to the VPN, you will need to authenticate every 4 hours. This aligns with the timeout that my|HACC uses.
If you are working within Application Navigator, you will be prompted to enter your MFA token each time you begin your session.
What if I don't have a smartphone? What do I do?
For those without smartphones or tablets, there is an option in the process to “Decline” MFA which will still enroll users into MFA but rely on what are called Scratch Codes. During the process of enrolling or declining MFA, users will be provided 5 scratch codes. Normally, these codes would be reserved for situations where you don’t have access to your authenticator app or your mobile device, but by declining the MFA, individuals can use these codes when prompted for the MFA code at logon.
What are Scratch Codes?
Scratch Codes are one-time-use passcodes that can be utilized in place of the rotating passcode that Microsoft Authenticator app supplies. This is meant to be used in the event that you don’t have access to your authenticator app. You can replenish your scratch codes by following the instructions in this article.
What happens if I get a new phone?
If you are replacing the phone you use with HACC MFA, you must first remove your existing device from the MFA management portal before registering your new phone. Follow the instructions in this article to remove your old device.
Can you remember my device so that I don't get prompted frequently?
The implementation of MFA that HACC is rolling out does not allow for this due to security concerns and industry best practices.
I have registered for MFA using my computer and am now being prompted for a code on my phone when accessing myHACC. What code should I enter?
You should enter your MFA code using the same method you selected when you enrolled in HACC MFA. MFA protects your HACC account regardless of the device you use to log in.
- If you enrolled using the Microsoft Authenticator app, open the app on your mobile device and enter the current verification code displayed.
- If you chose to decline MFA enrollment and use Scratch Codes instead, enter one of your available Scratch Codes.
Will myHACC session timeouts stay the same?
Yes, timeouts will remain the same.
Will there be a time set to login to myHACC again just with username and password after timeout? Ex for 1hr, 4hrs no MFA step necessary?
No. If you are working from campus or on the VPN, you should not be prompted to enter your MFA token except for Application Navigator. If you are working remotely and not connected to the VPN, you will be prompted to enter your credentials and MFA token each time you authenticate.
If I log in to MFA using one web browser and then switch to another browser will I be prompted for MFA again?
Yes. MFA tokens are browser/session-specific meaning that you will have to authenticate against MFA for each web browser that you attempt to use. This is a security feature to prevent session hijacking.