Body
Overview
Traditionally, securing an electronic account was done by entering a username, and then typing in a PIN, or password, commonly referred to as "something you know." Multi-factor Authentication (MFA) is a form of security that protects an account with multiple layers of authentication. One of the most common forms of MFA in use today is called Two-Factor Authentication (2FA). In 2FA, an extra layer of security is added by requiring a person to validate with something they physically have.
MFA is quite simple, and many organizations are increasing efforts to create a smooth customer experience. You probably already use MFA in some form. For example, you've used MFA if you've:
- Swiped your bank card at the ATM, and then entered your PIN (personal ID number).
- Log in to a website that sends a numeric code to your phone, which you then enter to gain access to your account
MFA is a way of enhancing security associated with an identity that allows you to preset two, or more, pieces of evidence - your credentials - when you log in to your account. Your credentials fall into any of the following categories:
- Something you know (like a password, or PIN)
- Something you have (like a smart card, authenticator app, or security key)
- Something you are (like your fingerprint)
MFA requires credentials to come from at least two categories to enhance security - so entering two different passwords would not be considered multi-factor.
In this article:
An Example of MFA in Use
Let's look at a simple scenario of how MFA is commonly applied: logging into your bank account. If you've turned on MFA, or your bank turned it on for you, typically you'll start by typing in your username and password. Then, as a second factor, you'll use an authenticator app, which will generate a one-time code that you enter on the next screen. Then you're logged in – that's it.
Credit: NIST/Natasha Hanacek
In many cases, it's even easier than that. Most MFA systems will remember a device. So if you access the service from the same device, the site remembers your device as the second factor. Between device recognition and analytics, the bank is likely performing - such as whether you're logging in 20 minutes later from another country - most of the time the only ones that have to do any extra work are those trying to break into your account.
Benefits of Using MFA
MFA helps protect you by adding additional layers of security, making it harder for individuals, or groups, to impersonate you. It helps to protect you and the University of Alaska from the risks associated with phishing scams, and other forms of password theft.
A person's passwords can be compromised by many different methods: guessing, hacking, watching you type the password, malware installed on a computer that records keystrokes, and capturing passwords sent over compromised network connections, among others. Even the most careful person cannot be certain their passwords are never compromised by one, or more of these attacks.
With MFA, your information is safer because these bad actors would need to steal both your password and your physical device (e.g. your phone). You would definitely notice if your phone went missing, and you could remove its ability to access your various online services before the thief could use it to log in. Additionally, you should have your phone set to automatically lock after a period of inactivity, requiring a PIN, fingerprint, or facial ID to unlock it, rendering it even less useful if someone was trying to use your MFA credentials. Using MFA is one of the top things you should do to protect your security online.
When Should You Use MFA
You should use MFA whenever possible, especially when it comes to your most sensitive data. Some external organizations require you to use MFA, others offer it as an option that you can enable.
Several services offered by the University of Alaska (UA) system allow you to opt-in to MFA. At UA, MFA services are offered in UAOnline, UA Blackboard, UA Google Workspace, Banner, DegreeWorks, MyUA, GlobalProtect VPN, UA Microsoft 365, and other services using UA SSO.
How do I use MFA?
The UA System employs Cisco's Duo Security ("Duo" for short) as its multi-factor authentication service. To get started on setting up your first Duo MFA device, please visit the following Knowledge Base article, Setup Multi-Factor Authentication with Duo.
Need additional help or have issues
For support, requests may be submitted anytime using the Questions or Assistance with Multi-Factor Authentication form. Requests generate a Ticket which will be worked in order received and urgency by UAA Employees with the knowledge and permissions to assist with the request.
For additional assistance contact the IT Services Technical Support Center via phone at (907) 786-4646, toll-free at (877) 633-3888, text "Support" to (844) 705-0262, or email us at uaa.techsupport@alaska.edu.