Fordham’s University Information Security Office (UISO) is planning a school-wide initiative to protect Fordham applications from breaches and data.
The login process will be changed to include Multi-factor Authentication (MFA) to improve account security with a layered defense to make it more difficult for an unauthorized person to access sensitive information. In order to authenticate, or prove your identity, MFA requires something you know (your password) and something you have (a mobile device or phone). After entering their Fordham AccessIT ID and password, users will be required to respond to a prompt using a mobile phone, landline, tablet, or token.
“Stories on data leaks and password compromises are all over the news,” said Tams Mathew, director of application security. “MFA is being used already to secure ATMs, online banking and credit card purchases. We want to take the same precautions.”
Password breaches are on the rise due to phishing schemes, guessing of weak passwords, and extensive password reuse. This extra form of identification will ensure that Fordham University accounts cannot be accessed even if passwords are compromised.
MFA will secure access to systems and data via my.Fordham and through Fordham VPN and virtual desktops (VDI).
Fordham will be using Duo, a security service that provides an application that can be downloaded onto any smartphone or tablet and used to validate a user’s identity. Other options include having a Duo passcode sent by text or by a call to a landline. In some cases a token will be used.
The choice to use Duo was made because of its simplicity, supportability, and the options it offers, said Tams. Duo is used by hundreds of institutions across the nation, and is the MFA leader in higher education.
“We wanted to pick a company we can trust and that provides a service the Fordham community can integrate into their routine easily.”
Fordham IT will provide support to all faculty, students, and staff prior to the initiative’s launch at the beginning of next year.