What if there were a way to know every time someone attempted to access your account? Even better, wouldn’t it be terrific if stolen passwords were completely useless to attackers? Many phishing scams would be completely ineffective. That’s the power and control that multi-factor authentication (MFA)—sometimes known as two-step verification—can provide.
As faculty and staff, you’re probably already using MFA to access your Drake email or Banner, and these benefits are part of the reason why ITS implemented Duo MFA last year. Attackers know that accounts only protected by passwords are easily compromised and stealing or modifying information undetected can be done quickly and easily.
If you aren’t already using MFA on your personal accounts, why not start now? Here are some key accounts where you should consider adding MFA:
- Email accounts: “Forgot password” reset requests from websites send instructions and links via email, so protecting your email ensures you are in control of resetting account passwords.
-
- Financial accounts: Protect your finances and credit.
-
- Social media and website management: Protect your online presence and personal brand.
- Online shopping: Protect your credit cards.
MFA is becoming more widely available and easier to use. Typically, you’ll install a mobile app or use text/phone call functionality. Most MFA mobile apps also generate codes to use while traveling or when cell service is unavailable.
Depending on the type of website and/or data you’re protecting, you may want to adjust the frequency of the prompts. For example, you may want extra verification every time you sign into your retirement accounts but may only need that extra step occasionally or if you’re using a new device when signing into your personal email.
The phishing attacks that we see at Drake often attempt to bypass account security, even those that are MFA-enabled. ITS will continue to provide phishing education in August using simulations of common attack methods.
—Peter Lundstedt, ITS