The two-factor authentication (2FA) significantly reduces the risk of unauthorized access because even if the password is compromised, the attacker won't be able to access the account without the second factor. 2FA is one of the most effective ways of protecting sensitive information and preventing computer attacks.
-
- About Us
- Regulations
-
IT Services
- Accessibility and Disability
- Web Apps
- Teaching Support
- U.Porto Card
-
Accounts and Passwords
- Web Hosting
- Change/Recover Password
- Institutional Authentication
- Email Account (Lecturers and Staff)
- Email Account (Students)
- Email Account Limits
- Configure Forwarding in Microsoft Outlook 365
- Google for Education
- HPC and Grid Computing
- Virtual Machines to Support Teaching and Research
- Microsoft Office 365
- Second Authentication Factor
-
Printing
- Logging In to Printing Devices
- Load Quota
- Copying
- Scanning
- Web Printing
- Printing (Release Jobs to Print Devices)
- Printing From Institutional Equipment (Using PaperCut MF Client)
- Printing From Personal Devices (Installing Mobility Print)
- Printing From Personal Devices with Linux Operating System (Installing Mobility Print)
- Pricing
- Printing Service
- Website of the Printing Service
-
Networks and Connectivity
- Mobile Communications
- Wired Network
- Telephony (VoIP)
- VPN - Android (Manual Configuration)
- VPN - Android (FEUP Manual Configuration: SSL Check Point® Capsule)
- VPN - iOS (Automatic Configuration)
- VPN - iOS (Manual Configuration)
- VPN - iOS (FEUP Manual Configuration: SSL Check Point Capsule)
- VPN - Mac (Automatic Configuration)
- VPN - Mac (Manual Configuration)
- VPN - Mac (FEUP Manual Configuration: SSL Check Point Endpoint)
- VPN - Windows (Automatic Configuration)
- VPN - Windows 10 (Manual Configuration)
- VPN - Windows 10 (FEUP Manual Configuration: SSL Check Point Capsule)
- VPN - Windows 10 and 11 (Manual Configuration ICBAS and FFUP: SSL Check Point Endpoint)
- VPN - Windows 7 (Manual Configuration)
- VPN - Ubuntu (Manual Configuration)
- VPN - Ubuntu (FEUP Manual Configuration: PPTP)
- Wi-Fi
-
Information System
- Accessing your personal page
- Accessing Course Unit Fact Sheets
- Updating Personal Data
- Authentication (Login)
- Configuring your personal data
- Confirm Personal Data
- Viewing your current account
- Viewing your timetable
- Viewing your academic path
- Consulting Periods of Limitation
- Creating a multipurpose declaration
- Insert/Change Photo
- Integration of Course Units with Moodle and Microsoft Teams
- Requesting a certificate
- Requesting a digital certificate
- Requesting a [email protected] Pass
- Software
- Documentation and Information Resources
-
Cyber Security
- Report Incident
-
Computer Security and Privacy
- Antivirus
- IT Security Audit
- Client Digital Certificates - Sign Email Messages
- Client Digital Certificates - Digital Signing of Documents (Non-Qualified Digital Signature)
- Client Digital Certificates - Install
- Client Digital Certificates - Obtaining a Certificate
- Client Digital Certificates - Revocation
- Digital Certificates for Servers
- Policies and Good Practices
- Data Protection
- Tutorials
- Help and Support
- Contacts
Create a second authentication factor with a mobile phone
To add a second authentication factor (2FA) on your mobile phone (Android, iPhone, or even iPad) to your Microsoft 365 profile:
- Install Microsoft Authenticator on your Android or iPhone/iPad mobile phone;
- Go to the security area of your Microsoft profile (regular authentication);
- Add a new sign-in method;
- Choose Microsoft Authenticator;
- Proceed with the remaining steps.
If you prefer, watch the video on the 2FA registration process.
If, in the above procedures, you validated the 2FA you created using the digits you were asked for, you are done, and the 2FA is registered.
See the instructions below if you don't want to install an app on your mobile phone.
Test the second authentication factor
In the voluntary 2FA registration phase, not all Microsoft applications ask for the second factor. At this stage you can test it by accessing Azure:
- Log in to the Azure portal to be prompted for the 2nd factor;
In the mandatory phase for second factor, you will be asked for it the first time you access any Microsoft 365 tool. In the Teams and OneDrive applications, you may be immediately prompted to re-authenticate using 2FA.
Create a second authentication factor without a mobile phone
- Install the desired application on your computer (we suggest 2FAGuard for Windows, the native Passwords application for Mac, or Authenticator for Linux);
- Go to the security area of your Microsoft profile (normal authentication);
- Add a new sign-in method;
- Choose Microsoft Authenticator;
- Indicate that you want to "use a different authentication application";
- Proceed with the remaining steps.
If you wish, you can see the previous steps in more detail, applied to 2FAGuard for Windows.
Important Note: we do not recommend using the 2FA application on the same computer as the 2FA application, as this makes the procedure less secure.
One of the safeguards of 2FA is to separate it as much as possible from the first one, so using a different device is preferable (e.g. a mobile phone). See Microsoft's explanation of why Microsoft Authenticator is unavailable for PC or Mac. See also the last FAQ, I can't use my mobile phone, nor do I have another computer to use the second factor application. How can I use the second factor?.
Frequently Asked Questions (FAQ)
Multiple factors can determine the frequency of 2FA re-authentication, such as changing passwords, computers, applications, etc.
If you work on the same computer every day and the computer is registered in the AD U.Porto, managed by UPdigital, authentication on Microsoft Teams, OneDrive, and Edge will be requested again within a window of up to 90 days. The frequency will increase if these conditions are not met.
Microsoft has more information on re-authentication prompts and session lifetime for Microsoft Entra multifactor authentication.
If there is a problem with your mobile phone/computer, this backup allows you to reconfigure 2FA on your own without having to call the HelpDesk.
Yes. You can configure Microsoft Authenticator on your mobile phone and an application on the desktop at the same time. At any time, you can access the security area of your Microsoft 365 profile and check/add/remove the devices you have associated with carrying out 2FA on your account.
You can install another application with TOTP support, such as Google Authenticator. You must follow the process of Create a second authentication factor without a mobile phone, using the TOTP application installed on your mobile phone.
If you haven't made a backup, contact the HelpDesk so that you can reset the 2FA associated with your account. After the reset, you should configure 2FA again according to the instructions above. Please note that this reset may take a few hours to take effect.
If you haven't made a backup, contact the HelpDesk so that you can reset the 2FA associated with your account. After the reset, you should configure 2FA again according to the instructions above. Please note that this reset may take a few hours to take effect.
You don't need to change it. The 2FA will work as before.
In the authentication process, select ‘I cannot use my Microsoft Authenticator application at this time’.
Choose ‘Use a verification code’ and enter the code generated by the application.
Yes. Configuration is possible on both computers. You can configure them as different devices or export the authentication from one application and import it into the other.
See the information provided by Microsoft in its questions and answers about Authenticator, specifically what data Microsoft Authenticator collects and stores on my behalf and how I can delete this data.
2FA, mobile phone or application, works without being connected to the internet. You don't need anything other than your mobile phone or application on your computer. See the answer from Microsoft regarding sign in responses.
This is a common error. Click ‘Continue’ and the authentication process should be complete.
Yes, you can have 2FA configured on both accounts. With Microsoft Authenticator, the validated code is the one currently being verified for the account being accessed.
You need to go to your profile, security area and ‘Add sign-in method’. Once you have completed the steps, you can delete the registration associated with the mobile phone you want to remove.
Never remove 2FA authentication on a device without having at least one other already configured.
Yes, you can register several devices for 2FA authentication. Go to your profile, security area and do ‘Add sign-in method’ to register other authentication methods, which can be a second mobile phone or another application that supports 2FA authentication.
As mentioned above, the advantage of using the second factor is to have it separate from the first factor (the password). We therefore advise against using the 2FA application on the same computer.
However, the existence of the second factor is an added security factor compared to just the password. The suggested applications, once installed, require a password to be accessed, i.e. they have extra protection when logging into the computer. It is therefore preferable to use the 2FA application on the same computer where the second factor will be requested, rather than not using the second factor at all.
If your question still hasn't been answered, see also Microsoft's questions and answers about Authenticator.
Suggestions:
- Why isn't Microsoft Authenticator available for PC or Mac?
- Do I need to be connected to the Internet to use Microsoft Authenticator?
Over there see also the menu on the right where you'll find more information about using Microsoft Authenticator.
If you still have problems, you can also send an email to [email protected].