Cybersecurity Awareness Month 2024
Week 1
Getting Hacked Sucks
– Enable multi-factor authentication when available to secure your accounts.
Multi-Factor Authentication
Expand the sections below to learn about multi-factor authentication.
Multi-Factor Authentication (MFA) is a security mechanism that provides an additional layer of protection by verifying digital users through at least two authentication factors. There are three common types of authentication factors:
- Something you know: This refers to information known only to the user. For example: unique passwords, security questions, PIN codes.
- Something you have: This refers to something that the user owns. For example: a smartphone or a security token.
- Something you are: This factor refers to something that is exclusive to the user. For example: biometrics (e.g. fingerprint, facial scan).
Multi-factor authentication is the most effective way to protect your accounts. With multi-factor authentication, even if a password is compromised, a malicious actor would have to obtain an additional piece of information to gain access. When offered to “enable” or “turn on” MFA on your personal accounts such as Facebook, Amazon or Google, we strongly encourage you to do so.
At LSU, MFA is offered for all applications behind Microsoft authentication such as Workday, LSU email, Teams, Box, and Zoom.
All users will need to configure two methods for MFA: one as a primary method and a secondary method to be used as a backup. It is recommended that MFA be configured on different devices to ensure that you do not lose access in the event that a device and/or phone number change.
While multi-factor authentication is one of the best ways to secure your accounts, there have been instances where cybercriminals have gotten around multi-factor authentication by tricking users into approving a malicious sign-in attempt.
In a “MFA Fatigue Attack,” hackers that have stolen a user’s password may generate several MFA approval notifications or phone calls in a short period of time, hoping that the account owner approves one of the verification requests due to confusion or annoyance. Cybercriminals also can also use phishing messages and malicious “man-in-the-middle” websites to intercept a user’s sign on attempt and MFA approval, or the attackers may impersonate IT support and request your MFA code or instruct you to approve a specific login. In these cases, if the MFA request is approved or provided to the attacker, it can grant the cybercriminal access to the account.
Therefore, if you are receiving multi-factor authentication log-in requests when you aren’t directly trying to log in, do not approve the requests!
If the request is for your LSU account, you can submit a “Fraud Alert” via the MFA phone call or app notification, or you can contact the Service Desk at 225-578-3375 or by email at servicedesk@lsu.edu.
If the MFA request is for a sign-in with another account, consult that service’s support for further information.
In any case, if you receive an unexpected MFA approval prompt, change your password for the account ASAP to prevent further malicious sign-on attempts and MFA verification requests. Also, if you reuse the potentially compromised password, change it for any other account that uses it (this is why every password should be unique).
Don’t let this deter you, though. Multi-factor authentication is typically very safe, and it is one of the best ways you can bolster the security of your data!
Test your knowledge, get coordinates, scan codes, and be entered to win.
Ready to play?