Information Technology
EKU Web People
A to Z Index IT Service Support Request
Menu

Why does EKU require students to 2FA/MFA

Is this really necessary?

Although the two-factor/multi-factor authentication process is designed to be as quick and painless as possible, you may find yourself wondering "is this really necessary?" or "Why does it apply to me?" if that's the case, read on to learn why.

Have you Ever...

  • Unwittingly clicked a link that led to a malicious website?
  • Failed to update your web browser or operating system promptly? 
  • Unknowingly downloaded software infected with a virus or other malware?
  • Used your initials, your birthday, or your dog's name as part of your password?
  • Written your password on a piece of paper or used the same password for more than one account?

Passwords Are no Longer Enough

Most of us are guilty of at least one of the above.  Thousands of student accounts are compromised each year as a result!

Even if you've avoided these common mistakes, an attacker may obtain your password through means outside of your control.  Because  of the many ways cyber criminals can and do obtain passwords, a password alone provides increasingly limited protection against unauthorized access. 

What's That Got to Do with Me?

An attacker with access to your account has access to financial information such as you and your parents' bank account or credit card numbers; your social security number; passport information; grades and other academic records; your address and phone number; and in some cases, even medical records.

How Bad Can It Be?

Without 2FA/MFA, attackers who gain access to student IDs and passwords through a phishing or other cyber-attack typically use them to log in to that student's accounts.  Once logged in, they can update any information the student has the ability to update.  If not caught, they may unenroll the student and even redirect tuition payments to their own pockets.

It's Not Just About You!

The damage may not be limited to the individual whose credentials were stolen.  A compromised account can have serious and far-ranging consequences.

The attacker can go on to use those credentials to gain increasingly greater access to other university systems.  They may also use that student's email address to contact and phish for credentials from other students. 

It's a Real Thing!

This is not a drill! The threat is not hypothetical--it's real!  The number of phishing attacks at EKU has risen sharply, as has the number of students who have unknowingly surrendered their credentials in response to a phishing email.

You Have the Power

By simply participating in two-factor/multi-factor authentication, you dramatically reduce the risk that your account will be used to hijack your own personal information or attack university systems.

The overwhelming majority of attacks cab be thwarted by 2FA/MFA.

It's the Smart Thing to Do

You could leave your unlocked car full of shopping packages in a mall parking lot--but why would you, when the simple touch of a button or turn of a key could so easily deter a potential thief?

It's the Easy Thing to Do

If you're like most students, you use your cellphone for several hours every day, accessing it hundreds of times.

The two seconds you use to approve a 2FA/MFA authorization request just may be the quickest, easiest, and most significant use you find for your phone all day.

It's the Right Thing to Do

In addition to protecting you and your fellow students, 2FA/MFCA protects EKU and the myriad of businesses, institutions, and individual who have relationships with the university.  EKU is committed to complying  with federal and state laws, honoring contractual agreements, and meeting the reasonable expectations of our students, staff, and affiliates regarding the security and privacy of our data.

It's the Only Thing to Do

The bottom line is that EKU requires all of its students and employees to use 2FA/MFA in order to comply with its legal, contractual and ethical obligations to safeguard the security and privacy of its systems and data.

Unauthorized access to sensitive personal or institutional data could potentially result in financial, legal, or reputational harm to the university, members of the university community, or third parties to which the university owes a reasonable duty of care. 

You're Part of the Solution!

Each EKU account is a potential entry point a cyber-criminal may use to gain access to personal information or university resources.  Think of 2FA/MFA  as a way of positioning a guard in front of each of those doors.  Your participation in 2FA/MFA helps ensure that your account is not an unguarded point of entry!

Do it for yourself. Do it for your fellow students.  Do if for the university. Just do it.

 

Contact Information

IT Service Desk
support@eku.edu
it.eku.edu
859-622-3000

About EKU

My EKU

Quick Links

Resources

Information Technology

Eastern Kentucky University IT
Keen Johnson Ground Floor | 521 Lancaster Avenue
Richmond, KY 40475
(859) 622-3000

Syndicate

Subscribe to Syndicate
© Copyright Eastern Kentucky University 2011 | EO/AA Statement | Privacy Statement | 521 Lancaster Ave, Richmond, KY 40475 | (859) 622-1000