For the past couple of months, we have shared the benefits of Microsoft Authenticator. Governance has chosen that Microsoft Authenticator, with its improved feature set, will be the primary Multi-Factor Authentication (MFA) solution for the University starting in Spring 2026. For most of us, this will allow us to leave Duo Security—except for a few situations, like using High-Performance Computing, where Duo Security will still be required.
The Passwordless Advantage
While the switch is still months away, you can begin taking advantage of Microsoft Authenticator’s improved features immediately. Once you join the Early Adopters Group , you can enroll your device and start using passwordless sign-in with a passkey, and you’ll no longer need to enter your password. You can approve the sign-in request using Face ID, Touch ID, or your device passcode. Another advantage is the seamless integration to have it sync to your other devices.
Thinking about getting a new phone over the holidays? Microsoft Authenticator, with a synced passkey, stores your passkey securely in a trusted password manager or device keychain and can be used across multiple devices. This allows you to easily restore when you get a new phone or computer and still be protected by Face ID, fingerprint, or PIN. But don’t worry, synced passkeys do not give SMU control over your phone or computer, nor do they allow access to personal files, apps, messages, or location. Synced passkeys are designed to be highly secure and resistant to phishing.
To ensure your device is compatible, it must meet the following criteria:
| Platform | Built-in Passkey Option | Minimum Requirement | Notes |
|---|---|---|---|
| iOS | iCloud Keychain | iOS 16 or later | Automatic if iCloud Keychain is enabled |
| macOS | iCloud Keychain | macOS 13 (Ventura) or later | No extra setup required |
| Android OS | Google Password Manager | Android 9 or later | Built in on most devices |
| Windows OS | Google Password Manager (Chrome) | Latest Chrome browser | May require signing into Chrome |
| Password managers (1Password, Bitwarden, LastPass) |
App or browser extension | Varies by provider | Desktop may require an extension; mobile requires app |
Please be aware that to create a synced passkey on a macOS or iOS device, iCloud Keychain must be enabled to allow you to securely store your passkeys using end-to-end encryption. Again, this does not give SMU access to your personal data or Apple account.
If your device doesn’t meet these requirements, you can still use the typical device-bound passkey or another available sign-in method. And if you happen to find yourself with a new phone or device and don’t have the benefit of syncing those passkeys, you can still use your old device to restore Authenticator on a new device. If you no longer have the old device, you will need to call the IT Help Desk at 214-768-HELP (4357), and once they verify your identity, the specialist can assist with setting up Authenticator on your new device.
Not sure and want some assistance to walk you through the process? The IT Help Desk in Fondren Library can answer your questions and help get you enrolled with Microsoft Authenticator, and, as always, if you need technology assistance, feel free to contact the IT Help Desk.
