What are we doing?
Taking the first step in the Multi Factor Authentication (MFA) rollout which is the number one security measure that will reduce the risk of stolen account credentials. This first step will impact faculty and staff off-campus use of Office 365, Office Mobile Apps & Canvas.
What is MFA?
Multi-factor authentication (MFA) is used to ensure that digital users are who they say they are by requiring that they provide at least two pieces of evidence to prove their identity. Each piece of evidence must come from a different category: something they know (security questions), something they have (phone or email), or something they are (biometrics).
If one of the factors has been compromised by a hacker or unauthorized user, the chances of another factor also being compromised are low, so requiring multiple authentication factors provides a higher level of assurance about the user’s identity.
Why are we doing this?
- 99.9% of hacked accounts did not use MFA.
- 60% of users reuse passwords.
- 99% of password sprays attacks and 97% of password replay attacks were performed against legacy authentication.
- 1 AWC employee account was successfully hacked via password spray attacks in December.
- Gains in account security outweigh the extra steps of MFA prompts at sign in.
What is the Deadline?
By March 30, all faculty and staff will need to preconfigure their profile for MFA and will be automatically prompted to enroll if they had not previously configured. For all users, it is much easier to complete these steps earlier rather than wait for the mandatory implementation. Our approach, which is detailed at the bottom of this email allows us to request volunteer enrollment until that deadline.
What do we need from you?
- Commitment to improving AWC’s cyber security.
- Complete the steps outlined in the MFA Setup document.
- Email firstname.lastname@example.org letting them know you would like to volunteer for MFA enrollment.
- Test from off campus.
- Report any problems.