UWS & Multi-Factor Authentication
Following this summer's cyber incident, the University continues to work hard to re-establish systems, with a particular focus on activating the priority systems required to underpin admissions, enrolment, induction, and teaching and learning.
However, as our systems are brought back on line, additional and enhanced digital security measures are being rolled-out to minimise the potential of such an incident in the future.
One such measure is the roll-out and use of Multi-factor Authenication (MFA) to access our networks and systems.
What is Multi-Factor Authentication (MFA)?
MFA is an authentication method that requires you, the user, to provide two or more verification factors to gain access to one of our resources such as an application, online account, or a VPN. MFA is an industry-wide core component of a strong identity and access management (IAM) policy. Rather than just asking for a username and password, MFA requires one or more additional verification factors, which decreases the likelihood of a successful cyber attack.
Why is MFA Important?
The main benefit of MFA is it will enhance UWS's digital security by requiring you to identify yourself by more than a username and password. While important, usernames and passwords are vulnerable to brute force attacks and can be stolen by third parties. Enforcing the use of an MFA factor like a thumbprint means increased confidence that UWS will stay safe from cyber criminals.
How Does MFA work?
MFA works by requiring additional verification information (factors). One of the most common MFA factors that users encounter are one-time passwords (OTP). OTPs are those 4-8 digit codes that you often receive via email, SMS or, in the case of UWS, the Microsoft Authenticator App. With OTPs a new code is generated periodically or each time an authentication / access request is submitted.
At UWS, you will need to set up the Microsoft Authenticator app in your smartphone first. The code is generated based upon a seed value that is assigned to the user when they first register and some other factor which is particular to the app itself. But, the important factor is that this is uniquely tied to your smartphone upon set up and means that access is specific to you and you alone.