IT Services Secure IT Multi-Factor Authentication (MFA)
Multi-Factor Authentication (MFA)
- Aboriginal and Torres Strait Islander in Marine Science
- Courses
- Future Students
- ·¬ÇÑÉçÇø
- Research and Teaching
- Partners and Community
- About ·¬ÇÑÉçÇø
- Reputation and Experience
- Celebrating 50 Years
- Academy
- Anthropological Laboratory for Tropical Audiovisual Research (ALTAR)
- Anton Breinl Research Centre
- Agriculture Technology and Adoption Centre (AgTAC)
- Living on Campus
- How to apply
- Advanced Analytical Centre
- Alumni
- AMHHEC
- Aquaculture Solutions
- AusAsian Mental Health Research Group
- ARCSTA
- Area 61
- Association of Australian University Secretaries
- Lions Marine Research Trust
- Australian Tropical Herbarium
- Australian Quantum & Classical Transport Physics Group
- Boating and Diving
- ·¬ÇÑÉçÇø-CSIRO Partnership
- Employability Edge
- Clinical Psychedelic Research Lab
- Centre for Tropical Biosecurity
- Career Ready Plan
- Careers at ·¬ÇÑÉçÇø
- Careers and Employability
- Chancellery
- Centre for Tropical Bioinformatics and Molecular Biology
- CITBA
- CMT
- CASE
- College of Business, Law and Governance
- College of Healthcare Sciences
- College of Medicine and Dentistry
- College of Science and Engineering
- CPHMVS
- Centre for Disaster Solutions
- CSTFA
- Cyber Security Hub
- Cyclone Testing Station
- The Centre for Disaster Studies
- Daintree Rainforest Observatory
- Defence
- Discover Nature at ·¬ÇÑÉçÇø
- Research Division
- Services and Resources Division
- Education Division
- Elite Athletes
- eResearch
- Environmental Research Complex [ERC]
- Estate
- Fletcherview
- Foundation for Australian Literary Studies
- Gender Equity Action and Research
- General Practice and Rural Medicine
- ·¬ÇÑÉçÇø Orientation
- Give to ·¬ÇÑÉçÇø
- Governance
- Art of Academic Writing
- Art of Academic Editing
- Graduate Research School
- Graduation
- Indigenous Education and Research Centre
- Indigenous Engagement
- Indigenous Legal Needs Project
- Inherent Requirements
- IsoTropics Geochemistry Lab
-
IT Services
- Student IT Essentials
- Staff IT Essentials
- Help and Support
- Stay Informed
-
Secure IT
- Choosing a strong Password
- Cyber Security Hub
- Data Protection
- Device Security
- Email Safety
- Online Security at Home
- Web Safety
- Malware and Virus Protection
- Keep a clean device
- Protect myself from phishing
- Recover a hacked or compromised account
- Protect your digital reputation
- Report a cybersecurity incident
- Password Manager
- Multi-Factor Authentication (MFA)
- Student Systems
- IT Service Catalog
- About
- International Students
- Research and Innovation Services
- ·¬ÇÑÉçÇø Eduquarium
- ·¬ÇÑÉçÇø Heroes Programs
- ·¬ÇÑÉçÇø Webinars
- ·¬ÇÑÉçÇø Events
- ·¬ÇÑÉçÇø Global Experience
- ·¬ÇÑÉçÇø Ideas Lab
- ·¬ÇÑÉçÇø Job Ready
- ·¬ÇÑÉçÇø Motorsports
- ·¬ÇÑÉçÇø Prizes
- ·¬ÇÑÉçÇø Sport
- ·¬ÇÑÉçÇø Turtle Health Research
- Language and Culture Research Centre
- CEE
- Learn·¬ÇÑÉçÇø
- Library
- Mabo Decision: 30 years on
- MARF
- Marine Geophysics Laboratory
- New students
- Off-Campus Students
- Office of the Vice Chancellor and President
- Virtual Open Day
- Orpheus
- Open Day
- Outstanding Alumni
- Parents and Partners
- Pathways to university
- Pharmacy Full Scope
- Planning for your future
- Placements
- Policy
- PAHL
- Publications
- Professional Experience Placement
- Queensland Research Centre for Peripheral Vascular Disease
- Rapid Assessment Unit
- RDIM
- Researcher Development Portal
- Roderick Centre for Australian Literature and Creative Writing
- Safety and Wellbeing
- Scholarships
- Contextual Science for Tropical Coastal Ecosystems
- Staff
- State of the Tropics
- Strategic Procurement
- Student Equity and Wellbeing
- Student profiles
- SWIRLnet
- TARL
- TESS
- TREAD
- TropEco for Staff and Students
- TQ Maths Hub
- TUDLab
- Unicare Centre and Unicampus Kids
- UAV
- VAVS Home
- Work Health and Safety
- WHOCC for Vector-borne & NTDs
- Media
- Copyright and Terms of Use
- Australian Institute of Tropical Health & Medicine
- Pay review
Multi-Factor Authentication (MFA) is a measure which improves account security over standard password authentication. MFA typically adds a second factor to confirm your identity by using an authenticator app on your mobile device or a compatible hardware device. MFA will help keep your information secure by strengthening defences against malicious cyber-attacks. You may not always be asked for MFA when logging in, however it will always be in use.
Once you have created your MFA login, you will need to have your registered mobile device with you whenever you need to log into a ·¬ÇÑÉçÇø system, like Learn·¬ÇÑÉçÇø or your email.
MFA is mandatory for all from September 2022.
Enabling Multi-factor Authentication at ·¬ÇÑÉçÇø with your mobile phone.
MFA at ·¬ÇÑÉçÇø
About MFA:
Most breaches begin when attackers log in using usernames and passwords they have compromised through phishing attacks, passwords being reused, guessing passwords and malware.
MFA reduces the risks associated with compromised passwords by adding an additional layer of security to protect your information. If your password is hacked or phished, MFA makes the stolen password less useful by itself.
When multi-factor authentication has been activated on an account, an authorisation check will be sent to the user any time they attempt to log in from a different device, a new location, or multiple locations. Authorisation checks may also be required after a set time has elapsed, or as the result of a higher risk login. The authorisation check can come in the form of:
- a push notification sent to a registered smart phone;
- or a one-time password displayed on the user's phone;
- or a compatible hardware device (e.g.: YubiKey)
Using your existing mobile phone is often the most convenient form of MFA.
- Push notification: with on your mobile phone or
- OATH One Time Password (OTP): e.g. with app
- Compatible Hardware Device: (cost involved) ​​​​​​​with a
To set up MFA at ·¬ÇÑÉçÇø:
- Install the on your mobile phone or and register for , (PDF instructions).
or
Install the on your mobile phone (or ) and follow the steps for your device (or ) to register your mobile phone for MFA.
or
Follow the steps to register you for MFA. - When you login to a ·¬ÇÑÉçÇø system (once MFA-enabled) you will be prompted to register your mobile phone/hardware device for MFA.
- Remember to save your Recovery Codes when they are displayed through the registration process to somewhere secure. Consider these Recovery Codes as your one-time passwords to log in if you don't have your mobile phone on you. Keep them safe and secure.
More details on how to set yourself up for MFA are available in the
Common Questions
Answers to common MFA questions:
No. ·¬ÇÑÉçÇø’s MFA uses an adaptive, risk-based approach. If you use the same computer or device, from the same place, you will be prompted for MFA infrequently (up to 30 days). If you are moving around between different networks, devices and geographic locations, you’ll be prompted more often.
If you don’t have a mobile device or don't want to use your personal device for MFA, then either:
- STAFF: your business unit will be required to purchase a hardware device ()
- STUDENTS: you will be required to to facilitate MFA.
This hardware token must always be available while working or studying.
If you get a new phone or are changing to a different device, the ForgeRock App is not transferable. You will need to either:
- Use your currently enrolled device (phone or tablet), or a recovery code to (PDF instructions)
or - If you don't have an enrolled device or have used all your recovery codes, then contact the IT Help Desk for further assistance.
ForgeRock Push Authentication needs internet connectivity (e.g. mobile data or Wi-Fi) to work. If you are worried about poor mobile data coverage or reliable Wi-Fi reception then we recommend using the OATH one time password method with a Google or Microsoft authenticator app. Or if this is a one-off or infrequent issue you can use the Recovery Codes you saved when setting up MFA, which doesn’t require a second device to confirm MFA.
Please note: you should not be using your recovery codes for regular MFA authentication as you will need to reset your device to generate new codes.
If you leave your phone at home you will need to use one of the recovery codes you received when setting up MFA. Recovery codes are one-time use and should be stored in a (e.g.: LastPass or Bit Warden) for security.
If you have used all of your MFA one-time Recovery Codes then you will need to contact the IT Help Desk who will assist you with resetting your MFA.
If you have deleted your account from the Authenticator App or removed the App from your mobile device then you can use one of your MFA one-time Recovery Codes to . If you did not make a copy of your Recovery Codes or do not have them available to you then you will need to contact the IT Help Desk who will assist you with resetting your MFA.
If you are unable to use a phone for authentication, staff can and students can
If you are a current ·¬ÇÑÉçÇø Student experiencing financial hardship you can apply for a Yubikey provided by ·¬ÇÑÉçÇø using this .
A Hardware Device (eg: a YubiKey), is a small key that plugs into your computer or by NFC to your mobile phone and, along with your password, is used to authenticate your identity.
If you need a Hardware Device, staff can and students can
If you are a current ·¬ÇÑÉçÇø Student experiencing financial hardship you can apply for a Yubikey provided by ·¬ÇÑÉçÇø by emailing scholarships@jcu.edu.au
If you are unsure of the best option for your circumstances, please contact the IT HelpDesk for advice.
No. All the MFA methods used by ·¬ÇÑÉçÇø do not reveal any personal information to ·¬ÇÑÉçÇø. Privacy settings can be managed by the privacy controls on your mobile phone.