Information Technology A to Z Index IT Service Support Request

Two-Factor\Multi-Factor Authentication (2FA\MFA) Basics

Multi-factor authentication (MFA) and two-factor authentication (2FA) are security processes that require individuals to provide two or more authentication factors before granting access to an account or system. These authentication factors typically fall into three categories:

Something You Know:

-Password
-PIN
-Personal identification questions

Something You Have:

-Mobile device
-Smart card
-Hardware token

Something You Are:

-Fingerprint
-Retina scan
-Facial recognition

By combining these factors, MFA significantly enhances security by making it much more challenging for cybercriminals to gain unauthorized access.  There is even something called an MFA Fatigue Attack, where cybercriminals repeatedly push notifications to your email, phone, or registered devices to coerce you into confirming your identity via notifications so they can enter accounts or devices.

The Importance of MFA in a University Environment

Universities store a vast amount of sensitive data, including student records, research findings, financial information, and more. This makes them prime targets for cyberattacks. MFA plays a pivotal role in ensuring the integrity and confidentiality of this data for several reasons:

Protection of Student Data: Student records and personal information must be safeguarded to comply with legal regulations like FERPA (Family Educational Rights and Privacy Act). MFA adds an extra defense against unauthorized access to these sensitive records.

Securing Research Data: Universities are hubs of innovation and research, often conducting groundbreaking studies. MFA prevents unauthorized access to valuable research findings and intellectual property, protecting academic progress.

Mitigating Phishing Attacks: Phishing attacks are a common threat in the education sector. MFA helps counter phishing by ensuring that even if attackers acquire passwords, they still cannot gain access without the second authentication factor.

Why MFA is Required for Employees

Universities require MFA for their employees to ensure the highest level of security for institutional data and resources. Here are some key reasons why MFA is mandatory for employees:

Protecting University Systems: Employees often have access to critical systems, administrative dashboards, and confidential information. MFA ensures that only authorized personnel can access these systems, reducing the risk of data breaches.

Compliance: Many regulatory bodies require educational institutions to implement strong security measures. MFA helps universities adhere to these regulations and avoid potential penalties for non-compliance.

Setting an Example: By requiring MFA for employees, universities set a strong security precedent, encouraging best practices and enhancing the overall cybersecurity culture on campus.

Why MFA is Required for Students

Student data security is equally important, and universities have compelling reasons to mandate MFA for their students:

Personal Data Protection: Students' personal information, including financial data and transcripts, must be safeguarded. MFA helps ensure that only authorized individuals can access this information.

Academic Integrity: Preventing unauthorized access to student accounts and academic records is vital for maintaining the integrity of the educational process. MFA makes it much harder for unauthorized individuals to manipulate or steal academic information.

Educating Future Professionals: By requiring MFA, universities prepare students for the professional world, where data security is paramount. Teaching students the importance of MFA sets them on becoming responsible digital citizens.

Multi-factor authentication is a critical security measure that safeguards universities and their stakeholders from cyber threats. Its importance in a university environment cannot be overstated, as it protects sensitive data, mitigates risks, and ensures a secure academic and administrative landscape. Requiring MFA for employees and students demonstrates a commitment to data security and sets the stage for a safer digital future within the academic world.

For more information: Two-factor\Multi-factor authentication-Master List of Knowledgebase Articles

 I can’t authenticate using my preferred options, how do I switch to an alternative method?

Sometimes you don’t have the phone or device you set up as your preferred verification method.  This situation is why we recommend that you set up backup methods for your account.  Follow the steps below to sign in with an alternative method.

  1. Sign in to Office 365 using your username and password.

  2. Select I can’t use my Microsoft Authenticator app right now or Sign in another way

  3. You will see different verification options based on how many you have set up.  Choose an alternative method and sign in.

 

What authentication options are available at EKU for 2FA?

  1. Microsoft Authenticator App.  This is the recommended method and the easiest to use.  Simply approve a push notification on your smartphone to log on.  NOTE: Do not approve notifications you are not expecting! 
  2. Other Authenticator Apps.  There are a number of other compatible apps available for smartphones.  A 6-digit code is entered at logon.
  3. Cell Phone Text Message.  A text message is sent to a cell phone with the 6-digit code required to logon.
  4. Phone Call.  An automated phone call is used to approve the login.  This can go to a cell phone or landline.   
  5. YubiKey.

What if I don’t have access to a phone?

On those occasions when you have no direct access to your mobile or alternative phone or email to verify your Office 365 credentials, please contact:

IT Service Desk - 1-859-622-3000

Or 

EKU Geeks - 1-859-622-4335

What if I’m offline? 

When you have no cellular, Wi-fi, or wired Internet and are prompted to verify your Office 365 credentials, you can still use the Microsoft Authenticator app on your phone to view a rolling, one-time password that you can enter as verification.  These one-time passwords are generated even when your phone is offline.