In an effort to better secure Enterprise Business Systems, MSU’s resource for payroll and finance data, the university has adopted a two-factor authentication for its users, including faculty and student workers.
By creating this protection, MSU is moving to a more modern standard of cybersecurity.
The new method asks for two different requirements to access an account — a more secure method than username and password alone. A NetID and password will be required, as it is now, but they will be followed by a six-digit code sent to a second source, such as a cell phone or email.
It compares something users have to something they know, said Beth Bonsall, media relations for IT Services.
The two-factor authentication security system will be rolled out to student systems in the future. As of last Friday, it is only available for EBS users.
Bonsall compares this system to how an ATM card works — to withdraw money, the individual must have the bank card and know their PIN number.
Even though the security method is not yet available for student MSU accounts, assistant professor of journalism and media and information Rick Wash suggests students use this system for other online accounts.
Wash recently conducted a study on the cybersecurity decisions home computer users make.
These users have to figure out a way to protect themselves of their own accord, he said.
“A lot of people talked about how they are threatened by hackers, but different people had different ideas of what a hacker is,” Wash said. “Depending on the view you had, you made different decisions.”
Some saw these hackers as teenagers in their parents’ basements, while others thought they were trained professionals. For the people who saw them as professional criminals, they felt that they were not a target because the hackers were going after the “rich and important” people.
Wash explained there are over a million people who have access to a user’s computer, and they can be targeted by anyone in the world.
He suggests using two-factor authentication on all personal online accounts, including Google, Apple, Facebook and Dropbox, to protect oneself.
A majority of security issues begin when users are prompted to enter their Google information, for example, on a non-Google site. This is a common way for hackers to gain passwords.
Media and information doctoral student Mengtian Jiang is a research assistant for the Online Safety for the Ages project, which looked at different age groups and their awareness about computer theft.
Jiang and her partners went to participants’ homes to observe their habits. Users commonly have the same passwords for multiple accounts, and found users commonly keep a password book near their computers.
College students have started using software to store their passwords and account names. Jiang refers to this as a “generational difference.”
Turning on two-factor authentication can protect users even if a hacker figured out a password.
“Two-factor authentication is a great idea for the university. It doesn’t seem quite as important for students, but the same idea exists (for other online accounts) and it is a really good idea,” Wash said. “It’s better to have the protection than not.”
