Multi-Factor Authentication

Passwords alone are no longer sufficient to protect sensitive information.  Bad actors have adapted their strategies to incorporate more sophisticated tools and techniques that increase the risk that your credentials may be compromised.  From phishing attacks to password spraying to keystroke logging, your accounts and data are at more risk than ever before.     

Multi-Factor Authentication, or MFA, is one of the most effective methods of protecting yourself against credential compromise.  Many organizations are making MFA a requirement to access accounts and information portals that contain confidential or sensitive data pertaining to their users or services.  In a study conducted by Microsoft it was concluded that 99.9% of account compromise incidents examined during the period of their study would have been prevented had the organizations utilized MFA.1

There are three primary factors for MFA:

  1. Something you know. This includes passwords, PINs, and combinations.  
  2. Something you have. This is a physical object, such as a token or a mobile device.  
  3. Something you are, otherwise known as biometric verification. This could be a fingerprint, retina scan, or voice recognition. 

Utilizing two or more of these factors when challenging someone for authentication makes it significantly more difficult for a bad actor to impersonate a user and gain unauthorized access to their data.   

The University of Richmond utlizes Duo MFA and encourages all students, faculty, and staff to enable MFA wherever possible to protect their sensitive data.  This simple and effective control could prevent you from becoming the victim of account compromise or identity theft.   

To find out more about the use of Duo, please refer to the SpiderTechNet Knowledge Base articles for that service. 

Contact infosec@richmond.edu if you have questions or need assistance pertaining to MFA.