Ransomware attacks have been in the news lately, including an attack over the Fourth of July weekend that impacted up to 1,500 organizations. In this edition of “ITS In-Depth,” we speak with Syracuse University Chief Information Security Officer Chris Croad…
Two-Factor Authentication: Strong Security for Student Email and Office 365 Accounts
Imagine losing access to your email and everything in it. It is easier than you think to expose your password unknowingly. Information Technology Services (ITS) has enabled two-factor authentication (2FA) for all student accounts. Even if hackers steal your NetID and password, 2FA will help protect your University email and Office 365 account.
With 2FA, you guard your account with both your password and your phone or another factor. As an added verification step during authentication, 2FA helps prevent the unauthorized use of University NetIDs and passwords by ensuring that only the account owner can use their credentials to gain access to their University email and Office 365. Office 365 lets you configure multiple second factors, including a push notification via the Microsoft Authenticator mobile application, a text message, a phone call and a verification code.
Here are just a few examples why you should:
- At Florida Gulf Coast University, the school locked all student accounts after discovering “a serious phishing scam that targeted our students. The attackers are using phishing emails and fake FGCU websites to trick students into disclosing their login credentials.”
- Wellesley College reported a similar scheme last year, in which scammers replicated the school’s login page. Similar schemes have targeted Syracuse University.
- The Department of Education’s Office of Federal Student Aid said it “strongly encourages” schools to implement dual-factor authentication, which requires users to add another layer of security, such as a mobile device, to verify their identities.
- Two-factor authentication is mandatory at SUNY Albany, following a phishing scheme last spring that compromised more than 300 student accounts. 2FA is mandatory or soon will be at most other colleges and universities.
2FA will be mandatory here at Syracuse too. Students can opt-in anytime, or let 2FA activation occur automatically sometime between Feb. 12 and the end of the semester.
Student 2FA Automatic Activation Starts Feb. 12
Students who do not opt-in to 2FA by Feb. 12, 2019, will have 2FA activated automatically on their email and Office 365 account sometime between then and the end of the semester. Students will start receiving email notifications from Information Technology Services (ITS) 30 days ahead of their activation date. Student accounts will be activated randomly, so it may be several weeks before individual students receive a notification. Email notifications will not contain working hyperlinks to any websites, to help identify them as legitimate University communications. Students can opt-in to Office 365 2FA protection at any time before their activation date.
If you need help or have questions, ITS is here to help. For more information and assistance, visit Answers.syr.edu and search for Microsoft Two-Factor Authentication (2FA). Or, contact the ITS Service Center at 315.443.2677 or firstname.lastname@example.org.