Legacy Alumni MFA

Launch point for MFA self-service for grandfathered alumni/emeriti email account holders.

Just give me the instructions to set up the YubiKey already...

First things first - you need to install the Yubico Authenticator and purchase a YubiKey 5 Series of your choice.

Once you have Yubico Authenticator installed on your computer, and your YubiKey 5 Series in-hand, please follow these instructions to set up Yubico Authenticator using your YubiKey 5 as your TOTP OATH token for Stout email MFA.

From your computer, open your browser and go to https://aka.ms/mysecurityinfo and sign in with your Stout Credentials. If you're on someone else's computer, open your browser with Incognito/Private mode so your password isn't stored.
Call the helpdesk (715-232-5000) and request a "Temporary Access Pass" if you cannot sign in, and/or need general help, then follow the steps below once you're in.

Click on Add sign-in method
From the dropdown menu, choose Authenticator app then Add
Click on I want to use a different authenticator app near the bottom:
Click next on the following page
A QR code will display.
Open Yubico Authenticator on your computer, insert your YubiKey into a USB port, click the Configure YubiKey button in the top right of the app
Then click Add account
Scan the QR code with Yubico Authenticator
Click Save to accept all the default settings. You should see a new entry in your Yubico Authenticator with the name Microsoft and the MFA code displayed.
Back in the web browser, click Next and copy or enter the 6 digit code that displays on your Yubico Authenticator app, and you're done.
If successfully registered, you should see a green box appear in the top right of your browser window
Now you're able to use your YubiKey for MFA when you sign into your Stout email. You can use the YubiKey to setup MFA for different applications and services that are compatible with it. Just remember that the YubiKey must be inserted into your computer's USB port for the Yubico Authenticator app to display your codes - the codes themselves are stored on the YubiKey device, so if it's lost, the MFA codes are lost and you will need a new YubiKey as well as a Temporary Access Pass from the helpdesk to set it up again.
Please read the rest of this article if you haven't yet for more information.

Before you begin: Your Use Case

So, you've decided to keep your Stout email and have agreed to do your yearly security training and enable Multi Factor Authentication (MFA) to keep your account active. You didn't use the Microsoft app for MFA, so you appealed for and received your only complimentary fob (the one-time pass code generating device). You're reading this now because your fob stopped working, broke, got stolen or lost. Life happened. Now, you're unable to get into your account because your only multi factor authentication method is unavailable. To make matters worse, that first fob was an initial complimentary service of meeting the MFA requirement to keep the grandfathered account active, and this service is no longer being offered!

You're probably thinking: How will I keep my account if I do not have my fob for MFA, and I don't have or don't want to use a smartphone?

MFA Options Going Forward

As part of Stout's information security standards, strong MFA is a strict requirement for all accounts. That means you have a few options to keep the account active once the complimentary fob reaches the end of its lifespan. Please review the following options and consider:

Obtain a smartphone in order to install the Microsoft Authenticator app in order to use MFA.
1. Pros:
  The Authenticator app is the most secure option. It requires you to physically see the 2-digit number at the login screen, such that if a malicious actor had access to your username and password and were attempting to impersonate you remotely, you are unlikely to accidentally grant them access by tapping "accept" at the MFA prompt on your phone, as you are required to type in the number presented at the login screen. This prevents "MFA fatigue" attacks and keeps your account firmly in your possession.
  You can utilize the camera to take pictures of your cat. Or your friends' cat.
  You can browse the web to look at pictures of cats.
  You can use secure MFA for other personal logins like petsmart.com so you can securely buy cats and cat accessories.
2. Cons:
  The cost of purchasing (even if you're buying a low-end smartphone), setting up, and maintaining a smartphone is untenable for some, and/or inconvenient for most who are reading this.
  You may become addicted to cats.
Obtain a YubiKey or another 3rd party MFA token (note we can only help support YubiKey as the helpdesk does not have omniscient knowledge of every MFA device that exists, anything else you choose is at your own risk and maintenance). TheYubiKey 5 NFC by Yubico is an industry renowned MFA device used by large companies down to individuals around the world. It is a small, portable, electronic key that can be plugged into the USB port on your computer and allows you to utilize a Windows, Linux or MacOS desktop application to generate a One-time pass code that can be copy-pasted into the MFA code field at the login screen of your Stout email without any sort of mobile device. The YubiKey essentially replaces a mobile device as the "Thing you own" factor of authentication.
1. Pros:
  It's affordable. YubiKey 5 Series devices are between $50-60 or about the cost of a couple of family trips to McDonald's.
  It's portable, easy to loop on a keyring to be carried with you.
  It's easy to use. Just plug it in, open the app, and copy the code.
  It's durable and extremely tough, just like your other metal keys. Mine lives on my keychain and has gotten wet, has been dropped many times, and rubs against the other keys and objects in my pocket all day, every day.
  It can be used with your other personal apps. Don't just secure your Stout email, secure everything!
2. Cons:
  Requires a trivial amount of setup.
  It can be more easily misplaced if you're prone to losing things.
Transfer off your grandfathered Stout email - you can receive a short-term Temporary Access Pass granted by a support member at the Tech Help Desk in order to access your email in order to transfer any account logins, documents, messages, contacts, etc. to a personal non-Stout email account and let your Stout account expire.

I've selected an option. Now what?

If you ultimately decide to use a smartphone, we have some other articles that discuss setting up the Microsoft Authenticator on Android and iOS linked here: Microsoft Authenticator: Enrollment Using a Mobile Device

If you decide to go with the YubiKey option, feel free to purchase your preferred type. You'll need to go to the bottom of the page here to find the download for your desktop computer. Then, you'll follow the steps to add a 3rd party authenticator to your Stout branded Microsoft account (i.e. your Stout email account). Please see the official documentation for that here for further help:
https://docs.yubico.com/software/yubikey/tools/authenticator/auth-guide/oath.html#adding-a-new-account
https://www.yubico.com/works-with-yubikey/catalog/microsoft-accounts/#setup-instructions

If you decide that the above isn't worth the cost/time/effort, then (if you still have access to your account) you may freely migrate any data from your mailbox. If you need temporary access, please reach out to the Tech Help Desk and ask for a Temporary Access Pass (TAP) code to access your account in order to migrate your data.

Keywords:

alumni authentication mfa 2fa yubikey

Doc ID:

137804

Owned by:

Isaiah K. in UW Stout
KnowledgeBase

Created:

2024-06-10

Updated:

2025-10-29

Sites:

UW Stout

0 0 Comment Suggest new doc