In this digital age, experts recommend another layer of security to protect personal identities and information. Multifactor authentication (MFA) is another tool that can be used in the fight against cybercrime.
MFA adds another step to the login process, such as a single-use security code texted to the user. It is becoming more common with web-based services, such as online banking, and recommended by tech giants like Google and Facebook.
Darin Dugan, identity services manager in information technology, said common uses for stolen login information include:
- Sending spam emails (thousands) from personal accounts
- Modifying direct deposit to divert paychecks to an alternate bank account
- Changing tuition payments or canceling registration to get refunds sent to an alternate bank account
- Accessing restricted scientific journals through the library system
"It's easy for anyone who guesses or steals your password to access your electronic workspaces," Dugan said. "Things will get considerably tougher [for thieves] when MFA becomes standard operating procedure for accessing web-based applications."
MFA at Iowa State
The Okta identity management platform selected by Iowa State may use MFA for its portal/dashboard that gives users one-click access to their web-based programs and applications without additional logins. Voluntary Okta enrollment is expected to start in November, with full implementation sometime next spring.
MFA provides another line of defense against cyberattacks -- from the thousands of daily attempts targeting university systems to individual users who fall prey to phishing attempts.
"Compromised accounts are time-consuming to fix and potentially dangerous," Dugan said. "In addition to resetting passwords, IT staff must ensure that university systems have not been damaged or jeopardized."