Computer CenterTo secure your sign-in to Office 365 services, it is recommended that you set up multi-factor authentication (MFA/2FA).
Afterwards login to these services outside the school network then requires a confirmation of the login using the authentication app on your mobile phone or to enter a confirmation code similar to accessing internet banking.
Possible MFA methods
O365 supports the following security methods for MFA:
- Login confirmation in the authentication application (Microsoft Authenticator)
- Enter time based authentication code generated by the application
- Enter authentication code received in text message(sms) or call
The methods described are listed from most secure to least secure.
Also note that there are signs that Microsoft intends to limit support for phone number-based methods(sms) in the future, so we recommend using this as a fallback option.
How to set up MFA authentication for your account
To set up or change your multi-factor login settings, open your Office 365 account settings page - https://myaccount.microsoft.com/ and select the "Security Details" option.
Then select the "Add Login Method" option and follow the instructions displayed.
Use the "Microsoft Authenticator(Authentication Application)" option to set up authentication using Microsoft Autheticator(recommended) or other time code generating applications - Google Authenticator and others.
We recommend to avoid Passkey options at this moment.
The "Phone" option is used to set up authentication by text message.
I don't have a phone!
Most multi-factor authentication methods are based on using apps on your smartphone or phone number of your mobile phone.
If you don't have these or don't want to provide them, there is an alternative to use a program on your computer that can emulate so called „TOTP token“ to generate a time based code.
This is considered less secure because both the password and the second factor occur on the same device, but it is possible.
An application that supports this is for example KeepassXC but you can use any other that complies with TOTP standard.
To set them up, you'll need information, which you'll get if you select "Authentication app", then "I want to use another authentication app", "Next" and "Can't scan the image?".
Useful tips for using MFA
You can add multiple authentication methods or devices to your account. For example, you can add a second phone or phone number as backup in case you lose your main one.
If you have multiple verification methods set up, we recommend checking which is set as your default one - this is done on the same page as you add MFA - "Sign-in method when most advisable is unavailable".
This affects where to look for authentication code when you can't select which device to use - for example when login to VPN.
If you have set up MFA and you are changing your device, you must first set up(add) MFA on the new device and then remove the old one. Otherwise you will most likely end up in a situation where you will not be able to log in at all.
If you have lost your MFA device and have no way to log in, you must contact the Computer Center Technical Support - helpdesk@vscht.cz.
If you have set up MFA for a phone number only and you are going abroad, we recommend that you check that the phone number supports roaming of text messages in that destination. Or set up MFA via the app, it does not have this problem.
A few words about secuirty at the end
We recommend regularly checking the list of methods you have set up and removing those you no longer use.
If you find yourself receiving MFA prompts or codes for logins that you cannot associate with any of your activities (logging in to services, etc.) we recommend that you report this immediately to the Computer Center to investigate a possible security incident.
Although MFA is used to enhance login security, this does not mean that you can resign yourself to checking where you enter your login credentials. While MFA makes identity theft attacks more difficult, it does not completely eliminate them.