Multi Factor Authentication (MFA)
Why is MFA important?
The CSU and Stanislaus State have responsibility to protect the information we collect or create in the process of conducting the activities of the institution.
Advances in computing and threats are highlighting weaknesses of traditional username and password (single factor authentication). With sophisticated and targeted social engineering, malware, and network-based attacks the traditional username and password combination to assert and prove identity for access is no longer considered safe, secure, or best practice for access to sensitive information systems and data. By requiring more than just a username and password credential compromise becomes far more difficult than in the past.
For these reasons the CSU is actively moving beyond just needing a username and password for access to level 1 data and the systems that host it.
What is Multi Factor Authentication?
Multi factor authentication is a challenge/response form of authentication that relies on at least 2 factors to decide you are the owner of the identity you are claiming. We are all familiar with single factor authentication, the traditional username and password combination. MFA relies on something know, like a password, and something you have or something you are which is connected to your identity. Something you have may be a phone or a code generating token associated with your account. Something you are may be a fingerprint, facial recognition scan, or iris scan; also known as biometrics.
How does it work?
The CSU is using Duo Security as the provider of the MFA services. More information on Duo can be found at thier site https://guide.duo.com/
Who needs to use MFA?
Individuals with access to sensitive data of others will need to use MFA to log into systems or services hosting the data.
Where can I enroll and use MFA now?
Stanislaus State’s new employee virtual private network (VPN) services uses MFA for authentication. At your first logon you will be prompted to enroll.
Enroll and download the VPN client here https://ssovpn.csustan.edu
What should I know or have before I start the enrollment process?
- SMS capable phone,
- the Duo Security app, or
- a code generator token
Employees who do not have a phone capable of receiving SMS messages or running the app from Duo Security can get a code generating token issued by OIT.
What if I do not have an iOS or Android device?
SMS messages or a code generating token are alternative options to the Duo supported mobile device options.
How much does the app cost?
It is free for download and use.
Do I have to do MFA for everything?
Right now, no. With the CSU's continued focus on securing level 1 data more applications hosting or facilitating access to level 1 data will begin requiring the use of MFA as part of the authentication process.
If I use the iOS or Android app can I use it for other services that support MFA?
Yes, there are other organizations and services that use MFA from Duo Security or support the one time PINs the app generates and you can use the app with those organizations or services if you would like.