Northern Illinois University is unveiling a new type of computer login security measure in response to an increase in phishing attacks.
Phishing is an e-mail scam where users are tricked into entering sensitive information by leading them to a fake website. At any large institution, this can lead to passwords getting stolen, and the account in question has to be reset. But NIU Information Security Officer Andrew Bjerkin says hackers have increasingly used compromised accounts to send out more spam.
“You go to lake one and you catch two fish. You go to lake two and you catch ten fish. When you plan your third trip, which lake do you think you’re gonna go to?”
To combat this, NIU soon will require multi-factor authentication. Bjerkin says this involves a second step when logging into university accounts. Specifically, it would involve a device such as a cell phone.
“When they type in their user name and credentials, they’ll either get a text message, they could have the app downloaded so it could give them a pop-up message, or it could do a regular phone call with an automated voice and say ‘press 1 if this is you.’”
If users say no to these messages, they will immediately abort the login attempt. NIU hopes this additional layer of security can protect sensitive information, such as bank accounts associated with student tuition and employee payroll.
Since student accounts are the ones most commonly hacked, NIU plans to require MFA login when they use Office365, starting May 10. Bjerkin says they eventually hope to expand it to include Blackboard and MyNIU.
More information on MFA can be found at NIU's website.