Despite a few setbacks, Slippery Rock University plans to have new security measures completely rolled out by the end of the month.
Originally announced back in November, John Ziegler had planned for all student, faculty and staff accounts to enroll in multifactor authentication (MFA)—a security measure that secures accounts by having the user identify themselves through a secondary method—by the end of July.
Ziegler, who serves as SRU’s associate provost of information and administrative technology services (IATS), said that the pandemic had altered many things the university has planned. He said IATS had to shift focus during implementation to ensure the COVID-19 testing center could be up and running.
After the testing center’s needs were met, the department halted implementation while the university started its semester fully online for two weeks. The department picked up where it left off a week after the university returned to hosting in-person classes, Ziegler said.
IATS plans to begin reaching out to students next week via email explaining the process. Students, faculty and staff have the option of selecting one of three methods to secure their account.
Along with security measures, most users will be familiar with a phone call or text message to the user’s cell phone with a numeric code. Users will also be able to use a software token.
In SRU’s case, users will be able to download the Microsoft Authenticator application to their cell phones. Once linked to their SRU account, users will enter a randomly generated code that updates every 30 seconds.
The university does not have any plans to secure accounts with a hardware token like a YubiKey. While considered a secure method, Ziegler said people’s opportunity to lose their hardware token and be locked out increases and creates more significant problems.
“And it really was a difficult thing,” Ziegler said. “As you see the changing workforce when it becomes more remote, whether it’s taking classes or being staff members or whatever, I think we have to realize that people are going to be using a lot of different devices.”
Setting up MFA should take users only a couple of minutes, according to Ziegler. IATS already has instructions on its webpage so users can familiarize themselves with the process beforehand.
Ziegler said nearly 11,000 accounts would become secure once the process is complete. This is a project that started during the spring 2020 semester, well before anyone knew the changes that would be coming to teaching at SRU and the world. He said getting it done before the end of this semester exceeds his expectations given everything they have been up against.
While the methods will not fully protect users or the university from outsider attacks, it provides another security level to protect critical data and systems from cyber-attacks. With this MFA in place, Ziegler expects phishing attacks, which generally increase around finals week, will decrease this year.
Those who may have questions about two-factor authentication or need help setting it up can contact the Help Desk at 724.738.4357 or firstname.lastname@example.org.