WiFi KRACK: What you need to know
Securing the Internet of Things
Cyber security: Can you catch a phish?
How to spot phishing emails
Laptops for Harvey: OHIO IT helps University of Houston Downtown students get back online
Web Accessibility: Descriptive Links
How to create a cyber secure home
Four steps to staying secure online
October is National Cyber Security Awareness Month
Skype for Business: 3 ways to stay in touch

Off campus access to MyHR/My Personal Information returns; new login requirement will help thwart scammers

Saturday, February 27, 2016
Sean O'Malley  

update posted Feb. 27, 2017

My Personal Information, the university's web app for accessing employment data like W2s, direct deposit, pay slips and paid time off, will start requiring multi-factor authentication from all locations, both on and off campus, on Mar. 15, 2017. To learn more about why this change is happening, see the original news item from Dec. 5, 2016, below.


Image showing the OHIO login page with a Duo confirmation prompt on a smartphone superimposedThe holidays can be a joyful time for hackers, but not for the reasons you might assume. Scammers might hope to trick you into giving them your password so they can redirect your holiday paycheck, but the real prize comes in January when W2 tax forms come out. A W2 contains everything a hacker needs to steal not only a paycheck, but also your tax refund and your identity.

In July 2016, the university restricted off-campus access to W2s and direct deposit to help protect employees who inadvertently share their OHIO credentials in response to phishing scam emails. With multi-factor authentication now available in MyHR/My Personal Information, that restriction can be lifted.

Starting Dec. 7, 2016 you can turn on multi-factor authentication for your account. Once you do so, you will be able to access all MyHR/My Personal Information features from off-campus, including W2s and direct deposit. On Jan. 17, 2017, multi-factor will be required to access the service from off-campus, and on Mar. 15, 2017 it will be required for on-campus access, too.

Because the IRS considers this to be a "new" way of delivering an electronic W2, anyone who opted into receiving their W2s online in the past will need to opt in again this year. Information on how to do so will be available from Payroll closer to the time when W2s are issued. The university strongly recommends opting into electronic delivery of W2s.

What is multi-factor authentication?

The name might sound complicated, but the idea behind multi-factor authentication is simple: make life hard on hackers by adding smart phone, tablet or phone call/text verification to your login.

Without multi-factor, all it takes is a password to access your account. With multi-factor, your password is useless to a hacker unless he or she also has access to the smart phone, tablet or phone line you’re using to verify your login.

How it works

  1. You install a small app on your personal smart phone or tablet and enroll it in the service. As a fallback, you also can enroll a land line or cell phone number. (You have to be on the campus network to enroll, but once enrolled you can log in from anywhere.)
  2. When you log into a protected system like MyHR, a verification request gets sent to your smart phone or tablet. If you don’t have access to your smart phone or tablet, you can request an automated phone call or text*.
  3. Open the app (or answer the phone), approve the login, and you’re in.

*You can use the app as often as you like, but we ask that you limit yourself to 5 or fewer automated calls/texts each month. The login screen includes a check box to remember you for 30 days, so for most employees, this should not be a problem.

Why use it?

Multi-factor authentication makes it significantly harder for a scammer or hacker to use a lost or stolen password to log into a protected system. For you, this means you’re less likely to suffer identity theft if you fall victim to a phishing scam. For the university, it means that the sensitive data you have access to through the systems you use for work is less likely to be exposed because of a lost or stolen password.

Along with MyHR, multi-factor also will be added to systems like Oracle e-Business and PeopleSoft. In fact, over 400 employees in IT, Finance and HR already use multi-factor. 

Securing your personal assets

Multi-factor authentication isn’t just for university data. It’s also great for securing personal assets. Many banks offer multi-factor at no charge to customers who know to ask for it. If your bank or credit union offers the feature, it’s well worth enabling.

For more information, visit OIT’s multi-factor authentication webpage.

Related Links

Multi-factor authentication