Introduction
In UISO’s mission to protect university data and personal information, we are focusing this month on one of the most effective security tools available: Multi Factor Authentication, also known as MFA. You have likely already enrolled in MFA for many of the services you use, but it is important to understand its benefits and how it works.
Beyond the Password
Nowadays, passwords alone are not enough. Criminals can easily steal passwords through phishing emails, data breaches, and malware. Once they have your password, they have full access to your account if MFA is not enabled.
MFA adds an extra layer of security. Even if a hacker steals your password, they are highly unlikely to also have your second factor.
Accounts with MFA enabled are 99.9% less likely to be compromised in phishing or credential theft attacks. Enabling MFA is the single most important step you can take to protect your accounts.
How MFA Works: The Three Factors of Authentication
MFA confirms your identity by requiring two or more pieces of evidence from the following categories:
- Something you know: a password or PIN
- Something you have: your phone, a security key
- Something you are: your fingerprint, face, or retina
After you correctly enter your password, you must then provide a second form of verification from a different category.
Common MFA Methods:
- Authenticator Apps Recommended: Apps like Microsoft Authenticator or Google Authenticator generate a time based, one time code on your smartphone. This is one of the most secure and convenient methods, as it does not rely on cell service.
- SMS or Email Codes: A code is sent via text message or email. While this is better than no MFA at all, it is considered less secure because SMS messages can be intercepted.
- Hardware Security Keys: Physical devices, like a YubiKey or Titan Key, that you plug into your computer or connect to via NFC. These offer the highest level of security for high risk accounts.
Steps to Enable MFA on Your Accounts
While the university mandates MFA on many internal systems, we encourage you to enable it on all your critical personal and professional accounts such as email, banking, and social media. The process is generally very similar:
- Log in to your account and go to Security Settings.
- Look for and select the option to Enable Multi Factor Authentication it might also be called Two Factor Authentication or 2 Step Verification.
- Choose your preferred verification method. We recommend an authenticator app and follow the setup prompts.
- Save your backup codes in a secure location like a password manager. These are helpful if you lose your phone or MFA device.
MFA Best Practices:
- Use an Authenticator App When Possible: Use an app over SMS for a more secure and reliable experience.
- Protect Your Backup Codes: Treat these codes like spare keys. Keep them somewhere safe but separate from your main device.
- Notify the IT Help Desk for Assistance: If you lose the phone or device you use for MFA, contact the IT Help Desk right away. We can help you regain access to your account using your backup codes or other verification methods.
- Different Methods: Set up more than one MFA method if the service allows, like an authenticator app and a phone number. This gives you a backup option.
Need Help?
We are here to support you in securing your accounts.
- Visit our IT Security MFA Guide for detailed, step by step instructions for university systems: https://www.luc.edu/its/loyoladigitalexperience/multi-factorauthentication/
- Contact the Information Security Office for assistance with setup or troubleshooting.
Conclusion: Security is a Shared Responsibility
Enabling MFA is a simple action with lots of preventative benefits. By taking a few minutes to set it up, you are directly contributing to the protection of your own data, and the entire university community. Thank you for doing your part to keep our digital environment secure.