Introduction of MFA and SSPR for students
Minimum password specifications
It has been widely recognised that our current minimum specification of student passwords is not secure enough and passwords can be easily compromised if they are weak.
The introduction of a minimum of 12 characters will be enforced for all new passwords created. The use of Uppercase, Lowercase, number & special character will not be enforced but will be encourage through marketing communications & materials along with the tag line ‘ThreeRandomWords’
To update your password:
- Go to account.microsoft.com and if you are not already signed in, sign in with the username and current password for the account you want to update.
- From the navigation header, select Security and because you are accessing sensitive info, you will need to enter the password for this account again.
- From the Password security tile, select Change my password.
What is Multi-Factor Authentication (MFA)?
Multi-Factor Authentication (MFA) is the use of a second authentication method alongside your password to give access to systems.
It means if your password is hacked the hacker still won’t be able to access your account. Microsoft have stated that MFA reduces the risk of account compromise by 99.9% and this is the single thing we can put in place that will have the biggest impact on our security and help keep us safe, especially as phishing gets more sophisticated and ransomware attacks are increasing locally. You may already be using MFA for services such as online banking.
How does MFA work?
MFA is now enabled on all accounts. You will not currently be prompted to setup MFA but this will soon be a required feature in order to access college systems and Microsoft applications from off campus. Enabling this now will avoid any interruption to studies.
Once you have logged in using MFA, you will not be required to use it again unless any of the following criteria are met:
- You have signed out manually and back in
- You are signing on from a new device or browser
- It has been over 30 days since you last used MFA to sign in
- You have not used your account for 14 days
- An admin has manually requested re-authentication
Why are we introducing MFA?
It has been widely recognised that our current minimum specification of student’s passwords is not secure enough and passwords can be easily compromised if they are weak.
Where will I have to use MFA?
Below is a list of applications and resources that will be affected:
- Office 365 (incl. Outlook)
- MS Teams
- Sharepoint
- Moodle
- Heritage
How does Self-Service Password Reset (SSPR) work?
Once configured, SSPR will allow a user to reset a password that has been forgotten.
The same credentials for MFA will be used (Authentication App, Mobile Phone Number, Personal Email Address) will be used to authenticate the user which will then allow a new password to be set.