Multi-Factor Authentication
Multi-Factor Authentication (MFA) with SecureAuthMFA
Multi-factor authentication is an added layer of security, protecting the community and helping safeguard college data. Visit What do I need? How do I get started? to begin the SecureAuthMFA app setup process.
What is Multi-factor or two-step authentication?
Multi-factor authentication (also commonly referred to as two-factor authentication, two-step verification, or second-factor authentication) is an additional layer of security beyond a username and password. Typically, it involves an app installed on your mobile device, a hardware token, use of the biometrics (fingerprint or facial recognition) from a laptop, or a telephone number. After signing into a service with your username and password, you are prompted to confirm your identity via the mobile app, hardware token, biometric feature or telephone number. You may already be familiar with this process if you’ve enabled two-step verification with popular consumer services such as Gmail, Apple ID, Twitter, Facebook, as well as most financial institutions.
Why is Lewis & Clark implementing MFA?
We are concerned for the privacy of our students, alumni, and fellow employees and want to do our best to protect their information. Increasingly, accounts are being compromised in a variety of ways – weak passwords, re-used passwords, phishers, hackers, malware, etc. Multi-factor authentication helps protect community members from targeted attacks and unauthorized access to college and personal data.
Your data is important. MFA provides protection for various materials and resources such as
- Student records (grades, enrollment information, letters of recommendation, and more)
- College confidential and legally protected materials
- Sensitive correspondence in email
- Candidate materials in job searches
In the event your password is phished, guessed, or hacked, your account is less likely to be compromised as the attackers must also posses your physical device (mobile application, hardware security key, biometric, etc).
Who is required to use MFA?
Faculty, staff, and student employees are required to use MFA. Employees will be introduced first, followed by students, and emeritus account holders.
Which services require use of MFA?
Lewis & Clark applications requiring use of MFA include access to Global Protect VPN, Slate, Gmail, and others. The list will be expanding as IT moves forward with implementation.
What do I need? How do I get started?
Get started with MFA by using the SecureAuth MFA mobile application. To get started, ensure your mobile device, workstation, and email access are ready.
To get started, you will need a mobile device and a computer. Please review and follow the SecureAuth MFA Guide. This guide includes links to the Apple App Store and Google Play Store for the mobile app.
After you have set up the app, you can review the MFA Alternative Authentication guide to add biometrics and security keys to your account.
What is Single Sign-on (SSO)? How does SSO relate to MFA?
- Single Sign-on (SSO) is the benefit of being able to access all L&C SSO applications and websites without having to log in again. While MFA expands the list of credentials used for verification of a user’s identity prior to logging into any application.
- How often will I have to authenticate and use MFA? This is dependent on your role and the sensitivity of the application.
FAQs
- iPhone
- iPad (suggested as secondary authentication device)
- Android Phone
- Android Tablet (suggested as secondary authentication device)
- Hardware Tokens
Yes, you can set up your tablet as an authentication device with SecureAuthMFA, as long as you have access to an app store that provides the download and a camera on your device.
You can only use one phone number with your SecureAuthMFA service. We recommend either using your phone number or your office landline.
You can add multiple mobile devices as long as you have access to an app store listing the ItsMe app and a camera on your device.
To remove devices, open the SecureAuthMFA app on the device you wish to “unpair”. Select Settings and select “LOGOUT/UNPAIR”. If you do not have access to this device, please contact the Service Desk as they are able to assist you.t
- SecureAuthMFA’s mobile app for Push, QR codes and Time-based One-time Passcode (TOTP) when offline
- Hardware security key or token provided by L&C IT (future phase)
- Phone call to your mobile device or landline
- Use of the SecureAuthMFA application does require wifi or cellular service to receive a push notification to your mobile device.
- Time-based One-time Passcode (TOTP) generated in the SecureAuthMFA or with a hardware token DO NOT require any cellular or wifi network connectivity.
-
A hardware security key or token does not require wifi or cellular service.
-
Hardware tokens will be available and charged to your department. This is scheduled in a future phase of this project.
- When traveling, it is a good idea to prepare by setting up multiple methods for MFA. For example, if you normally use the SecureAuthMFA application on a mobile device, you might visit the IT Service Desk to check-out a security key or hardware token. While our vendor states the MFA service will work abroad, your mobile device may be unable to receive push notifications to the ItsMe application.
- When traveling abroad, it is important to note that internet access in certain countries (China, Russia, and others) is restricted and some L&C services may not work as expected. It is advisable to visit the Service Desk in advance of your travels.
- Please see the “ Does SecureAuthMFA require wifi or cellular service? ” FAQ
- Never approve a MFA notification requesting approval for access that you did not initiate.
- If you receive a MFA notification you did not request, immediately change your password for the associated account. You should also consider updating your passwords for any accounts that use the same credentials.
- Always create unique, strong passwords for each of your accounts.
Information Technology is located in Watzek Library on the Undergraduate Campus.
MSC: 97
email ITservice@lclark.edu
voice 503-768-7225
fax 503-768-7228
Chief Information Officer Adam Buchwald
Information Technology
Lewis & Clark
615 S. Palatine Hill Road
Portland OR 97219