ITS Begins Multifactor Authentication Rollout for Students
Iowa State University Information Technology Services (ITS) has entered the second phase of multifactor authentication (MFA) implementation and will begin enrolling students this fall, with a target of having all students registered by the end of spring semester 2020.
MFA — a security measure that requires something users know, such as a password, and a second factor users have, like a mobile phone, to log in to an account — has been available to university students, faculty, and staff since March 2018, when ITS implemented Okta, a cloud-based identity and access management platform.
Over the course of a year-long targeted enrollment campaign coordinated by ITS and departmental IT staff across campus, all university employees were registered for MFA. Now, after a successful year spent focused on faculty and staff, ITS is turning its attention to securing the accounts of Iowa State’s nearly 35,000 students.
“Passwords can be cracked, stolen, or given away,” said ITS Identity Services Manager Darin Dugan. “Good secondary factors like a mobile phone authenticator app or a single-use code delivered through a text message are much more resilient to attacks, which is why multifactor authentication is so important to safeguarding Iowa State’s students and their accounts.”
This fall, students who have not already enrolled in MFA will find an “activate multifactor authentication” icon on their Okta dashboard, located at login.iastate.edu. To activate MFA, students should click the icon, which will open a new tab with additional information, then click the “activate” button at the bottom of the page. At their next sign in students will be prompted to configure factors.
Once registered, students can activate and edit their preferred MFA security factors, which include the Okta Verify app, text messages, phone calls, the Google Authenticator app, and YubiKey tokens (a device similar to a USB drive).
Okta Verify allows users to be sent a push notification — with approve and deny buttons that appear in the app whenever an account login is attempted — or a one-time use code. Text messages, voice calls, and Google Authenticator also provide a one-time code to be used during each login attempt. YubiKey tokens, available through TechCyte, can be linked to student accounts and plugged into a USB port to gain account access.
Students are strongly encouraged to set up more than one form of verification.
“We encourage all university users to activate as many additional factors as possible,” said ITS Director of Enterprise Services and Customer Success Mike Lohrbach. “Activating multiple factors ensures that even if someone’s usual method of authenticating is unavailable, like their cell phone isn’t charged or they left their Yubikey at home, they will still be able to access their information.”
Once MFA is enabled, students will be prompted to use their additional factor of choice when signing in to their university account. When logging in on personal computers and devices, students can select a "do not challenge me on this device again" option to skip the MFA step when using a specific web browser on that device in the future. This option should not be used on shared or public-use computers and devices.
In addition to enrolling in MFA, students are encouraged to set up password recovery methods through their Net-ID profile, including a secondary email and mobile phone number.
“The IT Solution Center received over 7,500 password reset calls in 2018,” said Brent Black, IT Solution Center manager. “Setting up password recovery during the MFA enrollment process means you can conveniently reset your password at any time without assistance.”
ITS intends to have all students registered for MFA by the end of spring semester 2020. Students who do not enroll on their own by the end of the year will be automatically required to use MFA when signing in to their account starting in early 2020. To date, over 20,000 Iowa State faculty, students and staff are enrolled in MFA.
Any students seeking assistance with MFA enrollment or experiencing challenges with logging in after enrolling should visit the IT Solution Center in 192 Parks Library. The IT Solution Center can also be contacted at 515-294-4000 or firstname.lastname@example.org.