SUNY Broome moves to MFA to further secure our Portal Logins.
Multi-Factor Authentication (MFA) is a technology that protects your accounts from being hacked, phished, brute-forced, or otherwise compromised. MFA combines something you know (your username and password) with something you have (your cell phone or email account) in order to protect logins to your account. SUNY Broome is again ahead of the curve when it comes to information systems and in this case, IT Security.
The current MFA roll out plan covers three (3) Tiers.
TIER 1 – Elevated Security Users – no Security Questions, no Trusted Device(s)
TIER 2 – Faculty & Staff – No Security Questions, Trust Device(s) allowed (trust lasts 30 days)
TIER 3 – Students – Security Questions allowed, Trusted Devices allowed (trust lasts 30 days)
Let’s move through the “Onboarding” of the MFA system. This procedure only has to be done once and consists of these few steps.
- Go to MyCollege at mycollege.sunybroome.edu
- Login using your Campus/BCCNET username and password.
- Re-enter your password. A required step when going into this secured area. If you are seeing this screen after logging in, it means you haven’t onboarded with MFA yet and will be required to do so during the next steps.
- Set up your Account Recovery Settings (use for MFA answers). Select “Get Started” under “Account Recovery Settings” on the left tab.
- Fill out at least one recovery method. You can choose one, or all of them, but at least one second factor (email, phone) needs to be filled out besides your primary email, which is automatically set.
- Enter a secondary email address. Your sunybroome.edu email address is automatically entered as the Primary verified email address. If you do use a secondary email address, it is recommended that you secure that account with MFA as well. Enter in a secondary email address and select “Verify” to send a 7-digit code to your email address.
- Enter your verification code. Enter in the 7-digit code that you received in your secondary email.
- You will see a green check mark next to your email address once it’s successfully verified. The tab color will also turn green.
- Enter your phone number. Enrolling your personal phone number is voluntary and is subject to your own phone rates. Select “verify” to send a 7-digit code to your phone via SMS text message.
- Enter your verification code. Enter in the 7-digit code that you received on your cell phone.
- You will see a green check mark next to your phone number once it’s successfully verified. You can select update if you wish to change it to a different number.
- Enter a secondary email address. Your sunybroome.edu email address is automatically entered as the Primary verified email address. If you do use a secondary email address, it is recommended that you secure that account with MFA as well. Enter in a secondary email address and select “Verify” to send a 7-digit code to your email address.
- Login with MFA. The NEXT time you Login to the MyCollege portal using your BCCNET credentials, now that you have onboarded, you should receive a prompt for “Additional Security Verification”. Select a verification option to continue.
- Enter your secure code sent to your second factor.
Notes: The OTP timer is 59 (displayed at 38 seconds above) seconds and counts down to zero. This is only important if you need to SEND another key code. Each code will last 15 minutes before another key code is needed. - [Optional] View or change your MyMFA settings. After Onboarding you can go back into the MFA area by selecting the MyMFA under the QuickLaunch. You can update your MFA settings from “Account Recovery Settings”, view devices you’ve logged in from and untrust devices from “My Devices” and even change your password
The Procedure flow to change your password on the next login: (4/23/2024 – and campus wide password change will be implemented for faculty and staff)
This procedure will happen when logging into MyCollege portal
1. Login
2. Your password needs to change and you’ll see a message on top of the login: To Secure your account, please set new password here: resetting it now.
3. Enter your Username (Note the Guidelines for your new password) Passwords must be at least 14 characters in length and contain three of the following categories: lowercase letters, UPPERCASE LETTERS, numbers (1234), special characters (!@#$).
4. Verify it is really YOU making this change by sending a code to one of your email factors. Select one of your email addresses.
5. Go to your email address, grab the code, and enter it in.
6. Enter your new password. Hover over the “i”(information) to see the requirements again.
7. Enter new password
8. Notice the Red box if Passwords DON’T Match
9. You’ll get a success message: We’re all set! You can Login Now or wait the few seconds to get the MyCollege Login screen
10. Login with your new password!
11. Verify it is you with one of your MFA factors.
12. Enter your code.
13. It’s logging you in …
14. You are in! Congratulations, you successfully changed your password using Mycollege.