Language:
SEARCH
  • Recent Posts

  • Categories

  • Archives

General

User Guide: Multi-Factor Authentication (MFA) with Google Authenticator app

Monday, October 2nd, 2023

Multi-factor Authentication (MFA) is an authentication method that requires the user to provide two or more verification factors to gain access to a resource such as an application (e.g., SUNFin and SUNStudent), an online account, or a VPN. MFA is a core component of a strong identity and access management (IAM) policy.

SU has implemented the Google Authenticator App method to authenticate with your Huawei mobile device or any other mobile device that does not have the Microsoft Authentication app available in their app store.

In this document we show you how to register your device: 

MFA with Google Auth app – How to guide

Microsoft Security Update

Thursday, September 28th, 2023

The use of an authenticator application as a method to verify your identity with Multi-Factor Authentication (MFA) is now a COMPULSARY requirement from Microsoft. 

You need to install the Microsoft Authenticator application on your Android or Apple smartphone or tablet as soon as possible.

In this PDF below is what you can expect to experience well as how to install the app when Microsoft starts the deployment.

How to set up Microsoft Authenticator

The latest password regulations

Wednesday, September 27th, 2023

 

A lot of people still underestimate the importance of having a secure password and make the mistake of using simple words and numbers as a password. Keep in mind that your email and social media accounts contain very personal information about you. You must have a strong password to keep your personal life personal, and not become a victim of identity theft. 

Here we provide you with standards and guidelines for the creation of strong passwords, the protection of those passwords and the frequency of change. 

Password requirements

Length:

Must be at least 14 characters long
Use a passphrase like a sentence, for example Coffee1_first!

Complexity:

Use alphanumerical characters for example: C0ff33_f1rst!
At least one uppercase letter (A-Z)
At least one lowercase letter (a-z)
At least one number (0-9)
At least one special character (~!@#$%^&*()_+”:?> (leaving a space is also a character but not at the end of the passphrase)

History:

The passwords are stored in a history list keeping a record of the last 10 passwords

Age:

The minimum password age is set to 30 days

Banning:

A deny list will prevent users from using password from dictionaries, repetitive or sequential characters

User responsibility

  1. Stellenbosch University (SU) passwords must meet the requirements outlined in the requirements section
  2. SU passwords must be unique and different from other personal services
  3. SU passwords must be changed and the request to change will be by the system
  4. SU passwords may not be shared
  5. SU passwords must never be written down

Reset options

Self-service Password Reset

OR Send an email to info@sun.ac.za or help@sun.ac.za

PLEASE NOTE: A user’s identification must be verified either in person or video conference

SU Password Regulations

Computer Literacy and Digital Literacy – not the same thing

Wednesday, June 7th, 2023

Computer and Digital Literacy are two separate things, but they go together. For us to be effective, responsible technology users, we need to have both. In this article we explore the difference between these two concepts, and why it is important to develop digital literacy skills.

What is computer literacy?

Computer literacy is defined as the knowledge and ability to use computers and related technology efficiently, with skill levels ranging from elementary use to computer programming and advanced problem solving. Those who are computer literate have the ability to perform basic tasks on the computer. For example, switching on your computer, knowing how to access the internet, navigating a browser, and operating software systems, and completing any other tasks that make it possible to do your job.

What is digital literacy?

Digital literacy is the ability to navigate our digital environment using reading, writing, critical thinking and technical skills. It’s about using technological devices such as a smartphone, laptop or tablet, to find, evaluate and communicate information. So, digital literacy goes beyond computer literacy because it gives individuals the power to connect around the world. 

Why is digital literacy important?

Digital literacy skills are essential for participating in the modern economy. Digital literacy can play a powerful role in helping people connect, learn, engage with their community, and create more promising futures. Simply reading articles online does not address digital literacy, so it is important for everyone to understand the variety of content and possibilities that are accessible online.

  • Efficient Communication: Digital literacy improves communication that creates a more efficient workflow. It allows employees to communicate with each other through various platforms, such as email, instant messaging, video conferencing, and social media.
  • Enhances Problem-Solving Skills: With digital literacy, employees can access vast amounts of information through the internet, which allows them to research solutions to complex problems, find relevant data, and make informed decisions.
  • Increases Efficiency: Digital tools such as automation, online collaboration platforms, and project management software can increase efficiency in the workplace.
  • Improves Creativity: Digital literacy can also foster creativity in employees by providing access to various digital tools that can unleash their creative potential and produce high-quality content.
  • Better Time Management: Digital literacy can help employees manage their time more effectively.
  • Online Security: Digital literacy skills help individuals understand the importance of securing their online information and the potential risks of cyber-attacks.
  • Artificial Intelligence (AI): Digital literacy skills are crucial for leveraging AI’s benefits.
  • Big Data: Digital literacy skills have become essential for individuals to interpret and analyse vast amounts of data effectively.
  • Social Media: Digital literacy skills are essential for using social media safely and responsibly. It enables individuals to identify potential risks associated with social media.

Start your digital literacy pathway

With the Microsoft Digital Literacy classes, you can gain skills needed to effectively explore the internet. 

Sources:

YOTTABYTE

LinkedIn

Microsoft

Futurelab

SU IT Digital Literacy in a nutshell

Number matching enabled by default for all Microsoft Authenticator users

Tuesday, May 16th, 2023

Microsoft Authenticator app’s number matching feature has been generally available since November 2022. If you have not already leveraged the rollout controls (via Azure Portal Admin UX and MSGraph APIs) to smoothly deploy number matching for users of Microsoft Authenticator push notifications, we highly encourage you to do so.

Microsoft extended the availability of the rollout controls until 8 May 2023, to deploy number matching in their organisations. Microsoft services started enforcing the number matching experience for all users of Microsoft Authenticator push notifications since then.

Please note

The expected behaviour for NPS extension have been changed to be more admin friendly. NPS versions 1.2.2216.1+ will be released once Microsoft starts to enable number matching for all Authenticator users. These NPS versions will automatically prefer OTP based sign-ins over traditional push notifications with the Authenticator app. An admin can choose to disable this behavior and fallback to traditional push notifications with Approve/Deny by setting the registry key OVERRIDE_NUMBER_MATCHING_WITH_OTP Value = FALSE. Previous NPS extension versions will not automatically switch Authenticator push notification authentications to OTP based authentications. 

How does this affect the university?

To prevent accidental approvals, admins can require users to enter a number displayed on the sign-in screen when approving an MFA request in the Microsoft Authenticator app. This feature is critical to protecting against MFA fatigue attacks which are on the rise.

Another way to reduce accidental approvals is to show users additional context in Authenticator notifications. Admins can now selectively choose to enable the following:

  • Application context: Show users which application they are signing into.
  • Geographic location context: Show users their sign-in location based on the IP address of the device they are signing into.

Number match behaviour in different scenarios going forward

  1. Authentication flows will require users to do number match when using the Microsoft Authenticator app. If the user is using a version of the Authenticator app that doesn’t support number match, their authentication will fail. Please make sure upgrade to the latest version of Microsoft Authenticator (App Store and Google Play Store) to use it for sign-in.
  2. Self Service Password Reset (SSPR) and combined registration flows will also require number match when users are using the Microsoft Authenticator app.
  3. ADFS adapter will require number matching on versions of Windows Server that support number matching. On earlier versions, users will continue to see the “Approve/Deny” experience and won’t see number matching till you upgrade.

          o  Windows Server 2022 October 26, 2021—KB5006745 (OS Build 20348.320)

          o  Windows Server 2019 October 19, 2021—KB5006744 (OS Build 17763.2268)

          o  Windows Server 2016 October 12, 2021—KB5006669 (OS Build 14393.4704)

  1. NPS extension versions beginning 1.2.2131.2 will require users to do number matching after May 2023. Because the NPS extension can’t show a number, the user will be asked to enter a One-Time Passcode (OTP). The user must have an OTP authentication method (e.g. Microsoft Authenticator app, software tokens etc.) registered to see this behaviour. If the user doesn’t have an OTP method registered, they’ll continue to get the Approve/Deny experience. You can create a registry key that overrides this behaviour and prompts users with Approve/Deny. 
  2. Apple Watch will remain unsupported for number matching. We recommend you uninstall the Microsoft Authenticator Apple Watch app because you have to approve notifications on your phone. 
 

© 2013-2024 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.