Multi-Factor Authentication (MFA) Strategy

MFA Strategy

In alignment with McLennan Community College’s (MCC’s) strategic goals, the college will implement Multi-Factor Authentication (MFA) using the Duo Security application.

The purpose is to ensure confidentiality of college data and protect related services. The information below will help you prepare for MFA and answer any questions you may have.

What is multi-factor authentication (MFA)

MFA is a security feature which requires you to verify your identity multiple ways before accessing your account. For example, your identity could be verified using your mobile device or fingerprint.

How it Works

  • Enter your name or password as usual
  • Use your registered device to verify your identity
  • Securely login in

Why is MFA important?

Relying solely on passwords is no longer a dependable way to protect your account. Over 80% of web application breaches involve stolen or compromised login credentials. These credentials can be obtained through phishing attacks, reused passwords, weak security habits, or exposure to data breaches—often without your knowledge.

Multi-Factor Authentication (MFA) adds an extra layer of security by requiring a second form of verification when you log in. This additional step helps block unauthorized access to MCC systems, even if your password has been compromised. By using MFA, you help protect both your personal information and sensitive college data.

When will MFA be required at MCC?

Duo MFA will be implemented at McLennan Community College during July and August 2025. It will be required for all faculty, staff, and students as part of MCC’s broader effort to strengthen account security and reduce the risk of unauthorized access.

Scope of MFA Requirements

MFA will be enforced for key services that use MCC’s single sign-on (SSO) platform, including but not limited to, Brightspace, MyMCC, VPN (Virtual Private Network), and Microsoft 365 (Outlook, OneDrive, Teams).

Additional services may be added in future implementation phases, based on institutional risk assessments and system compatibility.

Trusted Device Features

Users will have the option to “remember” their trusted devices for a defined period. Once a device has been authenticated using MFA, the system will minimize repeat prompts by maintaining the device’s trusted status for up to 30 days. This feature reduces disruption while maintaining security for regular users on secure devices.

Re-authentication Scenarios

In some cases, users may be asked to re-authenticate using MFA more often. This includes:

  • Logging in from a new location or IP address
  • Switching to a different browser or device
  • Employees working remotely or accessing VPN
  • Using administrative credentials to access sensitive or confidential data

MCC may apply exceptions where technical limitations prevent MFA enforcement. These exceptions will be reviewed and/or approved, by Cybersecurity, on a case-by-case basis through an IT Exception Request.

What are the approved MFA Options?

While there are several MFA options available,  Duo Mobile app is the recommended enterprise-wide MFA option for MCC. 

Other options (for accessibility compliance and users without smartphone) are available on a limited basis, for purchase from the MCC Bookstore:

  • Duo hardware tokens ($) – one-time passcode, for use with Duo security
  • YubiKeys ($$) – more flexibility, for use across multiple platforms

Phone call or SMS will be limited and optional. 

FAQs/Common Issues

Visit IT Hub articles: MFA FAQs and  Duo Common Issues to learn how to troubleshoot common issues, such as:

  • I need to reactivate Duo Mobile
  • I use Duo Mobile to generate passcodes for services like Instagram and Facebook, and I can't log in.
  • My hardware token stopped working.
  • I am running an older version of iOS, and I am not able to install the current version of Duo Mobile from the App Store on my device.

Where can I find more information about these changes?

Visit the MFA Project page or contact the Help Desk ( helpdesk@mclennan.edu), and we will be happy to help address your questions or concerns.

Last updated: 6/12/202

Contact Hours

Information on Tech Support
Questions?

Please contact Tech Support