Multi-factor authentication (MFA)

Multifactor authentication (MFA) is a way to make your UGent account extra secure. When logging in, you enter not only your username and password, but also a second factor.


Quick guide

In this onepager you can find a quick guide.


Starting with MFA

Ensure access to your UGent account and set up multiple MFA methods.

Update: When logging in, the system itself chooses the safest and most convenient method for you from the set methods. So you don't have to set a preferred method (anymore) yourself.

Follow these steps to activate MFA:

  1. Open a browser and surf to https://mysignins.microsoft.com/security-info.
  2. Enter your UGent e-mail address. You will be redirected to the login screen.
  3. Log in with your UGent password.
  4. Click on "Next".
  5. Click on " Add Method". Methode toevoegen
  6. Select the method you wish to use. Add method
  7. Click on "Add"
  8. Now go ahead and add a second method. This way you retain maximum access to your account, even if you lose your device or don't have it at hand.

Method 1: Verification with SMS code or phone call

This is a very simple method to get started with MFA.
Follow these steps to add a phone number:

  1. Click on "Add method". Add method
  2. Select "Phone" and click on "Add".
  3. Select "Belgium (+32)" and fill in your phone number.
    Note: Your (mobile) number will not be visible within the organization.
  4. Then choose between "Send me a code via SMS" or "Call".
Add phone number for SMS

Code via sms

  • If you choose "Send me a code via SMS", you will receive a 6 digit code.
  • SMS sent
  • Enter the 6-digit code on the computer and click "Next".
  • SMS verified
  • You will receive a confirmation. Click on "Done".

Call

  • If you select "Call", you will receive a phone call at the phone number you entered. This can be a mobile or a landline number.
  • Add phone number to call
  • You will be called by a Microsoft service with the automatic message: "Thank you for using Microsoft's authentication system. Press the hash to complete the verification".
  • Press the hash (#). A confirmation will appear on your computer.
  • Phone number verified
  • Click on "Done".
Tip: Also add a second phone number as an alternative. This can be useful in the event of theft or loss of your mobile phone.
You add an alternative number in exactly the same way as the first telephone number. (Add method > Phone > Enter phone number)
Note: This method becomes unusable if you change your phone number or, temporarily, if your device is lost.

Method 2: Verification with the Microsoft Authenticator app

The Microsoft Authenticator app is supported by DICT and recommended for everyday use as it is the most user-friendly and secure method for MFA.

Follow these steps to set up authentication with the Microsoft Authenticator app:

  1. If you choose the Authenticator app method, you will see the screen below on your computer:
  2. Setup account
  3. Take your smartphone and go to the App Store (iOS), Google Play Store (Android) or Microsoft Store (Windows Phone) to download the Microsoft Authenticator app. to download.
  4. Download and install the Microsoft Authenticator-app.
  5. Tip: Do you have an iPhone? Make sure that the Microsoft Authenticator app is allowed to send you push messages, so that you can approve them. To do this, go to Settings > Notifications > select the Microsoft Authenticator app and enable "Allow Notifications".
  6. Installation successful? Click on "Next" on your computer screen.
  7. You will see a QR code on your computer screen. It looks like this:
  8. Scan QR
  9. Open the Microsoft Authenticator app on your smartphone and select "Scan QR Code".
    The app will request access to the camera to scan the QR code. Select "Allow".
  10. Point your camera at the QR code to scan it (as if you were taking a picture of it). Your UGent account will now be added to the Microsoft Authenticator app.
  11. Click "Next" on your computer screen.
  12. You will receive a test code on your smartphone. Tap "Approve".
  13. A confirmation will appear on your computer screen. Click on "Done".
    The Microsoft Authenticator app is now in your list of methods.

From the next day you will need the Microsoft Authenticator app to access Office 365 applications (OneDrive for Business, Teams, SharePoint Online,…).

Tip: Now you can also add other methods. We recommend setting up more than 1 method, so you can also log in if you don't have your smartphone with you.
Note: This method becomes unusable if you delete the Microsoft Authenticator app, after a factory reset, or when transferring apps and data to a new device.

Method 3: Verify using another authenticator app

In addition to the Microsoft Authenticator app, you can also use another authenticator app such as Google Authenticator, LastPass, Authy, Aegis Authenticator, etc.

Note: DICT helpdesk does not support these alternative apps. So only use it if you are already familiar with it yourself.

If you choose this method, you must manually add an account in the authenticator app by entering an account name and secret key.
Detailed instructions for adding accounts can be found in the manual of the chosen app.

Follow these steps to set up authentication with another authenticator app:

  1. Click on "Add method". Add method
  2. Select "Authenticator-app" and click on "Add".
  3. You will be asked to download the Microsoft Authenticator App. Click on "I want to use a different authenticator app".
  4. Setup account
  5. After you have downloaded and installed the app, click "Next".
  6. Add your UGent account to your authenticator app. This can be done in two ways:

    • From the smartphone on which you installed the authenticator app
      You can copy the account name and secret key by clicking on the documents icon. Then paste it into your authenticator app. Then click on "Next".
    • Copy secret key
    • Using another device (laptop, desktop, tablet, ..)
      This is the most user-friendly method. A QR code will be displayed that you can scan with your authenticator app. Scan QR
    • If not already done, you will have to give the app access to the camera. After scanning, your UGent account will be added automatically.
      Then click on "Next".
  7. As a final step, you will be asked to enter the six digits code. You can find this code when you tap on your account in the authenticator app.
  8. Enter MFA code

Method 4: Authentication using a security key

In this fourth option, you use a security key (USB security key) to log in. This method offers the best security for your account but requires the purchase of a hardware device such as a yubikey.

Yubikey

Follow these steps to set up Authentication with a Security Key:

  1. Click on "Add method".
  2. Add method
  3. Select "Security key" and click on "Add".
  4. Click on "Next" and register with MFA.
  5. Follow the manual of the Security key (go to yubico.com/start)
  6. You will have to choose a PIN code for your security key. Don't forget it.
  7. How to reset a security key if you lose the pin code, can also be found in the manual.
Note: This security key method cannot be used to set-up MFA. So if you want to start with MFA you will need a telephone number anyway. You can add this method afterwards.

If desired, you can purchase a security key yourself.

We recommend the YubiKey 5 NFC .

Note: Make sure to purchase a security key that supports the FIDO2 protocol.

Method 5: An alternative e-mail address

You can register an alternative, private e-mail address. This method can only be used to reset your password.
It is not possible to use this method for MFA.

  1. Click "Add method". Add method
  2. Choose "Email" and click "Add".
  3. Enter your private e-mail address and click "Next":
  4. A numerical code will now be sent to your private e-mail address. Enter the code and click "Next":

What is a private e-mail address?

A private e-mail address refers to a personal account that you create yourself with Microsoft (Outlook) or Google (Gmail), among others.

Do not use an address linked to an account with another employer or educational institution. After all, such an account expires when your employment or studies end.


How to use the verification methods

Brief explanation of the use of some of the different verification methods.


Reset Multi-Factor Authentication (MFA)

If your configured multi-factor authentication methods are no longer available (for example after restoring your device to factory settings, transferring your apps and data to a new device, when switching phone numbers, ...) you can reset them on mfareset.ugent.be. This is only possible for Belgian students or employees.


Frequently asked questions (FAQ)