Make a Gift

Frequently Asked Questions – Multi-factor Authentication

What is Multi-Factor Authentication?

Multi-Factor Authentication refers to an additional layer of security that is added to the login process.

MFA relies on two forms of authentication: something you know, and something you own or have with you. The something you know is your C-GCC username and password. The something you have with you can be a mobile device, tablet, or landline phone. This means that even if your password is hacked, your account will be more secure.

You may have already used MFA while accessing account information on your bank, shopping, and online gaming website or app. Today, many organizations are using MFA to verify the legitimacy of a login by sending a push notification or one-time passcode (OTP) to the account owner who will use the notification information to login to their account.

Who needs to set up MFA?

All students and employees using Office 365, Brightspace, Banner Self Service, Degree Works, Circle In, and the College VPN are required to use MFA.

What are my authentication options?

You will be able to choose a primary authentication method when you register, which you can change or update at any time. We highly suggest students use the Text Messages option. Employees with a college provided laptop MUST use the Microsoft PUSH notification option. Other employees are free to use whatever method they choose but we strongly recommend the text message option.  International users should use the Microsoft Authenticator Application via their phone. Current options are outlined below:

Verification MethodDescription
Mobile Notification
(Microsoft Authenticator Application Required)
A push notification is sent to the authenticator app on your smartphone asking you to Authenticate your log in.?(This option is required for C-GCC employees with college owned laptops).
Verification Code
(Microsoft Authenticator?Application Required)
The Mobile Microsoft Authenticator app will generate a verification code that updates every 30 seconds. You will be asked to enter the most current verification code in the sign-in screen.
Text MessagesA text message with a 6-digit code is sent to your cell phone that you will input to complete the authentication process.  (This option is recommended for students and employees without college owned laptops).
Phone CallsA call is placed to your cell phone asking you to verify you are signing in. Press the # key to complete the authentication process.

You may also want to add a backup authentication method, like an additional cell phone number, to help you access your account in case you forget or lose your device.

Can I use my Personal Device to set-up MFA?

Yes. Employees must use the Mobile Notification option (or Microsoft Authenticator Application) in conjunction with VPN access.  To learn more, visit the “Download and Install the Microsoft Authenticator App” page where you will find instructions on how to download the app for your Apple or Android devices. Students are encouraged to use the Text Message option but may also use the Authenticator Application if they prefer.

What if I don’t own a mobile phone?

If you do not own a mobile phone or device, you can choose to authenticate through a home or work landline phone number.

What if I do not activate Two-Factor Authentication?

Since MFA is required for Office 365, Brightspace, Banner Self Service, DegreeWorks, Circle In, and the College VPN (Virtual Private Network), you will not be able to access these applications using your C-GCC credentials if you do not activate MFA.

What if my question hasn’t been answered in these FAQs?

If you have a question that has not been answered, please email the Registrar’s office at for additional help.


Authenticate – Verifying the identity of a person or device.

Application – A software program that runs on your computer.

Cyberattack – An attack that targets computer information systems, computer networks, and systems.

FOB – A security key that can be used to authenticate your identity.

Malware – A malicious software program designed to damage or do other unwanted actions on a computer system. A virus is a type of malware.

Multi-Factor Authentication (MFA) – An authentication method in which a device user is granted access to a website or application only after successfully presenting two or more pieces of evidence authenticating their identity.

One-Time Passcode (OTP) – A code that is valid for only one login transaction or session.

Personally Identifiable Information (PII) – Information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. Data that can be used to identify a specific individual.

Phishing – An online scheme aimed at tricking a person into providing sensitive information to scammers.

Ransomware – According to the FBI, ransomware is a type of malicious software, or malware, that prevents you from accessing your computer files, systems, or networks and demands you pay a ransom for their return.

Self-Service Password Reset (SSPR) – Automates account access recovery (password reset) without needing IT.

Single Sign-on (SSO) – Access to applications through one username and password.

Spear phishing – A targeted cyberattack where scammers send detailed emails to specific individuals or groups within an organization that look like they are coming from a trusted sender. The goal is to steal account credentials, and personal identifying and sensitive information.

Two-Factor Authentication (2FA) – a security system that requires two distinct forms of identification are used   to access a computer system.