Cybersecurity Awareness Month 2017: Using multi-factor authentication to protect against identity theft
Picture a hacker sitting at the log-in screen moments away from accessing your bank account information. Due to a successful targeted phishing attack, the hacker has successfully obtained your credentials and/or security questions necessary to gain access to your account. He hopes that when he logs in, he’ll be able to transfer funds to any account of his choosing. However, when the hacker types in your username and password and hits “Enter,” he is denied access and sees the phrase “Please Enter Your Authorization Code.”
That single phrase signals that you’ve protected your account with multi-factor authentication (MFA), and a hacker, simply knowing your username and password isn’t going to cut it. MFA is an additional layer of security that requires more than one form of verification in order to grant access. Typically, MFA requires at least two pieces of evidence from two or more categories:
- Something you know, such as usernames, passwords, and security questions
- Something you have, such as a verification code sent to your mobile device or email
- Something you are, such as fingerprint or retinal scans
While there is no “silver bullet” to security, MFA hits the closest. Its additional layers of security make it much harder for someone to gain access to vital information through identity theft. VUIT strongly suggests that you always set up MFA (if available).
The university is currently researching and testing MFA products. VUIT intends to make MFA available for crucial systems, such as email and VPN, in the near future. Additional layers of security like MFA will help the university address risks stemming from critical applications and services.
For more information about multi-factor authentication, email VUIT Security Operations at vuit.security.operations@vanderbilt.edu.