Protect your email, help end phishing attacks: Microsoft MFA to be required soon

Since the start of the fall semester, more than 12,000 students, faculty and staff have registered for Microsoft Multi-Factor Authentication, the new two-step verification system designed to protect University email.  

All users on the West Lafayette campus will be required to register for Microsoft MFA soon. Faculty and staff will be required to use it by the end of January 2022; student accounts are being added gradually throughout the fall and spring semester.

Microsoft MFA will also be implemented on the campuses of Purdue Fort Wayne and Purdue Northwest. A pilot is being mapped out with Purdue Northwest IT staff. Purdue Fort Wayne will not be involved in the initial pilot. Users at both PFW and PNW will receive more information from their local IT departments in the spring. 

Microsoft MFA protects users by requiring a second form of authentication, in addition to your career account password, when signing into Office 365 applications (including Outlook email). Options include using text messages, audio phone call, or the Microsoft Authenticator App to authenticate. 

Anyone may start using MFA by filling out the form found here. After you register, you will receive an email with follow up instructions for setting up MFA. The process takes about 5 minutes. 

Protect yourself, Protect Purdue (and help end phishing spam) 

Setting up MFA not only helps protect your own personal and professional information but should also drastically reduce the phishing attacks appearing in your inbox.  

In 2021, the West Lafayette campus has experienced over 4,200 compromised accounts, more than double the number in 2019. Most of the compromised accounts started with someone clicking a link in a phishing email.  

"MFA will force anybody logging in to a Purdue email account to know both the password and have something with them,” says Anthony Newman, Chief Information Security Officer for ITaP. “Nearly all of our phishing campaigns are because there is a compromised account or in many cases, lots of compromised accounts. Once 100 percent of our students, staff and faculty have MFA for Office 365, there will be a very low likelihood of any additional compromised accounts, thus drastically reducing successful phishing campaigns.”  

Register your organization, department, or college  

Already multiple departments and student organizations on the West Lafayette campus - including Physical Facilities, ITaP, Residence Hall Advisors and Panhellenic organizations - have requested that all their members be registered for MFA now, instead of waiting for the January deadline.  

Any campus department or college can request that their organization be automatically registered for MFA by talking to their local IT group. Once a department is added to Microsoft MFA, users would still have 14 days to set up MFA before it is required to access email, giving individuals the opportunity to setup MFA at a convenient time. Once the grace period ends, an MFA method will be required before an user can access email and other Microsoft applications.  

Have questions about MFA? 

To learn more about Microsoft MFA, visit 

There you can find answers about how to set up MFA for email on your phone, how to change your authentication methods and how often you will be prompted to use MFA (Answer: Much less than BoilerKey). 

Last updated: November 10, 2021