By Naidelly Coelho
In an effort to improve cybersecurity at FSU, multi-factor authentication (MFA) is required starting this Fall, according to an email sent to the community by Information Technology Services (ITS) on Aug. 31.
Multi-factor authentication is an extra step that faculty and students have to take in order to secure personal data and applications. Students and faculty need to authenticate themselves with either an app or a phone call, according to the email sent to the community.
According to the Microsoft website, MFA is a second layer of security. If a hacker is able to get through someone’s usernames and passwords, with the Microsoft Authenticator app, they will be “stuck” as hackers and unable to obtain the verification code.
Associate Vice President and Chief Information Officer Patrick Laughran said MFA has become a standard option across colleges and universities working to prevent cyber attacks.
This new system is a preventative method as FSU has never been cyberattacked, he said.
Information Security Officer Corey Hobbs said Cape Cod Community College, Bridgewater State, and Salem State were cyberattacked before.
Laughran said, “You'll have a student account specifically or an employee's account and it starts spamming things - while not a major attack, that's still a cybersecurity attack. That's still somebody who gained access to something they weren't supposed to.”
The email from ITS provided students with information on how to configure the app with their school emails.
Hobbs said there were about 42 out of 4,200 registered students who submitted a report to the IT Help Desk.
“It's about 1.1%. I've been up at the Help Desk where a lot of this has happened. We're dealing with a population where everyone has a different type of phone. … The one we noticed the most was issues with iPhones where the app was misbehaving. It's a fairly easy fix - you just reinstall it,” he said.
MFA will require students to authenticate themselves every seven days on each device, and when that happens varies from student to student. There is no set day for when the authentication will be triggered, Hobbs said.
Another alternative for students and professors who are having trouble with the app is using the dialing method through a phone - it can be from any type of phone. After providing a phone number, students and professors will receive a code. They will be prompted by the message to add the code on the device in order to be authenticated, he said.
If students don’t have a phone that they can either have the MFA app on or dial from, they can reach out to the Dean of Students office, where they will be able to get assistance, he said.
Students were not provided with any videos explaining how to use the app or how to fix glitches, but ITS provided various links from which students can learn more about MFA, frequently asked questions, and more specific topics, he said.
Director of Infrastructure and Operations Mike Zinkus said Microsoft is part of the main platforms used by FSU. The MFA application is built into the agreement with Microsoft.
Therefore, there is no added cost associated with implementing the MFA. “It's a feature within something we already own,” he said.
The month of October is dedicated to cybersecurity awareness. This year marks the 20th anniversary of this national initiative, Hobbs said.
During this month, ITS will be sending out emails every week explaining certain aspects of cybersecurity awareness, he said.
Hobbs said ITS sends out online training opportunities for students to participate in tutorials on how to identify phishing, scams, and other cybersecurity threats.
“A lot of students don't elect to do it - which is unfortunate. It'd be great to take that training. There’s a lot of good information in it,” he said.
Jake Grace, a junior, said the multi-factor authentication app takes an extra two to three minutes every time he tries to log in.
When logging into different devices, he might be prompted “two to three times over and over again.
“It is wicked annoying, to be honest,” he added.
Grace is a transfer student from MassBay, and said the “two-factor authentication” app they used there was “way smoother.”
Ryan Gryglewicz, a senior, said, “It’s annoying when it comes to just doing that too many times.
“Last year, it was not bad at all. Then all of a sudden, every week or something, I have to use that. Why do I have to do this so much?” he added.
On the other hand, Sara Silva, a freshman, said she doesn’t mind MFA at all. She used it before.
“I have to use it for my job as well. I just think it’s a matter of learning how to use it,” she said.
Bridget Castrillo, a junior, said in the first week of school, it was “way too complicated” to get used to it.
“I have gotten used to it - if it’s better for FSU, why not?” she added.
Naija Galloway, a freshman, said at the beginning of the school year, it was more difficult because of the extra steps she had to take. However, with the instructions provided by ITS in the email, she had no trouble accessing her student account.
“I think that it adds a good layer of security that I'm actually happy about. It makes me feel like my stuff is more protected,” she said.
Hobbs said If students and faculty are having difficulties with the MFA app, they should put in a ticket to the Help Desk.
“The best way, if you can do it, would be to go to our self-service portal and enter your information in that way. On the other hand, you can always email us at firstname.lastname@example.org or give us a call at the service desk,” he added.