Body
Multi-Factor Authentication: User Guide
Summary: This guide explains how to use Multi-Factor Authentication (MFA) with your PUNet ID, including how to set up Time-based One-Time Passwords (TOTP), switch between methods, and manage your recovery email.
Overview: How MFA Log-In's Work
MFA adds a layer of security by requiring a unique code in addition to your password. There are two methods available: Simple (Email) and TOTP (Authenticator App).
Method 1: Simple MFA (Email-based)
This is the default method if you have not configured an authenticator app.
This method will use your recovery address (personal email) to send you a verification code. Here is how it should work:
-
Enter your valid PUNet ID and password.
-
An 8-digit code is immediately emailed to the recovery address attached to your account.
-
Enter the code into the prompt to complete the login.
Method 2: TOTP (Authenticator App)
This method requires a configured app (like Google Authenticator) on your smartphone.
-
Enter your valid PUNet ID and password.
-
Open your authenticator app and view the 6-digit code for Pacific University.
-
Enter the code into the login prompt.
-
Note: If you have multiple devices configured, you can select which device to use at this stage.
-
Security Limit: The system will lock after 5 invalid attempts.
Login Options: Public Workstation vs. Remember Me
When logging in, you will see check boxes for "Public Workstation" and "Remember Me." These determine how long you stay logged in.
Selecting the Session Duration by Scenario
Public Workstation - 0 Hours
- Labs, Libraries, Kiosks.
- You must authenticate again the next time you are prompted.
Remember Me - 8 Hours
- Personal/Private devices only.
Neither (Default) - 4 Hours
- Standard use if no option is selected.
Setting Up TOTP (Google Authenticator)
TOTP is recommended for a faster login experience that doesn't rely on email delivery speeds.
Prerequisites: Download the Google Authenticator app (or similar) on your phone.
-
Log into myAccount.
-
Navigate to Multifactor Authentication.
-
Under the "TOTP" heading, click the Add Device button
-
A QR code and a Secret Key will appear.
-
Click Confirm.
-
Enter the 6-digit code generated by your app into the browser prompt to verify the connection.
Result: If successful, your account is automatically switched to use this new TOTP device for future logins.
Note: You cannot delete your last remaining TOTP device without contacting UIS. However, you can add multiple devices (e.g., an iPad and a Phone) and choose between them at login.
Managing Your MFA Settings
How to Switch Between Methods
If you want to swap between receiving codes via Email (Simple) and using an App (TOTP):
-
Log into myAccount.
-
Go to Multifactor Authentication.
-
Ensure you have at least one TOTP device defined.
-
Look for the text displaying your current provider (e.g., "Current Provider: Simple").
-
Click the Switch Providers button directly below it.
How to Change the Email Address for "Simple" Authentication
The recovery address set for resetting your PUNetID password is the same address our system uses for the "Simple MFA" codes are sent.
-
Log into myAccount.
-
Click on Recovery Email Address.
-
Update your email address.
Important Warning regarding Microsoft Emails: UIS recommends not using a Microsoft hosted email due to their aggressive filtering that often delays or blocks MFA codes. This can prevent you from logging in with the "simple" method.
- Avoid:
@outlook.com, @hotmail.com, @live.com, @msn.com, @office365.com.
- Note: Alumni or business addresses can be hosted by Microsoft (e.g., other universities using Office 365).
Troubleshooting
-
Simple MFA Code not arriving? Check your spam folder. If you are using a Microsoft-hosted email (Hotmail, Outlook, etc.), you may need to change your recovery email to a different provider (like Gmail or Yahoo) to ensure consistent delivery.
-
Need to switch devices? If you have multiple TOTP devices set up, look for the option to "Change Device" on the login screen.