Information Technology extends mandatory multi-factor authentication initiative to all Elon students 

All undergraduate, graduate and law students must enroll in MFA using Duo Security, which follows the successful campus wide rollout for faculty and staff last fall.

This month, Information Technology will expand the mandatory multi-factor authentication (MFA) enrollment initiative to include students, which follows a successful campus-wide rollout for faculty and staff last fall. Graduate students must enroll in MFA using Duo Security by Tuesday, March 23, undergraduate students by Monday, April 12 and law students by Wednesday, April 21.

Higher education institutions are often prime targets for cybercriminals. Sophisticated phishing attacks and other hacking innovations constantly look for ways to infiltrate critical systems and steal sensitive information through an organization’s most vulnerable areas. To counter these threats, a 2018 EDUCAUSE Core Data Service report showed 92 percent of U.S. institutions were tracking, planning, had partially or fully deployed institution-wide MFA on their campuses.

person with a laptop and mobile phone
All Elon undergraduate, graduate and law students must enroll in MFA using Duo Security, which follows the successful campus wide rollout for faculty and staff last fall.

At Elon, MFA is among a growing list of security and awareness measures happening behind the scenes to educate the community about increasing threats and enhance online safety for all users, on and off campus. Adding students to the enrollment initiative is a critical next step, according to Gary Sheehan, Elon’s director of information security. Opening enrollment now allows students ample time to acclimate to the new authentication process before the new school term in the fall, he said.

“Even for student accounts, password theft is constantly evolving as hackers use methods like keylogging, phishing and email spoofing to gain access,” Sheehan said. “MFA enables us to deploy a security strategy that protects our platforms and community, reduces our risk for cyber threats and further provide protections in such a way that access remains easy for authorized users.”

Also referred to as two-factor authentication, MFA adds layers of password security to critical university systems and reduces the number of compromised accounts by making it difficult for unauthorized individuals to log in with stolen passwords.

Though you may not realize it, you likely already use MFA when accessing online accounts for banking, credit cards and other services, Sheehan said.

“When you access an ATM or use a debit card for purchases you typically need the card (something you have) and a pin number (something you know),” he said. “Whenever a merchant, bank, medical provider or retailer requires you to provide a password or pin, along with something you have to complete a transaction, you are using multi-factor authentication.”

At Elon, the MFA process involves the use of the Duo Security app and two or more devices to deliver security tokens that allow users to access single sign-on services like email, Moodle, LinkedIn Learning and other applications. With Duo Security, tokens are typically communicated through a push to a mobile device or call to a landline phone.

“Since passwords can be compromised and are vulnerable to sharing, adding multi-factor authentication to the login process requires the user to know something (the password) and have something (the token), in order to gain access,” Sheehan said.

All Elon students are encouraged to enroll in MFA before the deadlines noted above. After those dates, email, Moodle and other single sign-on services will be inaccessible until MFA enrollment is complete. For help getting started, visit the step-by-step enrollment guide in the IT Self-Service Portal Knowledge Base or attend a 20-minute virtual help session. If you have questions or need to report an issue, please contact the Technology Service Desk at 336-278-5200.

For additional online safety resources and to sign up for alerts, visit the Information Security website. To stay aware of active cyber-attacks and other threats on campus, Sheehan encourages users to sign up for information security alerts.

“You are the shield,” he said. “We all play an important role in keeping our community safe.”

How does Duo Security work?

Screenshot from Duo Security video
Watch Duo Security’s video, the Student’s Guide to Two-Factor/Multi-Factor Authentication (2FA/MFA).