While some may find Multi Factor Authentication inconvenient, it’s a necessary precaution to prevent account compromises and fight phishing attacks. Alex Weinert, director of Identity Protection at Microsoft, claimed in a 2019 blog post, “your account is more than 99.9% less likely to be compromised if you use MFA”
What is MFA
Multi Factor Authentication is a way to login to your account using two verification measures. At Fordham University, when you want to login to my.fordham.edu, you provide your password and accept a notification, phone call, or passkey on Duo Mobile. Duo Mobile is one of the leading MFA applications because it offers three methods of authentication for users to choose from when logging in. Credentials can easily be guessed or harvested but when a hacker tries to login to your email, they can’t unless you approve it first.
MultiFactor Authentication doesn’t have to just be a third party app, when users set up their fordham.edu account, they set questions and answers for knowledge based security questions, these also add another layer of protection against attackers who are trying to brute force guess passwords.
My personal favorite and the one that I personally use and feel is the most secure, is a physical key called a Two-Factor Authentication Key. This key allows you to log in to an account and have to physically plug the key into your device to allow you to log in. If your account has been compromised and an attacker has your password and they attempt to log in, they will not be able to as long as you have this physical key as your primary Two-Factor Authenticator. A huge benefit is that now you have a physical key for 2FA, it can’t be compromised via the Internet, and you will know its location at all times.
If You Didn’t Login Into Your Fordham Account, Don’t Accept Any DUO Notifications.
Do not Click the green check on the app. If you receive a call from duo mobile asking you to authenticate, Press 1. Do not Give the texted code to anyone.
These are safeguards to ensure you are the person who is accessing private applications. If you are not the person requesting DUO authentication, then someone else is. Don’t give them access!
If you become bombarded with duo notifications that you didn’t induce or accidentally accepted a push notification that you didn’t authorize, contact Fordham IT to determine the security of your account at 718-817-3999.