Early Bird

The importance of MFA

Why you should use Multi-Factor Authentication.

By Sylvia Valdez

October 22, 2020

You may have noticed a major change to the way you log in to your Metropolitan State University of Denver account this past year. While you still provide your NetID and password, you must also provide additional verification through a phone call or authenticator app. This additional layer of authentication is called Multi-Factor Authentication and helps safeguard secured systems and information. But it has left many users asking, “Why do I need MFA on my account?”

• Passwords are not enough protection. “A password by itself is not enough to protect your accounts,” says Mike Hart, MSU Denver’s chief information-security officer. While complex and secure passwords are still important, cyberattackers have developed many methods to compromise a password. By requiring a second layer of security with a different type of authentication, MFA can help prevent 9% of account-compromise attacks, such as brute-force logins or credentials stolen via phishing campaigns or other methods.
• Weak/stolen credentials can easily be found and used. An unfortunate reality of the high-tech, interconnected world we live in is that, once data is made public on the internet, it can never be private again. This is especially true for sensitive data, including credit-card information, banking numbers and, yes, login information. Once an account has been compromised, the username and password for that account quickly become available to a wide variety of cyberattackers. Of course, if an account has MFA enabled, someone with only the password still won’t be able to access the account and the account owner may be notified of the attempted login, prompting them to change a password they otherwise may never have learned was compromised.
• Any business can be the victim of a cyberattack. If you consider all the different accounts you have created over the years, whether for personal or business use, you may realize how many businesses have stored some of your data. All these accounts could potentially be compromised because of a data breach within the business or company managing that account. It is therefore important to protect all your accounts to the best of your ability, including using strong, single-account passwords and MFA if available. You can visit haveibeenpwned.com to check if an email account you own has been involved in any data breaches.
• Cyberattacks do more than just steal your data. While attackers are primarily looking to access and compromise user accounts, this is far from their only goal. Once inside an account, an attacker will attempt to gain as much access to privileged or sensitive systems as possible. At MSU Denver (as with any organization), MFA not only protects individual user accounts but also protects the University from attackers who are looking to destroy, change or use our data maliciously.

MFA is becoming a standard in a variety of industries, including banking, health care and education. With the high level of added security that MFA provides, it is no wonder so many businesses continue to adopt it. Information Technology Services strongly recommends you enable MFA on any account that has the option.

Please visit the MFA knowledgebase page if you would like more information about MFA at MSU Denver. If you have any questions or would like assistance changing your account’s MFA settings, please contact the ITS Service Desk at 303-352-7548, submit a ticket through support.msudenver.edu or email support@msudenver.edu from your MSU Denver email account.

This is the fourth article in a series that is being published weekly in the Early Bird throughout October in support of National Cybersecurity Awareness Month. Next week: cybersecurity training for MSU Denver employees.