Ransomware attacks have been in the news lately, including an attack over the Fourth of July weekend that impacted up to 1,500 organizations. In this edition of “ITS In-Depth,” we speak with Syracuse University Chief Information Security Officer Chris Croad…
Students Can Now Protect Their Office365 Accounts and Email with Two-Factor Authentication
As part of ongoing efforts to protect digital identities and related University information, Information Technology Services (ITS) has enabled two-factor authentication (2FA) for student email and other Office 365 services.
2FA is an added verification step during authentication that helps to prevent the unauthorized use of University NetIDs and passwords by ensuring that only the account owners themselves use their credentials on systems hardened with 2FA, in this case, Office 365. Typically, 2FA is described as “something you know and something you have” where the “something you know” is your username and password, and the “something you have” is often called a “second factor.”
Multiple second factors can be configured in Office 365, such as the confirmation of a push notification via the Microsoft Authenticator mobile application, a text message, a phone call, or a verification code.
“The login credentials of students, faculty and staff are targets for organized crime and hackers,” says Christopher Croad, Syracuse University’s information security officer. “Criminals use stolen NetIDs and passwords to harvest personally identifiable information from compromised accounts or sell them on the ‘dark web’ for financial gain, or use in gaining access to academic assets such as library resources or educational discounts on software and services. Two-factor authentication makes it difficult for anyone except the account owner to log into a resource that uses 2FA as part of its authentication mechanism.”
Students are encouraged to opt-in to Office 365 2FA protection at any time by visiting NetID.syr.edu and clicking Two-Factor Opt-in. All students will need to turn on 2FA in their Office 365 and email accounts by Feb. 12, 2019. Faculty and staff have been required for several months to set up 2FA in their Office 365 apps for additional security verification.
Important Recommendation: Anyone who plans to travel away from the main campus between now and the end of the academic year is strongly encouraged to opt-in to two-factor authentication as soon as possible. Unreliable or nonexistent internet or cell coverage prevents connectivity in some areas, domestic and abroad. Opting in now can enable continuing access to protected University accounts regardless of location.
Additional information and instructions are on the Microsoft Two-Factor Authentication (2FA) – Setup and Management page in the Answers.syr.edu knowledge base: https://answers.syr.edu/x/2AAeAw.
ITS has chosen Microsoft’s Azure Active Directory system to provide “Additional Security Verification” to University Office 365 accounts. “We use Azure to manage the University’s Active Directory within the cloud environment,” says Eric Sedore, Associate Chief Information Officer for Core Infrastructure Services, “It already has two-factor and multifactor authentication tools built-in. We are leveraging our existing deployment, so it does not increase our costs to take advantage of the advanced functionality.”
Over the summer, ITS added applications and features to the Office 365 suite including One Drive cloud storage, Teams collaboration suite, One Note digital notebooks, and multi-user document editing. These new services are available to all active Syracuse University students, faculty and staff and are protected with 2FA. Office 365 enables enhanced collaboration and streamlined meeting, scheduling, and calendaring among members of the University community. Installation instructions and details about these and other Office 365 services are on the Office 365 @ Syracuse University page in the Answers.syr.edu knowledge base: https://answers.syr.edu/x/DwDiAQ.
For assistance with Office 365 and two-factor authentication, students are invited to contact the ITS Service Center at 315.443.2677 and firstname.lastname@example.org. Faculty and staff should contact their IT support team.