Introduction
When signing into online accounts, a process we call “authentication”, you’re proving to a service that you are who you say you are. Traditionally that is done with a username and password. Unfortunately, that practice alone is not enough to ensure the security of your accounts. Usernames are often easy to discover; sometimes they're just your email address. Since passwords can be hard to remember, people tend to pick simple ones, or use the same password at many different sites.
That’s why the Virginia's Community College System (VCCS) has decided to enforce the use of “Two-Step Verification” AKA “Multifactor Authentication (MFA)” on all MyMECC/MyVCCS accounts.
MFA requires you confirm your authentication buy using a second “factor” to ensure you are the individual who is signing into your account. The factors that can be used for MyMECC/MyVCCS authentication are listed below; one of these four factors must be implemented. Choose one of these four factors and configure as indicated in the instructions below:
Time-Based One Time Password – Recommended (Also utilizes a smart phone application. TOTP is a onetime password that is only usable for 30-60 seconds, must use one of the following smartphone apps: Microsoft Authenticator, Rapid Identity PingME, Google Authenticator) Note: MECC users already utilizing Microsoft Authenticator for MFA may want to consider this option.
Password + SMS – (This method is the least secure method and should only be used if you don’t have a smartphone. This method uses the mobile number entered in SIS. If the “Mobile” number needs to be changed in SIS, go to the Student Information System, and update your cell number or submit an information change request to Enrollment Services.) FIDO key – Page 11 (A piece of hardware that plugs into the USB of your PC and acts as a second “factor” of authentication. This hardware device must be purchased before configuration of MFA can take place. The device must be FIDO U2F compatible. Name brands like Yubikey and Feitian are recommended.) This document intends to provide instructions for setting up MFA as a second method of authentication when signing into your MyMECC/MyVCCS account. Please configure MFA on your account using one of the authentication methods below. If you require assistance configuring MFA on your account, submit a helpdesk ticket to MECC helpdesk detailing your issues by emailing helpdesk@mecc.edu.
Push Authentication – (Better known as push notification, this method will send a notification to a smartphone application called “Rapid Identiy PingME” from which you will approve your authentication attempts. It is highly recommended to have biometric turned on your phone (Fingerprint ID, faceID, etc). If biometrics are turned off or are not available on your device, TOTP may be a better option.)