Multi-Factor Authentication (MFA)
Multi-Factor Authentication (MFA) is a measure which improves account security over standard password authentication. MFA typically adds a second factor to confirm your identity by using an authenticator app on your mobile device or a compatible hardware device. MFA will help keep your information secure by strengthening defences against malicious cyber-attacks. You may not always be asked for MFA when logging in, however it will always be in use.
Once you have created your MFA login, you will need to have your registered mobile device with you whenever you log into a JCU system, like LearnJCU or your email.
Please be aware we have ceased support for the ForgeRock authenticator app. If you currently have it set up and working on your mobile device, it will continue to function for now. However, we plan to phase it out soon and encourage you to transition across to a supported app, such as the Microsoft or Google authenticator.
MFA at JCU
About MFA:
Most breaches begin when attackers log in using usernames and passwords they have compromised through phishing attacks, passwords being reused, guessing passwords and malware.
MFA reduces the risks associated with compromised passwords by adding an additional layer of security to protect your information. If your password is hacked or phished, MFA makes the stolen password less useful by itself.
When multi-factor authentication has been activated on an account, an authorisation check will be sent to the user any time they attempt to log in from a different device, a new location, or multiple locations. Authorisation checks may also be required after a set time has elapsed, or as the result of a higher risk login. The authorisation check can come in the form of:
- a verification code generated by your authenticator app on your mobile device
- or a compatible hardware device (e.g.: YubiKey)
Using your existing mobile phone is often the most convenient form of MFA.
- OATH One Time Password (OTP): e.g. with Microsoft or Google Authenticator app
- Compatible Hardware Device: (cost involved) ​​​​​​​with a YubiKey​​​​​​​
To set up MFA at JCU:
- On your mobile device, install the Microsoft Authenticator app (Android | iOS) or Google Authenticator app (Android | iOS) from your respective app store.
or
Follow the steps to register you Compatible Hardware Device (YubiKey) for MFA. - When logging in to JCU online services that uses MFA, you will be prompted to register your mobile or hardware device for MFA.
More details on how to set yourself up for MFA are available in the Register for MFA using an Authenticator app knowledge article.
Common Questions
Answers to common MFA questions:
No. JCU’s MFA uses an adaptive, risk-based approach. If you use the same computer or device, from the same place, you will be prompted for MFA infrequently (up to 30 days). If you are moving around between different networks, devices and geographic locations, you’ll be prompted more often.
If you don’t have a mobile device or don't want to use your personal device for MFA, then either:
- STAFF: your business unit will be required to purchase a hardware device (YubiKey)
- STUDENT: you will be required to purchase a Hardware Device (e.g.: Yubikey) to facilitate MFA.
This hardware token must always be available while working or studying.
If you get a new phone or are changing to a different device, you will need to reset MFA and then register for MFA again on your new mobile device. You will need to either:
- Use your currently enrolled device (phone or tablet), a recovery code, or get a one-time code sent to your registered mobile phone number or alternative email address to reset your MFA and then register your new device for MFA.
or - If you don't have an enrolled device, have used all your recovery codes, or don't have any registered recovery methods on your JCU account, then contact the IT Help Desk for further assistance.
The OATH one time password method and compatible hardware methods do not require internet connectivity.
Please note: you should not be using your recovery codes for regular MFA authentication as you will need to reset your device to generate new codes.
If you leave your phone at home you will need to use one of the recovery codes you received when setting up MFA. Recovery codes are one-time use and should be stored in a Password Safe (e.g.: LastPass or Bit Warden) for security.
If you have used all of your MFA one-time Recovery Codes, then you can reset your MFA.
Select the option: My MFA is no longer working, and I don't have a recovery code to send a one-time code to your registered mobile phone number or alternative email address, which you can then use to clear your MFA from your JCU account.
Once you've reset your MFA, please remove your JCU account from your authenticator app before attempting to set it up again.
If you do not have any registered recovery methods on your JCU account, then you will need to contact the IT Help Desk who will assist you with resetting your MFA.
To ensure you can reset your Multi-Factor Authentication (MFA), it's important to register your mobile phone and personal email address as recovery options.
Register an Alternative Email Address
Follow the instructions in the article Set up an alternative email address for JCU Account to add your personal email as a recovery method.
Register a Mobile Phone Number
- For Students visit the Change of Personal Details page and follow the instructions in the Change contact information section to register your mobile number.
- For Staff refer to the article Personal Contacts, how do I update them? for detailed instructions on adding your mobile number as a recovery option.
Students can choose either email or SMS to initiate an MFA reset. Staff are limited to using SMS only for security reasons.
If you have deleted your account from the Authenticator App or removed the App from your mobile device then you can reset your MFA.
Select the option: My MFA is no longer working, and I don't have a recovery code to send a one-time code to your registered mobile phone number or alternative email address, which you can then use to clear your MFA from your JCU account.
If you do not have any registered recovery methods on your JCU account, then you will need to contact the IT Help Desk who will assist you with resetting your MFA.
If your MFA is no longer working, then you can reset your MFA.
Select the option: My MFA is no longer working, and I don't have a recovery code to send a one-time code to your registered mobile phone number or alternative email address, which you can then use to clear your MFA from your JCU account.
Once you've reset your MFA, please remove your JCU account from your authenticator app before attempting to set it up again.
If you do not have any registered recovery methods on your JCU account, then you will need to contact the IT Help Desk who will assist you with resetting your MFA.
If you are unable to use a phone for authentication, staff can request a YubiKey and students can purchase a Yubikey (Security Key NFC).
A Hardware Device (eg: a YubiKey), is a small key that plugs into your computer or by NFC to your mobile phone and, along with your password, is used to authenticate your identity.
If you need a Hardware Device, staff can request a YubiKey and students can purchase a Yubikey (Security Key NFC) from trust Panda
If you are unsure of the best option for your circumstances, please contact the IT Help Desk for advice.