Microsoft Multi-Factor Authentication required for West Lafayette faculty and staff email starting in February 2022

Starting in February 2022, all West Lafayette faculty and staff will be required to use Microsoft Multi-Factor Authentication as part of the security measures for protecting their @purdue.edu email.  

More than 23,000 faculty, staff and students have already started using Microsoft MFA since the requirement was announced in October.  Microsoft MFA protects users by requiring a second form of authentication, in addition to your career account password, when signing into Office 365 applications (including Outlook email). Options include receiving a text message or audio phone call, or using the Microsoft Authenticator App to authenticate.  

Faculty and staff who have not signed up to use Microsoft MFA will receive an email on Tuesday, Feb. 1, with instructions on how to set up authentication for their accounts. Users will then have two weeks to set up their authentication method. After the two-week period, faculty and staff on the West Lafayette campus who have not set up an authentication method will be unable to access their email until multi-factor authentication setup has been completed.  

At any time prior to Feb. 1, West Lafayette faculty and staff may start using MFA by filling out the form found here (Purdue retirees without BoilerKey can sign up here). After you register, you will receive an email with follow up instructions for setting up MFA. The process takes about 5 minutes and is self-paced; only 2.1 percent of those enrolled contacted ITaP’s Customer Service Center for help.

Protects your information, reduces phishing attempts 

Microsoft MFA, which when implemented fully on campus, is expected to drastically reduce the number of phishing emails in inboxes. While users should still approach suspicious emails with caution, the use of multi-factor authentication will dramatically improve information security for everyone.  

“The days of single-factor authentication are over – there is simply too much valuable personal information online, and everyone has a responsibility to do what they can to protect it,” says Ian Hyatt, chief information officer and head of Information Technology at Purdue. “Implementing Microsoft MFA not only helps protect your personal information – but it adds an extra layer of protection for all emails at Purdue. The good news is for most people, MFA has been quick to set up and easy to use – we have received very few calls to our Customer Service Center from people needing help.”  

Although similar to BoilerKey, Microsoft MFA differs in that it does not require the user to authenticate every time they check their email. Purdue requires users to log in using their MFA credentials once every 90 days. Users who sign out of their Microsoft account, clear their browser cache, or log in from a new device will also be prompted to use MFA when signing in again. 

Those with questions about Micrsoft MFA can visit itap.purdue.edu/mfa, to learn more about how authentication works, what to do if you do not have a smartphone and where to get help if you have additional questions.  

Last updated: Jan. 18, 2022