How to Convince Your Campus That MFA Is Worth the Effort

No student, faculty or staff member on your campus wants their identity stolen.

But do they want to take a few extra seconds to pull out their phone, pick out pictures of traffic lights to prove they’re human or do anything else beyond just remembering their passwords (which is hard enough in the first place)? Well, you know the answer to that.

I rage-tweeted so much last night that I broke my phone.

And now I can't log in to any university websites because I can't use the two-factor authentication app, so I can't grade.

🙃

— 🇺🇦🔥🌻 Courtney E. Thompson 🌻🔥🇺🇦 (@Dr_C_Thompson) May 3, 2022

When university you're going to won't let you login to your account unless you get an two factor authentication app and gives you no option to opt out of it pic.twitter.com/128NccDFwK

— Cee-cee ☢️ (@Ceecee76587819) June 18, 2022

Multifactor authentication is a must for every higher education institution, especially because their networks continue to be targeted by cyberattackers and remain vulnerable due of the large number of endpoints and huge pool of users accessing them every day.

But even as MFA has become more common, users still try to get around it, complain about having to use it and flood IT support desks with requests for help.

So, how can colleges and universities make using MFA feel like less of a headache? Here are few ways I’ve seen institutions get through to reluctant users.

Click the banner below to find out how identity and access management paves the way to zero trust.

 Explain the Risks of Identity Theft When Promoting MFA

To promote any security measure, it’s important to lay out in detail exactly what’s at stake.

Just like putting fewer locks on your door makes it easier to break open, the less effort someone has to put into, say, accessing a university email account, the easier it is for bad actors to gain the same access. Once a bad actor has access to your email, there’s no end to the amount of private data, personal information and other accounts (like your bank account) that they can get to as well. Identity theft is a nightmare no user wants to have to experience.

MFA provides an extra layer of security, forcing you to prove that you are who you say you are. And the more layers of authentication someone must go through to gain access to the network, the more difficult it’s going to be for an attacker to break through.

Another potential issue is the compromise of the entire campus network. While that may not be an appeal that resonates with everyone on your campus, plenty of faculty, staff and students aren’t going to want to see their university in the headlines because a cyberattacker was able to infiltrate the network. The ensuing ransomware attack will be expensive enough to respond to, but the reputational damage that follows these breaches can be even more costly.

LEARN MORE: Busting the three major identity and access management myths.

Explore the Different Types of MFA Solutions for Higher Ed

Most people think of multifactor authentication as the common two-factor solution, where a user enters account information, then follows up with a code sent to a mobile device. Those kinds of MFA are valuable and effective, but don’t forget to investigate other options that could be a little more user-friendly.

Single sign-on solutions like Okta still require an multifactor process when users first sign on, but once they get through the login, access to many or all apps comes with it; no more entering your password every time you switch from one app to another.

Beyond single sign-on, the next frontier for identity management could take a few different forms. One is passwordless authentication, which, like its name implies, eliminates the use of a password entirely, instead relying on things like biometrics (such as fingerprint or face recognition) and cryptographic keys.

Passwordless authentication also can be used to beef up physical security, with solutions available to limit access to campus buildings.

In addition, if your institution is already working with major vendors such as Microsoft for hardware, software or services, their MFA solutions should be part of the package you’re paying for. If you’re not sure if your Microsoft contract includes MFA access, a member of CDW’s higher education team would be happy to assist.

DIVE DEEPER: How single sign-on software is boosting classroom security.

Educate Higher Education Students, Faculty, Staff on How to Use MFA

Regardless of what MFA solution your university decides to go with, training students, faculty and staff on how and why to use it can go a long way toward limiting those help desk requests from frustrated users.

I wrote earlier about why MFAs are important, but the how can be critical as well. Many students may have never encountered MFA previously, and while they are tech-savvy, they still won’t pick up something they’ve never used before without a little assistance. The same goes for faculty and staff.

Training documents and resources should be simple and widely available. While certain colleges and universities are creating programs intent on making cybersecurity training fun, the most important educational piece I’ve found is a clean, simple, easy-to-find website explaining why MFA is in place and walking users through how to use it. This one from the University of Puget Sound is a nice example.

No matter how you lay it out, making MFA as simple to use as possible and explaining the rationale for using it in straightforward terms can set your IT department on the road to a more secure network and a happier user base.

This article is part of EdTech: Focus on Higher Education’s UniversITy blog series.