Information Technology launches multi-factor authentication initiative to enhance password security for Elon faculty, staff

All faculty and staff must enroll in multi-factor authentication by Dec. 31.

Today’s cybersecurity landscape is ever-changing. Sophisticated phishing attacks and other hacking innovations constantly look for ways to infiltrate critical systems and steal sensitive information through an organization’s most vulnerable areas.

To enhance online safety measures at Elon, Information Technology is implementing a mandatory multi-factor authentication (MFA) initiative. All faculty and staff must enroll in MFA using Duo Security by Dec. 31.

Also referred to as two-factor authentication, MFA will add layers of password security to critical university systems and reduce the number of compromised accounts that impact the Elon community. This makes it harder for unauthorized individuals to log in as if they were you.

“Password theft is constantly evolving as hackers employ methods like keylogging, phishing and email spoofing,” said Gary Sheehan, director of information security. “Our goal is to provide protections in such a way that access remains easy for authorized users. MFA enables us to deploy a security strategy that protects our platforms and community, reduces our risk for cyber threats and boosts the flexibility and productivity of our entire workforce.”

With this initiative, Elon joins a growing list of campuses nationwide that mandated MFA for faculty and staff. A 2018 EDUCAUSE Core Data Service report showed that 92 percent of U.S.-based institutions were either tracking, planning, have partially deployed or deployed institution-wide MFA on their campuses.

Though you may not realize it, you likely already use MFA when accessing online accounts for banking, credit cards and other services, Sheehan said.

“When you access an ATM or use a debit card for purchases you typically need the card (something you have) and a pin number (something you know),” he said. “Whenever a merchant, bank, medical provider or retailer requires you to provide a password or pin, along with something you have to complete a transaction, you are using multi-factor authentication.”

At Elon, the MFA process involves the use of two or more devices to deliver security tokens that allow access to single sign on services like email, Moodle, LinkedIn Learning and other applications. With Duo Security, tokens are typically communicated to the user via a mobile or landline phone.

“Your information is safer because thieves would need to steal both your password and your MFA token,” Sheehan said. “Since passwords can be compromised and are vulnerable to sharing, adding multi-factor authentication to the login process requires the user to know something (the password) and have something (the token).”

MFA is only one facet of a broader security strategy to protect data, campus technology resources and the existence of a safe computing environment at Elon. Security and compliance are best achieved when they are not implemented using a single point of failure, Sheehan said.

“Think about how you protect your valuable assets — by locking doors and windows, adding an alarm system or outdoor motion lights to detect intruders,” he said. “In addition to MFA, we have implemented a security awareness program to share safety tips on how to protect data and personal information. We use anti-virus, anti-malware and other controls to protect against harmful email links and websites, and we monitor the environment to ensure sensitive data and information is not accidentally shared with unauthorized users.”

To stay aware of active cyber-attacks and other threats on campus, Sheehan encourages users to sign up for information security alerts.

“You are the shield,” he said. “We all play an important role in keeping our community safe.”

As the fall semester draws to a close, faculty and staff are encouraged to enroll in MFA ahead of the upcoming holiday break and Dec. 31 deadline. For help getting started, visit the step-by-step enrollment guide in the IT Self-Service Portal Knowledge Base.

After Dec. 31, email, Moodle and other single sign on services will be inaccessible until MFA enrollment is complete. Please contact the Technology Service Desk at 336-278-5200 if you have questions or need to report an issue. For additional online safety resources and to sign up for alerts, visit the Information Security website.