Come next semester, Mississippi State University students will have to go through an additional step to log into university networks.
The university is making two-factor identification mandatory for all students. Two-factor identification means students will be required to identify themselves using both their computer and another device before being allowed into university networks and accounts. Faculty and staff are already required to use two-factor identification. While several universities across the country and across the SEC require two-factor identification, MSU is the first in Mississippi to do so. The university is using a two-factor identification program from the Duo Company.
“The problem is we’re trying to protect our students’ and our staff’s personal identifiable information,” said office of the chief information officer security and compliance officer Tom Ritter. “We get an awful lot of phishing attacks where they send a fake email and they try to make it sound very urgent and critical that somebody do it, and they would often be able to capture a person’s username and password.”
Ritter explained how the identification works.
“When they go into log into Banner or our course management system they enter their username and the password like they normally did,” Ritter said. “Then another screen comes up, and from that screen they can send a push notification to their phone if they’ve installed the app. If they have the app, they look at it, they confirm that is a real place, that it’s really them. Then they say approved.”
Students without smartphone capabilities will be issued a fob, which will serve as the second piece in their two-factor identification. Students needing a fob, or having any other questions regarding two-factor identification can go to the IT help desk in Allen Hall. As of now, 45 percent of the student body is already set up with two-factor identification. Students enrolling with Duo prior to Nov. 30 are eligible to win a drawing for a $100 Amazon gift card.
“The student government was out making sure that the students were aware of this,” Ritter said.
He said the university was considering two-factor identification to be a recruitment tool, along with its emphasis on cybersecurity in the classroom and research.
“This year, when we did our cybersecurity awareness week, Duo two-factor was prominently displayed,” Ritter said. “They gave away T-shirts and tried to raise awareness with students about these issues.”
Ritter said once students were aware of the issues, they were usually cooperative about setting up two-factor identification. In addition to two-factor identification, the university’s information security program
constantly looks for any holes in university networks. However, he said the biggest part of keeping the university’s data and network safe was making sure users were aware of threats and exercise good judgment with information.