Multi-Factor Authentication (MFA)

Resource on MFA

Below you will find additional information on what Multi-Factor Authentication is all about. However, if you do not have a cell phone to receive the multi-factor code at this time Multi-Factor Authentication will not work properly for you if you are a student. If this is the case read the section below on this topic.

As part of ongoing efforts to protect digital identities and related York College information, Information Technology in following guidance and security protocols from our Central Office and other campuses have enabled multi-factor authentication (MFA) for student, faculty and staff on Office 365 email services. In addition MFA was also enabled for VPN Global Protect services.

Starting in June 2025, MFA will be enabled for students, faculty and staff for CUNY Login. For information on this plan see information below on "New MFA for CUNY Login" below

Information on how to enroll in MFA: ( You can go to Office.com and if you are a student login with your student account or if you are staff you can use your CUNYfirst credentials and go to your profile at the top right corner, under your name and then click on "View Account" then go to the tile "Security Info" here you can add phone numbers for the system to contact you when authenticating your identity. You can also follow directions below)

How do I Enroll in MFA for M365 - setting up numbers for system contact?

Additional information on security awareness and cybersecurity:

CyberSecurity Awareness

If you need help, contact IT Services. All requests can be initiated via:

YConnect Self Service
Email: helpdesk@york.cuny.edu
Helpdesk hotline 718-262-5300

All About MFA including Setting UP

MFA If You Do Not Have a Mobile Device

Contact our Service Desk by filling out the following a form in the "Remove MFA" link below and cut and paste the following message in the comments: " I do not have a cell phone and therefore cannot participate in the MFA additional security at this time, please reset my account"

Remove MFA - ( For Students Only) IT department will validate your request. If the statement above is not in the comments section of the form we will not be able to remove MFA. THIS DOES NOT APPLY TO NEW CUNY ID MFA

New MFA for CUNY Login June 2025

In response to a directive from CUNY Central and in alignment with the university’s cybersecurity initiative, York College will immediately begin an accelerated rollout of Multi-Factor Authentication (MFA) and Single Sign-On (SSO) for core student-facing and administrative applications. This initiative is critical to improving account security and aligning with CUNY-wide compliance standards.

Objective

Ensure MFA and SSO are implemented and operational across York College’s essential digital platforms — including CUNYfirst, Brightspace (D2L), EAB Navigate, Zoom, DegreeWorks, CourseDog, — by end of June, in advance of the anticipated mid-July CUNY-wide enforcement date.

Deployment Sequence:

To minimize disruptions and ensure optimal feedback from critical users, the following phased testing and rollout sequence will be followed:

Phase 1: Core Administrative Offices Starting June 2025

Bursar
Financial Aid
Registrar
Admissions
Information Technology

Phase 2: Students July and August 2025

Pilot group drawn from summer session enrollments and Student Government Association (SGA) volunteers
General student population (with opt-in testing)

Phase 3: Academic Faculty July - September 2025

Summer session instructors
Full rollout prior to Fall term start

Phase 4: Remaining Administrative Units July - August 2025

Human Resources
Budget and Payroll
Academic Affairs support teams
All other divisions

Technical Coordination

York’s Information Technology Services team will collaborate directly with CUNY CIS to configure and test systems for MFA/SSO compatibility while working with each of the phase teams, testing, tweaking and updating communications, user guides and providing hands on support. The infrastructure will be designed to support:

CUNY Login with MFA

Communication & Support Strategy:

A campus-wide outreach campaign to ensure all user groups are well-informed is under way and supported throughout this transition. This includes:

Pre-implementation announcements via email, web banners, digital signage, and campus monitors
Step-by-step user guides tailored to each user group as we gather feedback from testing
Live Teams & Zoom help sessions and in-person MFA activation stations during peak periods as well as scheduled open workshops during July and August 2025
Support for returnees (faculty and students) who may encounter the new MFA protocols for the first time in August 2025(communications will go out all during August)

Current York MFA Landscape:

York has already adopted MFA for several institutional systems, including:

VPN – Global Protect
Microsoft M365 (Email / Teams /OneDrive, etc.)
New QLESS Tempo (To be released in the Fall 2025)

What is MFA?

Multi-factor authentication (MFA) is a security enhancement that requires two forms of verification when using your Office365 Login and adds critical protection for your sign-on credentials.

MFA for CUNY Office 365 Logon was deployed in 2021 due to a dramatic rise in the scope and sophistication of phishing, spear phishing, and malware attacks that are targeting our students, faculty, and staff. The high rate of successfully compromised passwords is a severe and pervasive threat to information security at York College. In 2025 we are once again having to take additional steps to protect against cyber threats and are expanding our MFA coverage to include additional core University applications.

Once MFA is activated you will receive alerts when you go to login to CUNY core systems as you have with Office365 previously asking you to set up your MFA credentials.

For additional information on MFA visit CUNY MFA Website

Information Technology