Facebook Pixel ITS - Multi-Factor Authentication | Western Kentucky University
  1. WKU
  2. ITS
  3. MFA

Multi-Factor Authentication

Multi-factor authentication (MFA) is a login authentication method requiring multiple proofs of identity. It adds another proof, such as a code sent via text, to an app, or to a phone. WKU uses MFA to better protect user accounts and university data.

 

Steps to multi-factor authentication - Enter NetID and Password as usual then use your device to verify your information. You are securely logged in

Why Do We Need MFA?

Many organizations now utilize MFA as an extra security measure to protect sensitive or private data. MFA reduces the threat of compromised user accounts (ex., hacking) because it takes more than a username and password to access an account. Examples you may have already seen include your bank, PayPal, and social media sites.

 

User Guides

Using Microsoft Authenticator App

How do I set up the Microsoft Authenticator app on my device? Requires smart phone and a computer or tablet.

Instructions

Using a Yubico Key Fob for Authentication

How do I configure a Yubico USB Security Key Fob to work with Microsoft's Two-Factor Authentication requirements?

Instructions

Using Microsoft Authenticator App Offline

How do I authenticate using the Microsoft Authenticator app if my smart phone or mobile device does not currently have internet connectivity?

Instructions

Associating a New Phone or Device with Microsoft Authenticator

I got a new phone or device and need to associate it with my Microsoft Authenticator app.

Instructions

Beware of MFA Scams and Phishing Attempts

Scammers are increasingly targeting MFA codes as a way to bypass security, so it’s essential to know how to recognize these tactics and keep your accounts safe. Here are some tips:

Never Share MFA Codes with Anyone

MFA codes are private and should never be shared, even if someone claims to be from the university’s ITS department. Legitimate support staff will never ask for your MFA codes.

Recognize Phishing Attempts

Emails, text messages, or phone calls that ask for your MFA code are often scams. Be cautious of any unsolicited communication that:

  • Urges immediate action.
  • Contains suspicious links.
  • Comes from unrecognized or unusual email addresses.

Beware of Urgent or Alarming Messages

Scammers may send messages that appear to be from the university or reputable services, stating things like, "Your account will be locked," or "Suspicious activity detected." These messages are often designed to trick you into providing your MFA code.

Don't Reply to Phishing or Scam Messages

Do not reply to messages you suspect are phishing attempts or scams. You can report such messages from your email.  If unsure about a particular message, please contact the ITS Service Desk.



Need Assistance?

The WKU ITS Service Desk is here to help. Give us a call, chat with a representative online, use the Self-Help Knowledge Base and more.

Get Help


Some of the links on this page may require additional software to view.

 Last Modified 8/4/25