Now that you've learn how to create a secure password. Let's learn about more security techniques available to us.
Hypothetically, let’s say a malicious actor manages to crack your safe and secure password. Wow! Sounds like it's game over, right?
In theory, the hacker will now have access to your ESU account, important files and emails. Along with your personal information and the the ability to edit your account. Moreover, if you had access to other people’s personal information (by way of your job functions), the attacker will also be able to access that information!
But, what happens if you have Multi-Factor Authentication (MFA) enabled?
The hacker, who has your password, would now also need your second factor to actually log into your account. That just tipped the scales dramatically in your favor. Even though your password is in the hand of the attacker, your second factor, usually a cell-phone application, is safe and sound.
When the attackers try to log in, all they will get is a prompt for the 2nd factor, which they will not have. WIN for the Home Team!
So, while using MFA to log into your account adds an extra step, it is huge in keeping our information out of the wrong hands! It is why many companies are now moving to MFA, to secure accounts against fraud and identity theft.
ESU has begun deploying MFA to our campus staff and faculty and will continue to increase and improve our MFA options as the year progresses. As we do so, please remember that we are striving to keep your information out of the hands of all malicious actors that wish us harm.
Here are some things to remember regarding MFA options:
- Always opt in for MFA for accounts where it is offered, especially those that contain personal or financial sensitive information.
- When selecting an MFA option, we recommend using a smart-phone application (such as Microsoft Authenticator) as the most secure option. These applications will typically allow you to enter a code or use a “push notification”. Both are secure, but the push notification is the most convenient as it asks you to verity that you just attempted to log in.
Selecting the option 'yes' (or checkmark for some apps) and you are good to go. - If you use the text or call option instead, always remember to select a device or phone number that you will have access to when logging into your account.
Remember, a password without MFA is like a car without a seatbelt. Sure the car offers some protection, but if the worst happens, you will be glad you had that seatbelt on!