Saturday, February 27, 2016
update posted Feb. 27, 2017
My Personal Information, the university's web app for accessing employment data like W2s, direct deposit, pay slips and paid time off, will start requiring multi-factor authentication from all locations, both on and off campus, on Mar. 15, 2017. To learn more about why this change is happening, see the original news item from Dec. 5, 2016, below.
The holidays can be a joyful time for hackers, but not for the reasons you might assume. Scammers might hope to trick you into giving them your password so they can redirect your holiday paycheck, but the real prize comes in January when W2 tax forms come out. A W2 contains everything a hacker needs to steal not only a paycheck, but also your tax refund and your identity.
In July 2016, the university restricted off-campus access to W2s and direct deposit to help protect employees who inadvertently share their OHIO credentials in response to phishing scam emails. With multi-factor authentication now available in MyHR/My Personal Information, that restriction can be lifted.
Starting Dec. 7, 2016 you can turn on multi-factor authentication for your account. Once you do so, you will be able to access all MyHR/My Personal Information features from off-campus, including W2s and direct deposit. On Jan. 17, 2017, multi-factor will be required to access the service from off-campus, and on Mar. 15, 2017 it will be required for on-campus access, too.
Because the IRS considers this to be a "new" way of delivering an electronic W2, anyone who opted into receiving their W2s online in the past will need to opt in again this year. Information on how to do so will be available from Payroll closer to the time when W2s are issued. The university strongly recommends opting into electronic delivery of W2s.
The name might sound complicated, but the idea behind multi-factor authentication is simple: make life hard on hackers by adding smart phone, tablet or phone call/text verification to your login.
Without multi-factor, all it takes is a password to access your account. With multi-factor, your password is useless to a hacker unless he or she also has access to the smart phone, tablet or phone line you’re using to verify your login.
*You can use the app as often as you like, but we ask that you limit yourself to 5 or fewer automated calls/texts each month. The login screen includes a check box to remember you for 30 days, so for most employees, this should not be a problem.
Multi-factor authentication makes it significantly harder for a scammer or hacker to use a lost or stolen password to log into a protected system. For you, this means you’re less likely to suffer identity theft if you fall victim to a phishing scam. For the university, it means that the sensitive data you have access to through the systems you use for work is less likely to be exposed because of a lost or stolen password.
Along with MyHR, multi-factor also will be added to systems like Oracle e-Business and PeopleSoft. In fact, over 400 employees in IT, Finance and HR already use multi-factor.
Multi-factor authentication isn’t just for university data. It’s also great for securing personal assets. Many banks offer multi-factor at no charge to customers who know to ask for it. If your bank or credit union offers the feature, it’s well worth enabling.
For more information, visit OIT’s multi-factor authentication webpage.