top of page

MFA Requirements Come to Canisius Students

Jon Dusza, News Editor

By Jon Dusza


Beginning on March 15, Canisius students are required to set up a multi-factor authentication (MFA) procedure in order to access information from the ‘mycanisius’ website.

The new requirements for students are the same ones which have been required of Canisius faculty and staff for about two years. Students will be required to either answer identifying challenge questions or enter a numerical code sent to another device, like a phone or email, presumably owned by the student.

“There’s a lot you can glean from just getting access to one particular student’s account,” said Scott Clark, director of user services at Canisius’s ITS department in an interview with The Griffin. “If you think about it, you have links to your financial data so you can pay your bills. You have personal information like name, social security number, other private information like addresses, previous residences, maybe.”

Naturally, filling out MFA forms to sign into ‘mycanisius’ creates a new obstacle which students have to go through. “That is one of the reasons we didn’t just put [MFA] in place as soon as it became available. We thought long and hard about the trade offs… The college as a whole also bears some responsibility for not doing their due diligence to help protect data,” said Clark.

Canisius’ MFA program does feature an option to list a personal computer as a “trusted device.” A trusted device means that one does not have to go through MFA questions or codes everytime they sign in on their personal computer. Instead, they have to enter the aforementioned information every thirty days.

That said, whenever there is a time shift, like daylight savings time or a trip to a different time zone, the “trusted device” setting resets, and a student would have to go through MFA again. “That has to do with the way that the trust relationship is actually saved on the computer. When it’s saved, it has a universal time piece to it, and with daylight savings time, that universal time no longer matches up with the computer.”

Also, the “trusted device” feature will not apply to public computers, like the ones in the Canisius library. “You wouldn't want to save your banking credentials on a public computer, for example,” Clark said. “That's essentially comparable to what you're doing when you do that with your Canisius credentials.”

When asked if MFA is here to stay, Clark said that “the computer world is ever evolving,” so it is hard to say where technology will go and how the changes to technology will affect security.

MFA will not be required for accounts run through Canisius that are not ‘mycanisius.’ “Let’s say you use the Gmail app on your phone, you’re not gonna get prompted for MFA just to look at your email.”

In addition, Canisius will also require students to reset their password for their ‘mycanisius’ account once a year. As the date gets closer to the day where a student has to reset their password, they will progressively get more emails reminding them to reset their password. If the password is not reset, the student will be locked out of their account. In that case, one would have to contact ITS in order to regain access to their account.

Clark suggests to students to “set up more than one MFA method, because if you have a failure to access that one method, you have backups, you can still get into your accounts… Make sure you can remember what your challenge questions are, but also make your challenge questions something that's not easy to guess.”

“[MFA has] always been one of the concerns we’ve had sort of on the backburner,” Clark said, “so we’ve decided that it’s finally time to roll this out.”


7 views0 comments

Recent Posts

See All

Comments


bottom of page