Password Guidelines for RDS and VPN and How to Change your Default Multi-Factor Authentication (MFA) Method
MFA also known as Two-Factor Authentication (2FA) is a method of establishing access to resources by verifying your identity using two methods of authentication such as username and password, and then approving the logon via your mobile device. When using Cardiff Met’s Virtual Private Network (VPN) or Remote Desktop Services (RDS) with MFA authentication, there are a couple of extra steps you need to perform before utilising the services.
First, you will need to make sure your password does not include any illegal characters as outlined below in the password guidelines. Also, you will need to confirm your MFA authentication method is using either the Push notification via the Microsoft Authenticator application or phone call, if you are using the Text (SMS) method it will not work.
You will need to be connected to the internet to receive the push notifications, if this is not an option then you will need to use the phone call method.
Password Guidelines
You will need to make sure your password does not contain certain characters as this can cause logon errors when accessing RDS or VPN. If your password does contain any of the illegal characters listed below then it should be changed. Details of supported and illegal characters are listed below, and further password guidance can be found at
https://study.cardiffmet.ac.uk/IT/Pages/IT-Security.aspx (under the
Keep IT Safe heading)
Characters allowed
• A – Z
• a – z
- • 0 – 9
- • @ # $ % ^ & * - _ ! + = [ ] { } | \ : ‘ , . ? / ` ~ " ( ) ;
Illegal characters and patterns that are not allowed (this is not a comprehensive list)
• Unicode characters such as á Á € É Ú Í Ö Ӫ £
• Empty Spaces (spacebar)
• Cannot contain a dot character "." Immediately preceding the "@" symbol.
• The £ “Pound sign” is not an accepted character.
• The following password as an example would not let you logon: “JUp.@£p13!
Virtual Private Network (VPN) and Remote Desktop Solution (RDS) Multi-Factor Authentication (MFA) requirements
The secure RDS and VPN requires MFA, however, RDS and VPN software itself will
NOT notify you that MFA approval is required, so as soon as you click connect, you will need to have your mobile phone ready to approve an MFA request (in the same way you access Office 365 services).
We recommend having the authentication application (Microsoft Authenticator app) open in readiness for this step, as it can make receiving the MFA request quicker.
Please note that the VPN and RDS do not support SMS (text message) authentication, as it is less secure.
The available MFA methods are:
• Microsoft Authenticator Application
• Phone – Call
If you currently use the SMS – Text method for approving your MFA logons, then you will need to stop using this method and use one of the two approved methods - keep reading to learn how to change your default method.
How to change your default MFA method
How to change your preferred MFA method
Please go to https://mysignins.microsoft.com/security-info and amend your default method, click Change and select either:
• “Phone – Call”
• or “Microsoft Authenticator – Notification” (the recommended method)
It is possible that you may need to setup a new method, if this is the case, then you can follow the guides here: https://study.cardiffmet.ac.uk/IT/Flash/Pages/MFA.aspx
and select Microsoft Authenticator method or Phone call method.
The Microsoft Authenticator is the recommended method, as this is the most secure, and reliable option.
Security information
1.
Do not share your credentials or MFA details, or any other account information with other users, doing so will place the security of corporate systems and data at risk and contravenes the University’s
IT Acceptable Use Policy. If someone requires access to the same systems, they can log a call with the IT helpdesk who will grant access.
2. Never select Save your password. You should never click save password. Saving your password will make your system vulnerable, making it easier for unauthorised people to connect to our network and perform illegal activity. It is your responsibility to make sure your account is secure and safe.
