Introduction
Two-factor authentication (2FA) will prompt you to enter a one-time passcode provided via text message, a mobile authenticator app, or a hardware token when you log in from personal devices. In the event that your password is compromised, this adds an extra layer of protection that is more difficult to bypass.
You can manage your two-factor methods by visiting this link and signing in with your WHCCD account.
Available Two-Factor Methods
The following table lists the available authentication methods that you can register. For the best mix of security and convenience, we recommend using an authenticator app, but other methods are still reasonably secure as long as you take proper precautions.
| Method | Convenience | Security | Notes |
| SMS | High | Good | SMS is susceptible to phishing if an attacker can trick you into logging into a fake login page. Though not likely, it's also possible for attackers to steal people's phone numbers. |
| Authenticator Apps and Hardware Tokens (TOTP) | Medium | Better | TOTP can be done by authenticator apps (like Microsoft Authenticator or Google Authenticator), by hardware tokens and software on your PC. They are susceptible to phishing if an attacker can trick you into logging into a fake login page. |
| Passkeys (device-bound) | Low | Best | YubiKey 5 devices are in this category. This method offers the best security but may not work in all situations. |
Recommended Two-Factor Method
For increased security, we recommend using an authenticator app instead of SMS. While SMS is still reasonably secure, in rare cases, it's possible for a phone number to be hijacked or text messages intercepted by attackers.
For more detailed information on the security of various Two-factor methods, see this article.
Authentication Methods:
- Add an Email Address
- Add a Phone
- Add the Microsoft Authenticator App
- Add a Third-Party Authenticator App
- Add a Hardware Token
- Add a YubiKey 5 Device
- Removing a two-factor authentication Method
Add an Email Address
Note that an email address can only be used to reset your password. It cannot be used to sign-in.
Log into the My Account page, click on Security info, and click on Add sign-in method.
On the Add a sign-in method dialogue, click on Email.
Type in the email address that you want to add and click Next.
A code will be sent to the email address that you entered. Retrieve the code and enter it into the dialogue.
If successful, the email address will show up in your list of sign-in methods.
Add a Phone
Log into the My Account page, click on Security info, and click on Add sign-in method.
On the Add a sign-in method dialogue, click on Phone.
Enter the phone number that you want to register and click Next
Enter the code you receive and click Next.
If successful, the phone will show up in your list of sign-in methods.
Add the Microsoft Authenticator App
Log into the My Account page, click on Security info, and click on Add sign-in method.
On the Add a sign-in method dialogue, click on Microsoft Authenticator.
To use the default choice of Microsoft Authenticator, click Next and follow the instructions
After scanning the QR code in the Authenticator app, click Next and follow the instructions.
Add a Third-Party Authenticator App
Log into the My Account page, click on Security info, and click on Add sign-in method.
On the Add a sign-in method dialogue, click on Microsoft Authenticator.
To use an authenticator app other than Microsoft Authenticator, click on "I want to use a different authenticator app" and follow the instructions.
After scanning the QR code in the Authenticator app, click Next and follow the instructions.
Add a Hardware Token*
* Hardware tokens must be pre-configured by WHCCD's IT staff in order to be used. They are reserved for special situations where users do not have access to other methods.
On the Add a sign-in method dialogue, click on Hardware Token.
Click Next
On the next dialogue, enter the serial number from the back of the hardware token and click Next.
*SafeID/QR Pro hardware tokens
In limited cases, WHCCD may issue a SafeID/QR Pro hardware token. These devices display a serial number on the device and contain multiple token slots numbered 0 through 99.
When registering a SafeID/QR Pro token, enter the serial number shown on the device and append the displayed token slot as a suffix in the format -xx. Use the slot number shown to the left of the entry (not the “Student” label) when appending the suffix.
Token slots 0–9 must be zero-padded (for example, slot 7 → -07). Valid suffix values range from -00 through -99.
The device displays token slots in groups of five per screen; be sure to note the correct slot number when registering your token.
Enter the code from the token and click Next. You may need to press the power button on the token to get the code to appear.
If the serial number and code is correct, you will see a success dialogue.
Add a YubiKey 5 Device
Log into the My Account page, click on Security info, and click on Add sign-in method.
On the Add a sign-in method dialogue, click on Security Key.
Click on USB device
After reading the directions carefully, click on Next
Click Next.
You will be asked where to save the passkey. Select Security Key and click Next.
Click OK on the following prompts:
Insert your security key when prompted.
You may be prompted to create a PIN for your security key:
If a PIN has already been set for your key, you will be prompted to enter your existing PIN:
If you are prompted to enter a PIN and you don't know what it is, please contact ITS for assistance.
For instructions on how to change your PIN, see this article.
You will be prompted to touch your security key
If you just set up your PIN, you may see this message briefly and be asked to touch your key again.
You will see a confirmation that your passkey has been saved.
You will be asked to give your key a name, type in a name and click Next.
Removing a two-factor authentication Method
To remove a two-factor authentication method, log into the My Account page, click on Security info, and click on Update Info.
Click on Delete next to the sign-in method that you wish to delete.
Note, that you cannot delete a sign-in method that is set as your default. To change your default sign-in method, click on Change, next to Default sign-in method. If you don't have another sign-in method set up, you will need to set a new one up first.
Comments
0 comments
Please sign in to leave a comment.