Multi-factor authentication: Your belt-and-suspenders approach
Phishing attacks are becoming more common and sophisticated every day, and even the most well-trained users may slip up. According to the 2021 Verizon Data Breach Investigations Report, phishing is involved in 36 percent of breaches and 85 percent of breaches involve a human element, often in the form of a password that’s been shared by an unwitting victim. In higher education, that figure may be even higher, given that the education sector (as a whole) unfortunately ranks at the top of the list when it comes to phishing failure rates.
And it isn’t just phishing that’s a threat to password security. Many users set the same passwords for both work and personal accounts. At the same time, the frequency with which they are now asked to reset their passwords has led to a proliferation of lazy password practices—so much so that the National Institute of Science and Technology (NIST) recommends that organizations not reset passwords without cause.
Even strong passwords are vulnerable, and they only form a single line of defense for user access. To blunt the impact of compromised credentials, more companies are opting for a “belt-and-suspenders” approach to data security in the form of multi-factor authentication (MFA). By protecting identity access behind an additional verification, passwords become just one of several factors protecting an institution, its people, and its reputation from the consequences of data loss and theft.
Benefits of multi-factor authentication
MFA is quickly becoming best practice for most industries, but due to the perceived complexity and costs associated with MFA, it’s not yet widespread in higher education.
That’s going to change because of three important reasons.
1. Ease of use
Today’s MFA systems are not the confusing, help-desk-call-generating applications of the past. They are user-friendly to the point that with most MFA systems, students, staff, faculty, and administrators can verify their identities with a simple tap on their smartphones, tablets, or smartwatches. Other types of MFA may include facial-recognition technology or even location data, providing flexibility depending on the needs of the userbase. At the same time, the proliferation of single sign-on technology means that the steps involved in MFA don’t need to be repeated every time a user logs on to a new system.
2. Limited resistance, more adoption
More and more IT departments are taking the time to ensure that any inconveniences that may arise don’t create resistance to new security measures. At Cheney University of Pennsylvania (an Ellucian Managed Services customer), a new MFA solution was tested among a diverse set of campus constituents over 45 days to ensure a smooth rollout. As Chris Brown, Cheney’s executive director of technology told University Business, “It’s extremely important to listen to end users to understand where hurdles may exist.”
3. Seamless integration with other systems
MFA integration into myriad software solutions is now much easier than before. For instance, Ellucian’s suite of cloud-ready ERP, CRM, and more specialized applications are entirely MFA-compatible leveraging Ellucian Ethos Identity. And MFA capabilities continue to expand with the advancement of campus technology.
Move forward with confidence
For higher education, campus data is as valuable as it is vulnerable, and its access needs have long outgrown simple password protection. As threats continue to evolve, cybersecurity must keep pace. By incorporating MFA into their information security plan, institutions gain access to accessible, convenient new layers of defense, while empowering users to protect their own identities every time they log on.
Meet the authors
