Multi-factor authentication becomes available to all UWRF students this fall semester

This semester, UW-River Falls has introduced a new two-factor authentication option to students called DUO. This form of multi-factor authentication was available and required last year for all staff, faculty and student employees. It is now an option that is open to everyone on campus.

Two-factor authentication is especially advised by DoTS and it provides extra security for users when using their UW related accounts such as Canvas or Outlook.

One of the largest security concerns for DoTS regarding student data on campus is the compromise of student accounts and the result of accounts being used for scams.

“When you look at the focus that we have surrounding multi-factor authentication and getting people engaged with with it this fall, it’s really a push to minimize a lot of these risks,” explainedKen Ries,Campus Chief Information Security Officer.

This form of security has been shown to be very secure for users. According to a Microsoft report, two-factor authentication is 99% effective and blocks several compromise attacks.

The Department of Technology Services is advising students to use DUO to protect their accounts in order to protect themselves from the dangers of hacking and falling victim to scams.

“We would really like students to secure their own data,” said Reis.

Currently, the UW system does not require all students to use the two-factor authentication, but DoTS assumes that this could eventually become a requirement for all students to establish absolute safety for personal data. Joe Kmiech, UWRF’s Chief Information Officer, also talked about the protection that DUO provides. Two-factor authentication can help protect against security breaches and the compromise of larger databases as well.

One of the most common forms of scams that DoTS sees on campus is called a “phishing attempt,” this can occur when a UW member on campus becomes compromised and a scammer may pose as them. It could be a student, staff member, or faculty member and their name and account is being used to send out spam emails that are scam attempts. These emails are usually asking for money in some form, such as gift cards.

Both Ries and Kmiech explained that money is usually the overall motive behind these hacking attempts and having a multi-factor authentication system on accounts can help prevent the majority of these attacks.

Although DoTS has not seen any extreme scams at UWRF, it is still a principle concern and DUO is something that can prevent almost all of these instances. The way the two-factor authentication works is by having a second step after logging into an account. Once the login information is entered, another page is presented and this is where a code is typed in or a  confirmation action is required through another device. These specific codes and actions are unique to each person using DUO and according to Kmiech, this makes the two-factor authentication very secure. The main idea surrounding DUO, is to require multiple actions before being able to actually enter any given account.

This is a process being adopted across many platforms. It can be used with social media accounts such as Instagram and Facebook and can also be added to personal banking accounts. “I would encourage everybody to use multi-factor authentication wherever they could,” said Ries.

According to Ries, the need for more advanced information security on campus is due to both a ride in issues surrounding the concept of information security as well as a rise in concern. Ries said, “there are more bad actors out there trying to get through our firewalls and through our email systems, they are getting more clever and smarter, which results in us using more advanced tools.”

Because of the potential dangers that come with security breaches, there is a need for more advanced measures. “It’s a race, and we need to keep up,” said Ries.

To enroll a device with DUO, students can go to DoTS, located in the basement of Davee Chalmer Library. Both Ries and Kmiech talked about enrolling a device easy and quick and having the two-factor authentication can go a long way when it comes to protecting data. Another way to enroll a device is online through the UWRF technology website: technology.uwrf.edu.