Overview
The use of Microsoft Authenticator for Multi-Factor Authentication (MFA) is a standard security measure widely adopted by institutions, including educational, financial, and government organizations. It is designed to protect your account with a higher level of security.
Microsoft Authenticator does not have access to your personal data beyond what is necessary for authentication. The app's request for your phone's password during installation is to ensure the security of your device, not to access your personal information.
The app adheres to strict privacy and data protection regulations, including those set by Canadian law, ensuring that your data is handled securely and responsibly.
The requirement to use a specific MFA method is based on the need to protect sensitive educational data. Passwords alone are insufficient to prevent unauthorized access, especially in the context of increasingly sophisticated cyber threats.
Alternative methods like SMS-based codes are less secure and more vulnerable to interception. Microsoft Authenticator provides a more robust form of protection. The measure is in place to protect the integrity of your account and personal data in compliance with Canadian law.
The decision to enforce Microsoft Authenticator as the primary method of 2FA is based on best practices and institutional policy, which are in place to ensure the highest level of security for all users.
While we understand some users' preference for an alternative method, the security risks associated with less secure options necessitate the use of Microsoft Authenticator.
From Microsoft
What Data does Microsoft Authenticator collect and store on my behalf and can I delete this data?
Authenticator collects three types of information:
- Account info you provide when you add your account. After adding your account, depending on the features you enable for the account, your account data might sync down to the app. This data is stored on your device and can be removed by removing your account.
- Non-personally identifiable usage data, such as aggregate details about success or failure of important operations that are used to detect decreased reliability and bugs. This minimal data is needed to keep the app updated and secure. You need to accept the notice of this data collection when you use the app for the first time. You can also allow the sharing of additional non-personal usage data by turning on the “Usage Data” toggle button on the app's Settings page or when you use the app for the first time. This data allows our engineers to improve the app in ways that are important to you. This setting can be turned on or off at any time.
- Diagnostic log data that stays only in the app until you select Send feedback in the app's top menu to send logs to Microsoft. These logs can contain personal data such as email addresses, server addresses, or IP addresses. They also can contain device data such as device name and operating system version. Any personal data collected is limited to information needed to help troubleshoot app issues. You can browse these log files in the app at any time to see the information being gathered. If you send your log files, Authenticator engineers will use them only to troubleshoot customer-reported issues.
For more information, review the Microsoft Privacy Statement, and Microsoft's FAQ.