As part of ongoing efforts to protect digital identities and related York College information, Information Technology in following guidance and security protocols from our Central Office and other campuses have enabled multi-factor authentication (MFA) for student, faculty and staff on Office 365 email services. In addition MFA was also enabled for VPN Global Protect services.
Below you will find additional information on what Multi-Factor Authentication is all about. However, if you do not have a cell phone to receive the multi-factor code at this time Multi-Factor Authentication will not work properly for you if you are a student. If this is the case read the section below on this topic.
Starting in June 2025, MFA will be enabled for students, faculty and staff for CUNY Login. For information on this plan see information below on "New MFA for CUNY Login" below
How to enroll in MFA
You can go to Office.com and if you are a student login with your student account or if you are staff you can use your CUNYfirst credentials and go to your profile at the top right corner, under your name and then click on "View Account" then go to the tile "Security Info" here you can add phone numbers for the system to contact you when authenticating your identity. You can also follow directions below
Getting MFA Issues and Setup Help During Summer and Semester Start
IT with the support of Administrative Affairs and Academic Affairs will be setting up two dedicated locations for support on MFA setup and or challenges starting August 18th and through the start of the Fall Semester.
Student Gov't Lab
August 18th through August 29th the Student Gov't Lab located next to the Library on the Third floor of the Academic Core will be dedicated to supporting faculty and staff who have yet to activate their MFA or are having issues with MFA setup. The lab will be opened from during the day for dedicated support. Times of operation will be posted at the Lab
Student IT Support at Atrium
Dedicated student support will be provided in the Atrium next to the Welcome Center, IT will have a QLESS kiosk station with dedicated IT staff ready to help students at the start of the Fall Semester. Using QLess students will be able to get in the virtual line without needing to wait around, they will be summoned to the station as soon as the very next available support staff is free. We expect to have coverage as demand requires. This location is to the right of the main entrance coming from GUY R. Brewer Blvd.
Multi-Factor Authentication (MFA) Alternative Options
While the Microsoft Authenticator app is the easiest and most supported option for MFA, we understand that not everyone has access to an appropriate mobile device. Alternative methods are available but should only be used if absolutely necessary due to limited support, setup time, and availability.
If you are unable to use Microsoft Authenticator, please contact IT , as alternative setups require additional time. Use the YConnect Quick Form select "MFA Options Request" from the category drop down, provide brief description and submit .
One supported alternative is the Feitian OTP C200, a small standalone device that offers similar security without relying on Microsoft or mobile platforms. If you choose to purchase one, be aware:
A separate activation key must be requested from the vendor.
Once you have the device and key, submit them to IT so we can initiate a secure ticket with Central.
Central will assign a unique factor to the device using its serial number and activation key.
York will have a limited number of OTP C200s available while we assess broader support needs. Although this option is less convenient than the Authenticator app, it ensures no one is left behind during this transition.
If this applies to you, please act now using the instructions above so we can assist you promptly.
New MFA for CUNY Login June 2025 Plan
In response to a directive from CUNY Central and in alignment with the university’s cybersecurity initiative, York College will immediately begin an accelerated rollout of Multi-Factor Authentication (MFA) and Single Sign-On (SSO) for core student-facing and administrative applications. This initiative is critical to improving account security and aligning with CUNY-wide compliance standards.
Objective
Ensure MFA and SSO are implemented and operational across York College’s essential digital platforms — including CUNYfirst, Brightspace (D2L), EAB Navigate, Zoom, DegreeWorks, CourseDog, — by end of June, in advance of the anticipated mid-July CUNY-wide enforcement date.
Deployment Sequence:
To minimize disruptions and ensure optimal feedback from critical users, the following phased testing and rollout sequence will be followed:
Phase 1: Core Administrative Offices Starting June 2025 (Completed)
Bursar
Financial Aid
Registrar
Admissions
Information Technology
Phase 2: Students July and October 2025 (Sudent enforcement has been push out after the start of Fall Semester)
Pilot group drawn from summer session enrollments and Student Government Association (SGA) volunteers
General student population (with opt-in testing) Completed
We are targeting late September, early October 2025 for enforcement but continue to communicate with students to setup MFA now
IT will have dedicated support for students on this with regular communications to students via email, social media and the York web site.
Phase 3: Academic Faculty July - September 2025 (Ongoing)
Summer session instructors
Full rollout prior to Fall term start
Phase 4: Remaining Administrative Units July - August 2025 (Completed)
Human Resources
Budget and Payroll
Academic Affairs support teams
All other divisions
Technical Coordination
York’s Information Technology Services team will collaborate directly with CUNY CIS to configure and test systems for MFA/SSO compatibility while working with each of the phase teams, testing, tweaking and updating communications, user guides and providing hands on support. The infrastructure will be designed to support:
CUNY Login with MFA
Communication & Support Strategy:
A campus-wide outreach campaign to ensure all user groups are well-informed is under way and supported throughout this transition. This includes:
Pre-implementation announcements via email, web banners, digital signage, and campus monitors
Step-by-step user guides tailored to each user group as we gather feedback from testing
Live Teams & Zoom help sessions and in-person MFA activation stations during peak periods as well as scheduled open workshops during July and August 2025
Support for returnees (faculty and students) who may encounter the new MFA protocols for the first time in August 2025(communications will go out all during August)
Current York MFA Landscape:
York has already adopted MFA for several institutional systems, including:
VPN – Global Protect
Microsoft M365 (Email / Teams /OneDrive, etc.)
New QLESS Tempo (To be released in the Fall 2025)
What is MFA?
Multi-factor authentication (MFA) is a security enhancement that requires two forms of verification when using your Office365 Login and adds critical protection for your sign-on credentials.
MFA for CUNY Office 365 Logon was deployed in 2021 due to a dramatic rise in the scope and sophistication of phishing, spear phishing, and malware attacks that are targeting our students, faculty, and staff. The high rate of successfully compromised passwords is a severe and pervasive threat to information security at York College. In 2025 we are once again having to take additional steps to protect against cyber threats and are expanding our MFA coverage to include additional core University applications.
Once MFA is activated you will receive alerts when you go to login to CUNY core systems as you have with Office365 previously asking you to set up your MFA credentials.
MFA is also used for VPN access. Click on this link if you need to connect remotely to a computer on campus MFAVPN
Setting Up CUNY Login MFA - Quick Start Video
CUNY is adding multi-factor authentication (MFA) to CUNY Login. CUNY Login MFA will provide more secure access to CUNY applications and services and better protect your and CUNY’s data from cyber-attack.
