MENU
 Remember!
1. NEVER give your passphrase to anyone.
2. Be wary of unsolicited email attachments.
3. DO NOT reply to emails requesting personal information.
4. If you receive a notification for verification, and you are not logging in to your account, DO NOT VERIFY.

Multi-Factor Authentication (MFA) and Student Email

Voluntary enrollment now until Tuesday, February 13, 2018.

After February 13, you will receive an email one week in advance of your account being automatically enabled.

After your account is enabled, you will be unable to access your email until MFA is configured. See the instructions below.

Your ECU email account requires that both your passphrase and a response from your phone be used to verify your identity when logging in from off campus.

This process makes your account more secure. A hacker needs not only your ECU user name and passphrase, but a second piece of information as well.

Set up your Preferred Method

Choose your preferred method of identity verification during the 3-step enrollment process. Step 1 sets up your MFA method, Step 2 verifies that it works and Step 3 generates an app password for logging in to mobile email. Step 3 is optional for some users.

Important! Complete enrollment from a computer browser on or off campus.

You can change your preferred MFA method later through the Office 365 settings or set up a secondary method of verification (2 verification methods are recommended).

Method How it Works
Multi-Factor Verification Methods (Steps 1 and 2)
Phone Call*
After signing in to mymail.ecu.edu using your PirateID and passphrase, Microsoft calls your phone. Click the pound (#) key to verify your identity.
Mobile Phone Text*
After signing in to mymail.ecu.edu using your PirateID and passphrase, Microsoft texts a 6-digit code to your mobile phone. Enter the code to verify your identity. Carrier text messaging rates apply.
Mobile App*
Download the Microsoft Authenticator app to your mobile. After signing in to mymail.ecu.edu using your PirateID and passphrase, either tap verify in the app or use the one-time password to verify your identity. Standard message and data charges from your carrier may apply.
App Passwords (Step 3)
App Password
Windows phone, Android, iOS
System-generated password replaces your ECU passphrase in mobile email settings and other apps for which there is no sign-in screen. If you don't log in to an app through the purple MyMail page, you need an app password.

Use one app password per device.

*Lose, damage or change phone numbers? See below for reset instructions.


Instructions

Printable Instructions

Click a purple bar for drop-down instructions.

For early enrollment, you must enable MFA for your account through the ECU passphrase maintenance website.

  1. Log in to pirateid.ecu.edu from a computer browser on or off campus.
  2. From the maintenance main menu, click the Multi-Factor Authentication (MFA) button.

  3. Click the Enable Multi-Factor button. Continue the enrollment process using the instructions below.


You may now log out of the passphrase maintenance website and continue to Begin Enrollment.

  1. Log in to mymail.ecu.edu from a computer browser on campus or off campus.
  2. Click the Set it up now button.
  3. The Additional security verification dialog box opens. Complete Step 1 by choosing which method of verification you will use: phone call, mobile text or authentication app.*


 

Step 1 of the Additional security verification dialog box states, "How should we contact you?"
  1. From the drop-down menu immediately under Step 1, select Authentication phone.
  2. Select your country or region from the drop-down.
  3. Enter your mobile number into the text box.
  4. Choose your preferred method of contact: 1) Send me a code by text message, or 2) Call me.
  5. Click the Next button.
Step 2 states, "Let's make sure we can reach you on your phone."
  1. Phone call. Screen says, "We're calling your phone." Answer and press the pound (#) key.
  2. Text. Screen says, "We've sent a text message to your phone."
  3. MFA is now set up on your account. Click Next to continue to Step 3. Standard message and data charges from your carrier may apply.

*There is also an office phone option.

  1. Download the Microsoft Authenticator app from your device's app store. Available for Android, iOS and Windows Mobile.
Step 1 of the Additional security verification dialog box states, "How should we contact you?"
  1. From the drop-down menu immediately under Step 1, select Mobile app.


  2. Choose your preferred method of contact: 1) Notification, or 2) One-time password. Note: The Notification feature of the Authenticator app could use your cell data, but the one-time password does not.
  3. Click the Set up button.
  4. The Configure mobile app dialog box opens in the computer browser.


  5. Launch the Microsoft Authenticator app on your mobile device.
  6. From your mobile device, choose: 1) Scan Barcode, or 2) Enter Manually.
    Scan Barcode opens the device camera.
  7. Scan the barcode on the computer screen with your mobile camera or enter the information into the mobile app manually.
  8. Click Done. The Configure mobile app dialog box closes.
  9. Click Contact me on the mobile device.
  10. Microsoft sends a notification or verification code (whichever you chose). Click Verify, then Close.
  11. From the Additional Security Verification dialog box (Step 1), enter your mobile number and specify your country/region. This allows you to access your account if you lose access to the Authenticator app.

Multi-Factor Authentication is now set up for your account. Click Next to continue to Step 3.

After MFA is enabled, your ECU passphrase no longer works for mobile email and other apps for which there is no sign-in screen. Step 3 generates a random password that replaces your ECU passphrase in your email settings.

Follow the instructions below to replace your ECU passphrase with the new app password. Use one app password per device.

Step 3 states, "Keep using your existing applications."

Note that an app password has been automatically generated.

  1. Copy this app password immediately - you will only see it until you press "Done."
  2. Open the Settings on your mobile device. Replace your ECU passphrase with the app password in the email account setup. YOU DO NOT NEED TO SET THIS UP FOR OUTLOOK, JUST YOUR DEVICE'S MAIL APP.
  3. Use this same password for any other non-browser accounts on this mobile device.



  4. Click Done.

Generate additional app passwords through Office 365 settings if you own additional mobile devices. You need one app password per device.

An App Password replaces your ECU passphrase for accounts configured in the settings on your mobile device. Examples include the native email app that comes with your mobile phone, like Apple Mail (NOT Outlook). 

NOTE: If you don't see the purple login page (mymail.ecu.edu) to sign in to an app, then replace your ECU passphrase with an app password in your device's settings.

The first app password is automatically generated during MFA setup, but you may need more than one in the following situations:

  • You didn't immediately use the first one generated during MFA setup, and it disappeared (if you leave the final screen before copying the app password, you will never see it again).
  • You have more than one mobile device - Use a different app password for each device.
  • You bought a new device.

  1. Log in to the Security and Privacy settings of your Office 365 account.
  2. Click the app passwords tab, and click the Create button. The Create app password dialog box opens.

  3. Type a name to represent the device and click next.
  4. Paste the new password to your clipboard or make note of the new app password (you only see it once!). Click close.
  5. Within Settings, replace your ECU passphrase with the new password you just created.

App passwords can be deleted and created at your discretion.

You can change your preferred method of MFA verification or add a secondary verification method (more than one method is preferred) at any time through the Office 365 settings.

  1. Log in to mymail.ecu.edu.
  2. Click the Settings icon from the toolbar.
  3. Click the Office 365 link in the Your app settings category. The Settings page opens.



  4. Click the Security & Privacy item on the left of the screen.



  5. Click the Additional security verification link. The Approve sign in request dialog box opens. Be sure to click the Don't ask again for 60 days checkbox. This identifies the device as trusted, and you are not required to authenticate this device for 60 days.



  6. The next dialog box has two tabs:
    • Additional security verification, and
    • App Passwords
  7. From the preferred option drop-down, choose a different authentication method, if you like.
  8. Choose one or more response options.
  9. Click Save when you are done.


     

If your authentication device is lost or the number changes, follow these instructions to reset MFA for your account. Resetting removes MFA from your account. You will then re-enroll.

  1. Log in to pirateid.ecu.edu and answer your security questions. The main menu opens.
  2. Click the Multi-Factor Authentication icon. The Reset MFA screen opens.



  3. Click the Reset Multi-Factor button. This removes MFA from your account. You will see this message: "Multi-Factor Authentication was successfully reset for Your ECU email address.
  4. Log in to mymail.ecu.edu from a computer browser and re-configure MFA.

Once you "trust" a device, you are not prompted for verification on that device for 60 days.

If a trusted device is lost, log in to your account and click the Restore button from the Additional security verification dialog box to remove the "trust" and force MFA verification on the lost device. This way, if someone finds your lost trusted device, he/she cannot access your account.



Frequently Asked

Through initial enrollment, you configure your primary method of verification. However, it is advisable to set up a secondary form of verification in case your primary method is ever unavailable.

For example, you are trying to access Office 365 over WIFI with no cellular service. In this case, you can use the authenticator app to get a code for verification.

See the instructions for details.

During the authentication process, you can check a box to make your mobile a "trusted device." You are not required to go through the MFA process from this device for 60 days.


If you lose, sell or change a trusted verification device or change the number, see the instructions on this page to remove the "trusted" status from the device.

Find a computer and log in to pirateid.ecu.edu. You can reset the verification device from this site. 

See the instructions on this page.