MFA Frequently Asked Questions (FAQ)

MFA: What and why?

Multifactor-authentication (MFA) is a way to provide extra security for your UGent account.
In concrete terms, MFA means that you not only enter your username and password when logging in, but also use one or more other factors to identify yourself.

So with MFA you use a combination of:

We use MFA because your username and password no longer provide adequate protection. Using only a password is unfortunately easy to find.
When that happens, that person can access all of our data and applications. Of course we want to avoid that.

Do you want to know more? Watch the video ‘Passwords are outdated’(Dutch only) and learn more about two-step verification at Safeonweb.be(Dutch only).

I am unable to sign in with the Microsoft Authenticator app. How do I fix this?

There are several reasons why signing in with the Microsoft Authenticator app fails:

Are you still unable to use the app? Then try a different method (via SMS code or phone call or a security key).

I don't have a smartphone. Can I also use MFA?

Yes. There are alternative verification methods that don't require a smartphone.

I don't have my mobile with me. How can i login??

The battery of my mobile is empty. How can i login?

If the battery is empty, you will not be able to receive an SMS code or telephone call on that number.

I switch to another telephone but keep my telephone number. Do I need to adjust something?

  1. If you are using the Microsoft authenticator app

    Yes, you must add the new device to your settings.

    If you have a new phone number, add it as you set your original number. Then remove the old one if you are no longer using it.
  2. If you are using the "sms-code" or the "phone me" method

    No, you dont need to change any settings

My phone has been lost or stolen. What should I do?

(!) In the event of theft immediately notify the helpdesk . We urge you to report any incident.

Have you lost or no longer use a device? Then remove it from your list of authentication devices.

Did you find your device? Contact the helpdesk to enable it again.

Tip: If you lose a device, it is better to sign out from all your devices. Surf to https://mysignins.microsoft.com/security-info and click "Sign Out Everywhere" at the bottom of the page.
Log off all devices

I get an error "Authenticator registration has timed out" and cannot complete the registration with QR code. How do I fix this?

It seems that this problem mainly affects iPhone users. During the registration process, make sure that the Microsoft Authenticator app does not automatically lock (because you are looking at your computer screen for instructions).
Are you stuck? Click on "I want to set a different method" and start over. Then choose the SMS code or phone call. That is slightly simpler.
If that is successful, you can always add the Microsoft Authenticator app as a method afterwards.

I want to use a different authenticator app than Microsoft's. Is that possible?

Yes, you can, even though we recommend the Microsoft Authenticator app.
Keep in mind that our helpdesk only supports the Microsoft Authenticator app.
Some examples of other authenticator apps:

I want to change my default login method. How do I do this?

(!) Note: You cannot choose "Security key" as the default method.

Is it normal that I haven't had to use MFA since I set it up?

Yes, and that is precisely the intention. The verification remains valid on a specific device for a period of time set by DICT, we then speak of a “trusted device”.
You will not be prompted for authentication again on that particular device until that period has passed (approximately 30 days). Until then, your connection/device is considered safe. In this way MFA remains sufficiently user-friendly.
Please note: if you delete cookies in your browser after each session, you will have to use MFA every time to log in.

Can I reset the 30-day period for a trusted device and have MFA requested at my next login?

If you want to make sure you are back in the beginning of the 30-day period for a trusted device, you can do so by unsubscribing from all your devices: surf to https://mysignins.microsoft.com/security-info and click "Sign out everywhere" at the bottom of the page.
Please note: this is the case for all your devices
At your next login attempt on each of your devices, MFA will be recalled and the 30-day period for a trusted device will start again from the beginning.

How can I avoid getting locked out?

The Microsoft Authenticator app can make a back up to the cloud of your account credentials and related app settings, such as the order of your accounts.
If you have made a backup, you can also use the app to restore your data to a new device. This way you avoid being locked out or having to start from scratch with creating accounts on a new device.
You can read how to make a backup on the Microsoft website:
Backup and restore of account credentials using the Microsoft Authenticator app