Annie Sheneman
Contributing Writer
Beginning on Tuesday, Jan. 28, all student accounts will be required to use multi-factor authentication as a part of the log-in process. This new addition is one part of the College’s risk management priorities for this year, according to an email sent by the Technology Services department in November.
This change is “in direct response to a dramatic rise in the scope and sophistication of phishing, spear phishing and malware attacks that are targeting our faculty, staff and students.”
Phishing is a type of scam in which a hacker sends an email pretending to be from a reputable source, hoping to collect passwords and log-in information, according to the Federal Trade Comission (FTC). Multi-factor authentication is a system that requires verification in two forms: a password, as well as a connection to a trusted device, such as a phone. This process makes it much more difficult for breaches in cybersecurity, as it requires a hacker to have both a password and access to a student’s phone, according to I.T.’s website. Multi-factor authentication is very commonly used outside of the College, by other colleges and universities, as well as by sites like Google and Twitter. According to Director of Educational and Emerging Technology Jon Breitenbucher, the new implementation “is sort of an outgrowth of our cybersecurity efforts.” Using Microsoft for multi-factor authentication, as the College will do starting next week, gives users a few options for verification.
Students, staff and faculty may choose to receive a text message or phone call with a code, or may download an authenticator application on iOS and Android devices, according to I.T.’s website.
Because the College handles sensitive records for students, including financial information, it is important to keep it protected, and multi-factor authentication is a significant step in the College’s cybersecurity plan. Multi-factor authentication has already been deployed for administration and staff, and will be deployed for students and faculty next week. Each student will need to set up multi-factor authentication on their devices in order to be able to log in. To do so, students should click the link in the email sent by I.T., and set up a phone on which to be contacted, either by text or call. Students may also elect to download the mobile app. After this step, students will receive a code on their trusted mobile device that they can use to log in. Once logged in, students can select to only log in with multi-factor authentication every 14 days.
Setting up multi-factor authentication should only take a few minutes, and can prove incredibly useful in preventing fraud and breaches in cybersecurity