Starting May 7, 2020, OHIO employees and emeriti will be required to use multi-factor authentication (MFA) for the following online services:
- Office 365 – Email, Calendar, OneDrive, Teams, and other Microsoft online applications
- Qualtrics – For tasks like creating/editing surveys, viewing reports, and analyzing/exporting data. Survey participants will not be affected by the new requirement.
Office 365 and Qualtrics are the latest to join a growing list of University online services that are protected with MFA, including PeopleSoft, e-Biz, and My Personal Information.
What you need to do
Current multi-factor authentication/Duo Security users
- If you use the Duo mobile app, no action is required. Just be aware that you will need to start verifying your logins to the web version of Office 365 and Qualtrics on May 7.
- If you use your office phone number for Duo verifications, you will need to forward that number to a phone you can access at home.
If you are not enrolled in multi-factor authentication
- You will need to enroll in multi-factor authentication.
- If you use the desktop or mobile version of Outlook or Teams, you will be prompted to re-login to your device once the change takes effect. After you have done so, your device will remember you.
We realize that Email, Calendar, OneDrive, and Teams are an important part of many employees’ daily routines. To cut down on the number of login verifications for the web versions of these applications, we recommend checking the Remember me for 30 days box when using a trusted device like your desktop, laptop, or smartphone.
Reasons for the change
Security is everyone’s responsibility. Office 365 and Qualtrics both have the potential to contain sensitive data that could be exposed if your password is lost or stolen. Multi-factor authentication is a great way to secure your account, as it minimizes this risk by adding a verification step to your login. This small step not only protects personal and University data but also uses resources more wisely by reducing the effort needed to mitigate compromised accounts.
Why Office 365?
As the University’s primary collaboration and communication suite, Office 365 is an attractive target for cyber criminals. Even if you do not keep sensitive data in Office 365, a criminal could use your password to:
- View sensitive data that others have shared with you on OneDrive.
- Impersonate you to trick students or colleagues who trust you into revealing sensitive information.
- Steal contacts or personal details from your email or calendar to make phishing attacks against your colleagues more convincing.
As one of OHIO’s primary tools for survey-based research, Qualtrics has the potential to contain sensitive data, including HIPAA and FERPA data. Proper stewardship of such data includes taking measures to prevent access to that data should your OHIO password be lost or stolen.
If you have any questions, please contact the IT Service Desk.