Information and Technology Services Require Multi-Factor Authentication
Colgate’s Information and Technology Services (ITS) is requiring all students to enroll in a new security protocol called Multi-Factor Authentication (MFA) by Oct. 31, 2021, according to a schoolwide email sent by ITS staff on Oct. 5. The security system was developed to protect student and faculty identities against the significant rise in cybersecurity attacks across the country, according to the email, which adds that MFA further protects Colgate students’ private information from unauthorized third parties by requiring a second step verification through a second device.
“With these risks in mind, Colgate is taking steps to meet current industry standards and ensure the security and privacy of the University’s data, research, and systems,” the Oct. 5 email stated.
According to the communication, MFA works by requiring a secondary verification of identity, such as a push notification delivered to smartphones. Even if a hacker obtains someone’s password, they cannot access that user’s account or data. The University is utilizing two different platforms to protect account information: Duo, which protects Colgate provided apps and accounts, and Google, a Two-Step that protects mail and file storage on Google Workspace. While MFA enhances security, it should not take students more than a few minutes to enroll in the program through the Colgate website. Additionally, the ITS website affirms that students enrolling in MFA will save time by no longer having to reset their passwords periodically.
Chief Information Security Officer Blake Penn is leading the implementation of MFA across University accounts.
“The username and password model for security was built a long time ago and was relevant for the world back then, but we just don’t live in that world today,” Penn said.
Through his previous work at Georgia Institute of Technology, which had integrated multi-factor technology earlier on, Penn noted why Colgate implemented this process later than other universities.
“There was a student senate that supported this movement years ago. However, the pandemic got in the way of these initiatives,” Penn said. “The security landscape has changed a lot over the past several decades and having tools such as ‘Multi-Factor Authentication’ has just helped keep us up to date with those threats.”
ITS employee and first-year Malia Hawkinson explained the ease at which she enrolled in the multi-factor identification protocol. However, she noted that students must have another device ready for authentication to be approved, which can be an inconvenience for some.
“For me, it was super easy and self explanatory to set up. After I downloaded the app and scanned a QR code, clicked through a few buttons, I became enrolled,” Hawkinson said.
ITS employee and sophomore Clay VanOstrand elaborated on the inconveniences that MFA might pose for some students.
“It can be a bit of an adjustment, just because students are so used to logging in with their username and password. So, we have people coming into the library forgetting their phones, and therefore are locked out of their accounts,” VanOstrand said.
However, VanOstrand reaffirmed how real the risk of ransomware attacks truly are, arguing that it is important for students to enroll even with the adjustment period.
“I was with this one professor who just got locked out of everything. Her personal files, Colgate account and even bank records were compromised. She had no way of getting into her accounts to preserve any important personal data … The two step process of signing in with password/email and through another device is easy, but it adds a lot of security. While of course there is still a possibility for anyone to be hacked, it would have been way less likely with the Multi-Factor Authentication,” VanOstrand said.
In light of the University’s new MFA requirement, sophomore Katherine Liu spoke about her prior concerns regarding personal cyber attacks.
“I definitely am aware of cyber security attacks, but I never really imagined it could apply to me, or what I could do to prevent it. At least now with this new security, I can be proactive in ensuring my files are safe,” Liu said.
In an effort to further encourage student enrollment, ITS has promoted its Cyber Security Awareness Month every Tuesday and Thursday between 11 a.m. and 2 p.m. at Coop Dining Hall. Themes have included how to follow safe cyber practices, fend off hackers and fakes and find help at the IT Service Desk.
“I will be sending out emails with registration links to the population that has yet to enroll in the MFA,” Penn said.
Students should be looking out for an email, and more information can be found at the Colgate Multi-Factor Authentication website.