Multi-factor authentication for all students
As of Tuesday, Aug. 29, 18 student accounts had been taken over since June by hackers.
A dean lost $9,000 due to hacking. Their checks were rerouted three times internationally before the IT department and the dean was aware the money had been lost.
Six USU employee paychecks were lost due to their accounts being hacked, according to chief information officer Eric Hawley.
All of these individuals have two things in common. First, their personal information was stolen. And second, they were not using the Microsoft Multifactor Authentication, MFA.
due to these hacks, Hawley and IT manager Gary Egbert proposed a requirement for all students to be using Microsoft’s Multifactor Authentication by Oct. 20.
According the Utah Office of Administrative Rules, multifactor authentication has been required on all public UtahID accounts since August 2022. This include agencies like higher education and housing that are outside of the utah.gov domain.
Utah State University has decided to use MFA because of a partnership already in place. This is the most cost-efficient way to keep students safe and obey new legislation, according to Hawley.
He said, USU has “a contract with the MFA which saves us 100,000 dollars a year.”
During Hawley’s proposal to the Utah State University Student Association Executive Council, chief of staff Maggie Mace brought up an issue she, and other students, have been having with multifactor authentication. One day, she did not bring her phone to campus, so she was unable to log into any school computer or website.
For students without smartphones, Mace wondered how this would affect their ability to access their school information.
IT Lab consultant Madison Taylor, recently ran into a similar problem when she got a new phone and had to resync all of the MFA information.
Despite the inconvenience, Taylor feels more secure with MFA.
“I worry about my personal information being hacked a lot, actually, so having the authentication is really nice,” Taylor said.
Hawley informed Mace and the executive council that other options are available. There is a dial up option for any type of phone and security keys.
Security keys will be sold at the USU Campus Store at cost for 25 dollars. Hawley informed the council that his department is willing to work with the individual to ensure they are able to stay protected.
“No student or employee left behind,” he promised the council.
Hawley encourages all students to not procrastinate setting up their MFA. Instead, he advises students to “choose a time that’s convenient for you. Do not wait until the last minute when you have to log in, set up MFA, and turn in an assignment at the same time.”
If there is any issue with an assignment regarding MFA, Hawley and his department have asked professors to be understanding. However, a grace period will not be enforced.
“Thank you to the students for their help as we work to secure and protect their and university information,” Hawley said.
Pamphlets instructing students how to join MFA are posted around campus, including in the Merrill-Cazier Library.