Multi-Factor Authentication (MFA) is a requirement for Mississippi State student and employee accounts. Due to the increasing prevalence of compromised account passwords, MFA provides another layer of protection preventing those with malicious intent from gaining access to your account. Even if someone does manage to obtain your NetID/NetPassword credentials, with MFA in place, since they won't have access to your other factor, they should still not be able to log in to your account.
Please review the FAQ below for more information about MFA.
Why does MSU require Multi-Factor Authentication?
Cyber attacks and information breaches are becoming a major concern for higher education. Attempts to compromise user accounts through sophisticated phishing, social engineering, and brute-force password attacks have escalated and pose a significant threat to the security of online data.
The Office of the Provost has determined that a multi-factor authentication requirement for user logins is necessary in order to better protect the online identity and personal information of MSU students and employees as well as to secure the university's research, intellectual property, and institutional data.
What is Multi-Factor Authentication (MFA)?
MFA adds another layer of security when logging in to MSU systems. The first factor required to log in is something you know, i.e. your NetID/NetPassword. The second factor is something you have, typically your smartphone or tablet. Therefore, even if an attacker is able to get your NetID/NetPassword, they should not be able to log in to your account, because they does not have your other factor.
MSU uses a product called Duo for multi-factor authentication. For more information about Duo, please visit their website.
What are my authentication method options with MFA/Duo?
There are several options for authenticating with MFA/Duo. The recommended option is to receive a verified push notification to your mobile device. Note that is not a text/sms, but is generated via the Duo Mobile app. Other options include using a Duo Mobile or hardware token passcode as well as generating a bypass code. Refer to the "What is a Duo passcode/bypass code?" question below for information on how to get a passcode/bypass code.
Am I required to use MFA with every CAS login?
Once you authenticate with Duo, you will be asked if you are using a personal or shared device. If you select the personal option, your authentication will be remembered for 24 hours in your current browser. If you choose the shared device option, your authentication will not be remembered outside of your current browsing session.
What is a Duo passcode/bypass code?
A passcode/bypass code is generated by Duo for authentication. These codes can be used as the MFA authentication method in specific situations such as:
-
You normally use the Duo Mobile app for a “Push” notification to your device, but you don’t have your mobile device with you or you've gotten a new device.
-
You don’t have a mobile device and need a hardware token (fob) to generate a passcode.
-
You are at a location where there is no cellular or wireless service to your device, so the “Push” notification will not work.
There are three methods available to obtain a passcode/bypass code.
-
Go to netpassword.msstate.edu and click “Generate a Multi-Factor Authentication Bypass Code." This code is valid for 24 hours.
-
Access the Duo mobile app on your device and tap the Mississippi State University entry. A passcode will be revealed and is good for one-time use.
-
Generate a passcode using a hardware token/fob. This passcode is also good for one-time use. Contact the ITS Service Desk to request a hardware token.
What happens if I do not have my mobile device to log in?
Go to netpassword.msstate.edu and click “Generate a Multi-Factor Authentication Bypass Code." This code is valid for 24 hours.
What if I get a new smartphone or device?
If your phone number has not changed, access an MSU service (such as myState), at the Duo prompt click More Options, then click Manage Devices. Authenticate with Duo using a passcode (see the "What is a Duo passcode/bypass code?" section above to learn how to generate one), then click I have a new phone. See the Duo: Setting up Duo and managing devices article for detailed instructions.
If you have a new phone number or device, access an MSU service (such as myState), at the Duo prompt click More Options, then click Manage Devices. Authenticate with Duo using a bypass code (see the "What is a Duo passcode/bypass code?" section above to learn how to generate one), then click Add a device. See the Duo: Setting up Duo and managing devices article for detailed instructions.
Can I have the Duo Mobile app on more than one device?
Yes, you are able to add multiple devices. See the Duo: Setting up Duo and managing devices article for instructions.
What devices are supported by the Duo Mobile app?
Duo Mobile is available on Apple iPhone, Apple iPad, and Android devices running recent versions of their operating systems. See the OS requirements from Duo at the links below:
Is Duo required for VPN or was.msstate.edu?
Duo is required for Employee, Departmental, and Student log ins to the VPN and for log in to was.msstate.edu.
I have a mobile device, but my camera is broken. Can I still use my device with Duo?
Yes. Instead of activating Duo Mobile from a computer by scanning the QR code with your device, click “Get an activation link instead." You will receive an email that will allow you to set up your device. You can also call the Service Desk at 662-325-0631 and they can send an activation link to your device via text/SMS message. If you are using a web browser on the device itself to go through the activation process, no camera access is needed.