How multi-factor authentication can protect your account
Multi-factor authentication, commonly called "MFA", is an incredible tool to help keep your online accounts secure. MFA adds a second layer of security to your online accounts by requiring an additional verification step after you provide your correct username and password. MFA is required to access your OHIO accounts, but you can often add it to your personal accounts as well. Enabling MFA is an easy way to protect your accounts and personal information. In fact, according to the National Cybersecurity Alliance, 99.9% of account hacks could have been prevented by using MFA.
When MFA pays off
Meet Joe, a college junior who is doing quite well in his studies. Unfortunately, Joe does not attend a university that has deployed MFA, like Ohio University. One day, Joe receives an email that he believes to be from the Help Desk asking him to log in to reset his password because suspicious activity was detected on his account. Little did Joe know, his account did not have suspicious activity and the email wasn’t from the Help Desk at all. In reality, it was from a cybercriminal. This criminal was able to steal Joe’s username and password by sending a fake email requesting Joe to log in to a malicious website. This allowed the criminal to access Joe’s email through the university webmail system.
Sadly, it doesn’t stop there. The criminal reads through Joe’s inbox and gets excited when he realizes that Joe has a student loan deposit heading his way. Swiftly, the criminal pivots to the student information system and logs in to update the direct deposit information to a bank that is not Joe’s. On direct deposit day, the cybercriminal’s account receives the deposit, and our criminal has a nice payday. Joe doesn’t realize this until he checks the status of his funds the next week. Unfortunately, by then it was too late.
Enable MFA for your personal accounts
If Joe’s university had implemented MFA beforehand, Joe would have received a notice when the attacker logged in to his account. This notice would have allowed Joe to deny the login and mark it as fraudulent. Joe would have known to reset his password and the criminal would have never made it any further.
At Ohio University, we primarily leverage Azure MFA to protect our accounts. OIT highly recommends verifying each MFA prompt or MFA phone call as they are generated. If you are not actively signing into a service, it is best to deny any MFA request you receive. Additionally, OIT recommends enabling MFA on your personal accounts, such as social networking sites, gaming services, and your personal email accounts.