Basic Do’s and Don’ts for Boosting Adoption of Multifactor Authentication

University IT teams should follow these best practices to deploy an added layer of security.

Higher education institutions are very susceptible targets for cyberattacks, yet some people on campus are still not practicing the most basic cyberhygiene.

A Keeper Security survey found that 87 percent of respondents ages 18 to 30 reuse the same password, meaning that if a hacker gets one set of credentials, many online accounts could be compromised.

This is why more and more universities have turned to multifactor authentication (MFA), which asks users to provide other kinds of identification — such as a fingerprint — in addition to a password.

“Some universities are very rapidly adopting multifactor authentication. That usually begins with implementing it for a system administrator or people with privileged IT access,” says Mike Chapple, an associate professor of IT, analytics and operations at the University of Notre Dame. “Recently, with the growth of phishing campaigns and other methods that people are using to steal passwords, we’ve seen faculty, staff and students using it as well.”

As universities roll out multifactor authentication for all users, IT staff can follow some best practices to make sure it goes smoothly.

SIGN UP: Get more news from the EdTech newsletter in your inbox every two weeks!

Keep Users (and Systems) in Mind When Choosing a Solution

When deciding to switch to MFA, Chapple suggests that IT staff start by making sure that the solution they pick will fit with all of the other technical systems they have.

Next, IT staff should make sure that the tool will work similarly across the wide variety of devices found on college campuses.

“To me, the most important thing is finding a system that’s going to be very user-friendly,” says Chapple.

Don’t Underestimate User Knowledge of MFA

More often than not, Chapple says that users think an MFA solution will be more trouble than it actually is. Generally, he says, most people on campus have already encountered an MFA tool by using online banking or other secure services. While users might not want to take an additional step to log in, Chapple says most people on campus are probably quite familiar with why MFA works.

“I think the threat of having an account stolen has become widespread enough that people actually understand the vision and that we’re doing it to provide better security,” he says.

Practice IT Change Management Tactics

While users will generally understand multifactor authentication, IT staff and administrators should tackle the new tool the same way that they would any other end-user technology, according to Chapple.

Following typical change management tactics, Chapple recommends that campus IT leaders make sure that campus users:

  • Know an MFA tool is coming
  • Attend training to learn how to use the tool
  • Have the tool on their device

Once the changeover to MFA has occurred, Chapple says that IT staff should be ready to help users who might have missed the change management steps and don’t know how to use the tool.

ValeryBrozhinsky/Getty Images
Feb 20 2018