ITSpotlight is designed to keep the campus up to date on ITS activities and services.
SIUE to use Multi Factor Authentication (MFA) to Combat Phishing
Posted September 3, 2021
SIUE will require multi-factor authentication (MFA) for all employee e-ID accounts starting September, 2021. Users can avoid the September rush and get set up today for MFA using the request form: https://www.siue.edu/its/mfa-setup/
The reason for adopting a multi-factor authentication (MFA) program is that passwords alone do not offer the protection of sensitive assets or personal information that they have previously. With phishing being the most common and effective method of hacking, multi-factor authentication can offer credential protection even when a password has been compromised.
MFA is likely an already familiar process for those who bank or shop online. Every time a bank calls your cell phone to verify your identity, Amazon texts you an authentication code when you place an online order, or the IRS emails you a verification when you file your income taxes online, you are using multiple factors – in addition to your password -- to authenticate your account. While a password can become long, complex, and hard to guess in response to various methods of attack, it still only represents a single factor in protecting access to your account. By adding another factor for authentication, the account becomes more difficult for a hacker to compromise. The additional factor can also secure the account even if the password becomes known. Temporary codes, as a second factor of authentication to sign into an account, expire after a short amount of time and quickly become useless.
Although MFA may seem like an inconvenience, it has become commonplace in our everyday lives in order to add increased security to our online transactions. MFA has been adopted in many industries, driven often by a need for secure access, personal privacy, protecting intellectual property, protecting research data, or to combat phishing and other password discovery techniques. MFA is also often required by institutions and the federal government when dealing with access to sensitive data and regulatory requirements.
While SIUE has continued to increase password complexity and password change frequency to prevent and limit damage from phishing, implementing MFA will provide an additional layer of protection. Hackers will often abandon efforts to compromise an account if it is well-protected with additional layers of security. With MFA, even if your SIUE e-ID password has been compromised, the second factor of authentication creates a formidable barrier that hackers cannot easily break through. Risk-averse hackers tend to abandon their efforts to compromise an account if the account is protected by MFA, often looking for easier victims where their illegal activities will be less noticed.
Additional information about SIUE’s MFA program is available at: https://www.siue.edu/its/mfa.shtml
If you have questions about MFA, contact the ITS Help Desk at (618) 650-5500 or via email at help@siue.edu.
