With most classes online now and going into the spring semester, Slippery Rock University plans to beef up its online security to protect against unauthorized use.
Over the next three months, SRU plans to implement two-factor authentication for all employees and students who need to access services and information they normally access with their SRU login credentials.
Two-factor authentication will require users to set up either a phone number to receive a text-based code or automated phone call with the required code, or an alternate email address to verify their login. Users will also be able to use the Microsoft Authenticator app, which can be downloaded onto any smartphone device.
“Users won’t be asked for two-step verification every time they attempt to log in, just when they are detected as logging in for the first time,” said John Ziegler, associate provost of information and administrative technology services.
SRU already began rolling out the security measures last week, with some staff required to set up the two-factor authentication on Nov. 11. SRU plans to have more staff along with faculty to begin using the security protocols over the next two weeks.
SRU students can expect to be asked to set up two-factor authentication starting around Nov. 25. The university expects the process to be fully implemented by mid-January.
One of the strong arguments for enabling two-factor authentication is that were someone to gain access to your credentials either through a data breach or phishing attempt, that actor would not be able to access the account without having access to the code generated by two-factor authentication.
While it does help to secure accounts, there are still vulnerabilities with two-factor authentication which include social engineering attacks or SIM jacking, where hackers can have your phone carrier information moved to a SIM card in their possession and begin receiving texts and phone calls to you.
Last week, Director of Identity Security at Microsoft Alex Weinert highlighted these exploits in a blog where he said it was time for users to move away from phone-based to app-based authentication, using programs like Microsoft Authenticator.
As the world moves more and more work online, the risk of cyber-attacks, even at the university level, increases.
Over the summer, a vendor used by the SRU Foundation had its files encrypted in a ransomware attack. Actors there were paid an untold sum by Blackbaud, Inc. to regain access to the files which included SRU alumni information.
In February, Butler County Community College (BC3) was also the victim of a ransomware attack after a hacker gained access to their servers. While the attackers were seeking around $147,000 for access to the files, BC3 was able to restore their access with the help of an outside company.
Those who may have questions about two-factor authentication or need help setting it up can contact the Help Desk at 724.738.4357 or firstname.lastname@example.org.