(!) In the event of theft immediately notify the helpdesk . We urge you to report any incident.

• If you have previously set up a different authentication method (eg via a second phone number or a security key) then use this method.
• Have you only set up 1 method and cannot log in now? Set up a new MFA method on mfareset.ugent.be.

Have you lost or no longer use a device? Then remove it from your list of authentication devices.

• Open a browser and surf to https://myaccount.microsoft.com/device-list
• Select the device you want to remove and click on "Disable device".
  
• Confirm your choice. Click on "Disabel Device"
• The device will remain in the list, but you can no longer use it for MFA. You also cannot turn it back on yourself.

Did you find your device? Contact the helpdesk to enable it again.

Tip: If you lose a device, it is better to sign out from all your devices. Surf to https://mysignins.microsoft.com/security-info and click "Sign Out Everywhere" at the bottom of the page.

---

Multifactor-authentication (MFA) is a way to provide extra security for your UGent account.
In concrete terms, MFA means that you not only enter your username and password when logging in, but also use one or more other factors to identify yourself.

So with MFA you use a combination of:

• something only you know (e.g. your pin code or password)
• something you have (e.g. your laptop, your smartphone with authenticator app or security key)
• or something you are (eg: biometric properties such as a fingerprint or facial scan)

We use MFA because your username and password no longer provide adequate protection. Using only a password is unfortunately easy to find.
When that happens, that person can access all of our data and applications. Of course we want to avoid that.

Do you want to know more? Watch the video ‘Passwords are outdated’(Dutch only) and learn more about two-step verification at Safeonweb.be(Dutch only).

---

There are several reasons why signing in with the Microsoft Authenticator app fails:

• You have failed to respond on time to the notification on your smartphone.
  Then you will see the following message on your computer:
  
  Click on "Send a new request to my Microsoft Authenticator app" and try again.
• iPhone user: You have not enabled push notifications on your iPhone. To do this, go to Settings > Notifications > select the Microsoft Authenticator app and enable "Allow Notifications".
• You have not given the app permission to use the camera to scan the QR code. Go to Settings > Microsoft Authenticator > Allow Authenticator to access > check Camera.

Are you still unable to use the app? Then try a different method (via SMS code or phone call or a security key).

---

Yes. There are alternative verification methods that don't require a smartphone.

• Verification using a SMS code or phone call
• Authentication using a security key
  NB. In exceptional cases where an employee cannot use a smartphone, mobile phone or landline, DICT can make a security key available to the employee after a motivated request (via e-mail to the DICT helpdesk, with a copy to the hierarchical responsible).

---

• If you have previously set a different authentication method (e.g. via a second phone number or a security key) then use this method.
• If you have only set 1 method, you will not be able to log in, which is why it is always important to use a second method (eg your workspace landline)
• We regret that the Helpdesk will not be able to help you with this, you will have to get your authentication device.

---

If the battery is empty, you will not be able to receive an SMS code or telephone call on that number.

• If you have previously set a different authentication method (e.g. via a second phone number or a security key) then use this method.
• If you have only set 1 method, you will not be able to log in, which is why it is always important to use a second method (eg your workspace landline)
• We regret that the Helpdesk will not be able to help you with this, you can always ask your colleagues to borrow their charger.

---

1. If you are using the Microsoft authenticator app

   Yes, you must add the new device to your settings.

   • Open a browser and surf to https://mysignins.microsoft.com/security-info.
   • Log in with your UGent credentials.
   • Search the list of methods for the phone number you set.
   • Click on ‘Change’.
   • Then choose between "Send me a code via SMS" or "Call’.
   • You will receive a 6-digit SMS code or a phone call. Follow the steps to register your device.
     
   If you have a new phone number, add it as you set your original number. Then remove the old one if you are no longer using it.

2. If you are using the "sms-code" or the "phone me" method

   No, you don't need to change any settings

---

It seems that this problem mainly affects iPhone users. During the registration process, make sure that the Microsoft Authenticator app does not automatically lock (because you are looking at your computer screen for instructions).
Are you stuck? Click on "I want to set a different method" and start over. Then choose the SMS code or phone call. That is slightly simpler.
If that is successful, you can always add the Microsoft Authenticator app as a method afterwards.

---

Yes, you can, even though we recommend the Microsoft Authenticator app.
Keep in mind that our helpdesk only supports the Microsoft Authenticator app.
Some examples of other authenticator apps:

• Google Authenticator
• LastPass
• Authy
• Aegis Authenticator

---

• Open a browser and surf to https://mysignins.microsoft.com/security-info.
• Log in with your UGent credentials.
• Click next to "Default Login Method" on ‘Change’
• Click the arrow to open the menu and select the method you wish to use.
• Click on ‘Confirm’

(!) Note: You cannot choose "Security key" as the default method.

---

Yes, and that is precisely the intention. The verification remains valid on a specific device for a period of time set by DICT, we then speak of a “trusted device”.
You will not be prompted for authentication again on that particular device until that period has passed (approximately 30 days). Until then, your connection/device is considered safe. In this way MFA remains sufficiently user-friendly.
Please note: if you delete cookies in your browser after each session, you will have to use MFA every time to log in.

---

If you want to make sure you are back in the beginning of the 30-day period for a trusted device, you can do so by unsubscribing from all your devices: surf to https://mysignins.microsoft.com/security-info and click "Sign out everywhere" at the bottom of the page.
Please note: this is the case for all your devices
At your next login attempt on each of your devices, MFA will be recalled and the 30-day period for a trusted device will start again from the beginning.

---

The Microsoft Authenticator app can make a back up to the cloud of your account credentials and related app settings, such as the order of your accounts.
If you have made a backup, you can also use the app to restore your data to a new device. This way you avoid being locked out or having to start from scratch with creating accounts on a new device.
You can read how to make a backup on the Microsoft website:
Backup and restore of account credentials using the Microsoft Authenticator app

---

When your configured multi-factor authentication methods are no longer available (for example after restoring your device to the factory settings, transferring your apps and data to a new device, when switching phone numbers, ...) you can reset them on mfareset.ugent.be.

To authenticate, you will be redirected to the website of the Flemish government where you can log in via Itsme or with your e-ID and a card reader. After logging in, you can set up a new MFA method.

---

Number matching is an additional security feature for multifactor authentication with the Microsoft Authenticator app. This feature requires users in order to approve an authentication request, to enter a two-digit number displayed on the screen. This feature should help prevent malicious login attempts from being approved unintentionally in an inattentive moment.



Read more:

• Multifactor authentication
• The use of some verification methods explained

---

Users who have a Belgian E-id can reset their mfa themselves via https://mfareset.ugent.be
Other users must prove their identity by sending it as an attachment (PDF or DOC).

---

Users with a Belgian E-id can reset their MFA themselves by visiting https://mfareset.ugent.be.

For other users, to reset MFA, they need to provide proof of their identity by sending it as an attachment (PDF or DOC) via email.

---

Please check if push notifications are enabled for the device and Authenticator. Tap on Settings > Notification settings and make sure 'Show Notifications' is enabled.

For Android devices, check if push notifications are enabled. Go to Settings > Notifications > App settings and ensure that Authenticator is enabled.

If you receive an expired notification, verify that the device's date and time settings are correct. Go to Settings > System > Date and time and ensure that 'Automatic date and time' and 'Automatic time zone' are enabled.

If you don't see push notifications in the Authenticator session list, you can swipe down in the list view to check for pending verifications. You can sign in using pending verification as a temporary solution.

---

Users who have a Belgian E-id card can reset their mfa settings themselves via https://mfareset.ugent.be
Other users must prove their identity by forwarding it as an attachment (PDF or DOC).

---