2-Factor Authentication

Documentation on how to set-up and use 2-Factor (MFA) Authentication

Set up and Use of 2-Factor Authentication

We recommend the use of OneLogin Protect mobile app for Muhlenberg College's multi-factor identification method to OneLogin, an app that you install on your smartphone that eliminates the need to type in a code!

Once this is setup, you must keep the app up to date and do not delete it.  Or you will lose access.

 

Request a hardware token (faculty and staff only)

The application portal accepts a hardware token (yubikey) as a second factor.  It is a physical device that will generate the second factor. A Yubikey is a USB device that you have to plug into your computer.

If you do not have a mobile device on which you can set up a second factor, you may request a hardware token using the link below.  We have a limited amount of Yubikeys for allocation to faculty and staff only based on a certain set of criteria. The first one is on us. The cost to replace a Yubikey is $40.

Note: Neither the OneLogin app or Google Authenticator require a cell phone connection to work. Once you have those apps installed on your device and registered as a second factor, they will work.

If you are in need of hardware token, please contact [email protected]. Note: Supplies are limited and can only be provided if an alternative device is not available. 

Registering and Using a YubiKey for 2-Factor

 

2-Factor Authentication

2-Factor Authentication is required for off campus access to the Application Portal. This applies to all faculty, staff and students.  This means that any application in the portal - Google, Workday, Canvas, etc - will require the second factor. 2-Factor Authentication helps protect your Muhlenberg accounts in one fell swoop. 

Also known as Multi-factor or Dual Factor Authentication, this technology requests a second form of verification when logging into an account. Already widely available on systems ranging from Gmail to Amazon to Dropbox to financial institutions, it works fairly simply, but is incredibly powerful.

The key part is that the phone or hardware token is likely to be in your physical possession. Someone else might have your password (via a successful phishing scam, for instance), but they won’t likely have your phone, too, or that hardware token. Obviously, if you get an alert when you haven’t been trying to log in, go right away and change your password, too. But it’s good to know that an unauthorized user can’t get in without that second factor.

Want to learn more about 2-Factor Authentication? Check out the FAQ page.