Toggle navigation
Additional Navigation

National Cyber Security Awareness Month topic: multi-factor authentication

Part two of the Campus Technology Services (CTS) National Cybersecurity Awareness Month series covers multi-factor authentication (MFA), how it protects your accounts and how to be safe using it.

Due to trends in cyberattacks and advancements in technology, using only passwords is no longer considered a secure way to protect user accounts and data. Multi-factor authentication is the addition of another layer of security on top of a password. Examples of multi-factor authentication methods include apps tied to hardware like a mobile phone, a physical authentication device or a text message to a specific phone number.

Though any MFA is better than none, the methods available differ in terms of their strength of security. CTS recommends using an authenticator app when possible as it provides the strongest security compared to other methods. Using an authenticator app does not require cell coverage. Even with MFA it is still important to be aware of what happens with your accounts. Always look out for the following things when using MFA.

  • Always verify where a MFA request is coming from. If the message is coming from somewhere you don’t recognize, do not allow the login to proceed.
  • Be aware of where you are trying to log into your account. Fraudulent sites may request a MFA code from you in an attempt to break into your account.
  • If you receive many MFA messages in a row or a message at a strange time of day for the account in question that you aren’t using, change your password immediately as the account’s password may be compromised.

To learn more about how SUNY Oswego is using multi-factor authentication, please visit the MFA website. If you have not already done so, please make sure to configure the Microsoft authenticator app as another layer of security. LakerApps (Gmail, Calendar, Drive) requires a separate multi-factor configuration which can also take advantage of the Microsoft authenticator app. CTS highly recommends following Google’s instructions on how to set this up.  

For more information on best authentication practices, review section 1, “User Authentication,” of the Web Security: User Authentication And Access Control LinkedIn Learning course.

-- Submitted by Campus Technology Services