What is MFA?
MFA is an authentication process that requires users to provide two or more forms of verification before accessing our systems or data. This means that in addition to your username and password, you will be required to provide another form of verification, such as a one-time code provided by an authenticator application on your mobile device. In our case, we will use the Microsoft Authenticator mobile app to supply your one-time codes.
Why is HACC shifting to use MFA?
MFA allows HACC to better secure your network account and thus protect the College's data and systems. Private businesses and even many other institutions of higher education are adopting MFA to help them better protect their users, data and systems. Because of how MFA functions, it also reduces the effectiveness of email phishing attacks. HACC is also moving to implement MFA to meet the requirements of the Gramm-Leach-Bliley Act (GLBA).
What’s the timeline for faculty/staff to start using MFA to log in?
Facutly and staff will begin to be migrated into MFA in March 2023 and ending June 2023. The complete schedule can be viewed here.
Can I enroll myself early to avoid issues on the day of actual migration?
Yes, you can enroll early by using this link. Please note that you will not be prompted for any MFA codes until the day of your actual migration if you are not connected to a HACC network (wired, wireless or VPN).
Will myHACC session timeouts stay the same?
Yes, timeouts will remain the same.
Will there be a time set to login to myHACC again just with username and password after timeout? Ex for 1hr, 4hrs no MFA step necessary?
No. If you are working from campus or on the VPN, you should not be prompted to enter your MFA token. If you are working remotely and not connected to the VPN, you will be prompted to enter your credentials and MFA token each time you authenticate.
If I log in to MFA using one web browser and then switch to another browser will I be prompted for MFA again?
Yes. MFA tokens are browser/session-specific meaning that you will have to authenticate against MFA for each web browser that you attempt to use. This is a security feature to prevent session hijacking.
How often will I need to authenticate with MFA?
If you are working from one of the HACC campuses you will NOT need to authenticate with MFA.
If you are working remotely, and not connected to the VPN, you will need to authenticate every 4 hours. This aligns with the timeout that my|HACC uses.
What are scratch codes?
Scratch codes are one-time-use passcodes that can be utilized in place of the rotating passcode that Microsoft Authenticator app supplies. This is meant to be used in the event that you don’t have access to your authenticator app. You can replenish your scratch codes by logging into the self-service portal. https://accounts.hacc.edu/mfa-self-service/
What if I don't have a smartphone? What do I do?
For those without smartphones or tablets, there is an option in the process to “Decline” MFA which will still enroll users into MFA but rely on what are called scratch codes. During the process of enrolling or declining MFA, users will be provided 5 scratch codes. Normally, these codes would be reserved for situations where you don’t have access to your authenticator app or your mobile device, but by declining the MFA, individuals can use these codes when prompted for the MFA code at logon.
When will I be prompted for MFA?
MFA will only prompt you to enter your MFA code if you are trying to access systems using HACC's CAS authentication (ex. my|HACC) while you are not connected to HACC's wired, wireless or VPN networks. This, however, does not include the "HACCwifi" network on the campuses as you can expect to be prompted for MFA when connected.
What happens if I get a new phone?
MFA Self-Service Tool - This tool will allow you to manage your registered devices and generate new scratch codes. If you change your phone where your Microsoft Authenticator is installed, you will need to remove it before you can setup MFA on your new device.
Can you remember my device so that I don't get prompted frequently?
The implementation of MFA that HACC is rolling out does not allow for this due to security concerns and industry best practices.
I have registered for MFA using my computer and I am now getting a prompt on my phone when trying to access MyHACC. What code should I provide?
You will provide the same code in the same method you normally would. When you enrolled in MFA, you are protecting your account, no matter where or how you are logging in. If you are using the Microsoft Authenticator app on your smartphone to provide the MFA code then you would use the generated code from the app. If you opted out of MFA and were issued scratch codes, you would need to use one of those available scratch codes. If you need more, you can generate more here.