Two-factor authentication to limit the threat of hacking
Jessica Guerrucci — Managing Editor
A flood of spam emails, threats of hacking, account security issues and these all may come to an end with a new program that will change the way students log into their Southern accounts.
“In essence, MFA is going to verify your identity by prompting you for an additional factor when you log in,” said director of Cloud Computing, Jeffery Otis.
“So, you login with your username and password, and then MFA will come along and say ‘you need to confirm an additional component.’”
On Oct. 10, Multi-Factor Authentication will be enabled on all student accounts requiring them to provide two pieces of evidence; their current password to log into their Southern account. The additional factor could be either a text message or a phone call or mobile app.
All will confirm their identity when logging into their account.
John Jaser, director of OIT – Systems and Infrastructure, said Southern tried to use MFA on campus about three and a half years ago, but found it was too much of a hassle. Since then, he said over the last two years IT has found ways to make it more convenient.
“It doesn’t challenge you while you’re on campus including Eduroam, but the Res life is considered off-campus. You can remember the device and say this is trusted for up to 60 days, and the best thing, it’s no longer a proprietary fix, it’s the same one everyone is using,” said Jaser.
According to a Clark School study at the University of Maryland, there is a hacker attack every 39 seconds, but at Southern, Otis said, on average five student accounts are compromised each week.
The beauty of MFA, Otis said, is that it is something students know and something students have, so even if a hacker did access a student account, they would not have access to their phone or chosen second factor.
Additionally, students will get an alert and can then authorize if the account activity was their own.
As for setting up MFA, Claudio Everett, senior computer information systems major, who works at the IT Help Desk, said setting MFA up for the first time could be confusing for some students, but IT will be there to help.
“It’s just a matter of getting through that first – time set-up and then you’re kind of secure after that,” said Everett.
One of the issues that led to finally enabling MFA was spam emails. Jaser said IT has been able to reduce spam, but the issue is, Azure, Microsoft’s
artificial intelligence program, cannot detect when a hacker is posing as a student.
“We haven’t been getting a lot of spam from outside, almost none, it’s gotten that good with spam detection, but when it comes from a student’s account, it’s considered legitimate,” said Jaser.
Students have received fake emails from what appear to be their fellow classmates, but is actually a hacker, and then when they click on them, Otis said another set of bad emails is sent out from the students account and it cascades on.
While Jaser said he understands that MFA may lead to frustration for some students, IT will have the tools to help students if they need to troubleshoot their account, but at the end of the day it is about account security.
“Single sign on is so incredibly convenient,” said Jaser, “but if someone breaks into that, they have everything.