Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 42 Next »

or At RRU, we care about the security of our data so we’re implementing MFA to protect it.

What options are available for my second factor? And which scenario suits me best?

 What is MFA?

Multi-Factor Authentication (MFA) is a security measure used by organizations to improve their online security and protect their data.

MFA involves using more than one thing to prove who you are. Typically, the two things are "what you know" like a password, and "what you have" which is something that you carry with you.  Using MFA is much more secure because it is less likely that someone with bad intentions will have both your password and the second method you choose.

 Why do organizations use MFA?

Here's what you need to know about why organizations like us use MFA:

Safeguarding both your personal data and the sensitive information of our RRU and our students is paramount. Organizations implement MFA to enhance security and protect against unauthorized access to your accounts and confidential data.

MFA adds an extra layer of protection, ensuring that even if your password is compromised, unauthorized individuals still can't gain access without an additional verification step. This significantly reduces the risk of data breaches and enhances the overall security posture of organizations.

Enhanced security
Protection against unauthorized access
Reduced risk of phishing and credential theft
MFA adds an extra layer of security beyond just your username and password. It is harder for unauthorized individuals to access data or systems if they need to know your password AND have your cell phone or key fob to do so. 

Remote Work and Mobile Access: 
With the rise of remote work and mobile device usage, securing access to corporate resources from various locations and devices is critical. MFA ensures that even when you are not physically in your office, your access is secure. 

User-Friendly Experience: 
Modern MFA solutions are designed to be user-friendly, offering options like push notifications, biometrics, or one-time codes via SMS or mobile apps. This makes it easier for you to use MFA without significantly disrupting your work. Microsoft will soon stop supporting SMS (text) messaging so RRU will offer two options for your second factor: push notifications to the MS Authenticator app or a Security Key/Fob (a little USB stick that you carry around with you).

Adaptive Security
Some MFA systems can adapt their security measures based on the context of the login attempt using access policies. For example, policies could specify that if you're on campus plugged into the network on an RRU device, there's low risk so there's no need to ask for MFA. But if you're trying to access our remote server from a personal computer in Greece, we will ask for MFA to make sure that's really you. Other policies are time-based and may ask you to MFA if you haven't done so in a certain period of time. The goal is to use these policies to manage when you're asked to MFA so that the process is not intrusive but that we remain secure.

Preventing Insider Threats: 
MFA can also be effective in preventing insider threats by adding an additional layer of security for employees and trusted users. It helps ensure that even those with legitimate access are properly authenticated. None of the cybersecurity incidents experienced at RRU over the last two years were deliberately permitted by RRU staff. MFA would have prevented ALL of the cybersecurity incidents that RRU has experienced​ over the past two years.

Cost of Data Breaches: 
Data breaches can be extremely costly in terms of both financial losses and damage to an organization's reputation. MFA reduces the likelihood of breaches, which can save organizations a significant amount of money and prevent long-term damage. 

Scalability: 
MFA solutions can scale with growth. We're implementing MFA starting in February by asking employees to register. Then we'll move on to contractors, then students. Initially, only a small number of applications will be MFA-enabled but we'll add others as we go. 

MFA is important to RRU

We're on it! and we need you on it, too.

 Why do I need to use MFA at RRU?

Here’s why it’s important for you to set up MFA:

  • Very real (and close to home) cyber security concerns

  • Some RRU resources like webmail already require MFA, even when you’re on campus

  • Soon there will be more applications behind MFA including other MS applications and eventually, Moodle and other non-MS applications

  • While outside the country, Outlook, webmail, and other MS applications always require MFA

    • you cannot independently set up MFA while outside the country

    • technical support is not available on evenings and weekends so you may find yourself locked out for an inconvenient amount of time

  • You need to set up MFA to prevent service interruptions that will negatively affect your access to resources. Better to do it now, then when you are in a time crunch and really need access to a resource behind MFA

We are truly all in this together. Please do your part to keep RRU secure from cyber criminals.

 How often will I be prompted to authenticate?
  • The current default* for people using Microsoft office products domestically on a personal computer is 12 hours. This is only enabled for Microsoft Webmail at this time.

  • The current default* for people using Microsoft office products internationally on a personal computer is 12 hours. This is enabled for most Microsoft Office programs including webmail, Teams and SharePoint/OneDrive

  • The current default* for people using Microsoft office products domestically or internationally on an RRU computer is 12 hours. This is not currently enabled for any Microsoft product locally but that might change in the future.

*As of August 1st, 2024 (subject to change without notice)

 I am not in Canada, will this MFA setup be a problem?

Yes, the setup will be a problem. Please contact the RRU Help Desk because we need to adjust your account so you can complete the setup process.

Once setup, MFA will work in any country as long as you have a wireless/data connection on your mobile device to authenticate.

 I am getting a code for my Webmail, but no prompt on my phone or place to enter it

It sounds like notifications are not enabled

iPhone

  • Go into Settings → Notifications

  • Scroll down and you will see a list of applications. Click on Authenticator (blue lock with a person in it)

  • Enable “Allow notifications”

  • Review the settings to make sure you are being notified in a way you would like. We recommend leaving ever possible option enabled

  • You are done, you can close the Settings window and you should now receive notifications

Android

(Coming soon)

 I am NOT getting a code when going to webmail, instead it says "More information needed"
image-20240531-181956.png

This means you have not completed the RRU MFA enrollment for everyone or are using the wrong authenticator app.

Please scan the QR code and make sure you have installed the Microsoft Authenticator App which looks like this:

image-20240531-182323.pngimage-20240531-182500.png
 When am I required to register for MFA?

Employees: starting in Feb 2024

Contractors (academic and non-academic): starting in March 2024

Students: starting in May 2024

 What MFA method is recommended for international travel?

If you are traveling with your mobile device, use the authenticator app, which is designed to work internationally (using the verification code method). All you need is a wifi connection.

 What devices can I use to MFA?

Any smart phone with data (required for Authenticator app). When traveling out of country, please note you might require a travel pack for that country or you must connect to local WIFI.

For people that do not have a mobile device or cannot use their mobile device, USB security keys are provided upon demand. The USB key allows any device with a USB A connection to authenticate.

 Do I need cellular data/wi-fi and will I incur cellular data charges if I use the MS Authenticator app for my second factor?

If you connect your mobile device to WIFI you will not use data. If you are not connected to wifi then it will require cell data to authenticate.

Since you are required to authenticate when connecting to remote services, you can use the same data source for your authenticator as you are using for your computer.

 Must we use our personal smart phones if we choose the MS Authenticator app?

We understand concerns about using personal resources for work-related purposes. However, the Microsoft Authenticator app, which we recommend for MFA, consumes minimal data. This means the impact on your data plan will be negligible.

And, if you're already using the Microsoft Authenticator app for other purposes, such as accessing your bank or investment information, adding an account for RRU is seamless. It streamlines the process and ensures consistency in your security practices across different platforms.

When/if you leave RRU, it’s easy to delete the authenticator app.

Everyone must use MFA. It is a requirement.

Special notes by group

Employees participating in flexible work arrangements (you work some days per week on campus)

Our blended work agreement indicates you may require additional personal resources to work effectively from off campus. Using your personal cell phone for MFA is one example of this.

You also have the option of using a security key (not our recommended option).

Employees who come to campus full time

If you prefer an alternative to your cell phone, you can choose to use a security key for authentication (not our recommended option).

Everyone who primarily works off campus including academic and non-academic contractors and students

There is an expectation that you have the means to access the RRU resources required to fulfill your contractual obligations and/or your school work.

We appreciate your cooperation

Whatever 2nd factor authentication method you use, you're enhancing the security of your own account(s) and contributing to the protection of sensitive student data and the integrity of our organization.

Thank you for your understanding and cooperation in maintaining a secure work environment.

 How much data is used by the Authenticator app?

We don’t have exact numbers but in 3 months, an IT staffer who relies on MS Authenticator to authenticate on multiple resources used 2 megabytes (mb) of data. For a year, that would be approximately 8mb.

One gigabyte (gb) of data is 1000 mbs. So, one can expect to use less than 1% of a gb in one year.

 What should I do if I plan to upgrade my mobile device or if I lose the smart phone I use for MFA authentication?

If you plan to replace your mobile device, it is STRONGLY recommended that you follow the MFA instructions on the new phone before you wipe or otherwise dispose of your old phone. You will need your old phone to authenticate your new phone.

If you've lost or had your mobile device stolen, you can sign in using the secondary authentication method you selected when you registered your device for MFA.

If this option has not been configured, you can contact the RRU Help Desk to clear your settings. After your settings are cleared, you'll be prompted to register for two-factor authentication the next time you sign in. 

 What if I get challenged for a second authentication factor and my second factor is not with me? (e.g. forgot smartphone / hardware token at home)

We recommend you have a backup device associated with your account to help prevent this issue. If you have lost the only MFA device associated with your account, contact the RRU Help Desk for assistance. The IT Support Centre can only assist you during business hours. Therefore, if you haven't set up a backup method you will have to wait until the RRU Help Desk is open. 

 What if I receive a prompt for authentication that I did not initiate?

If you are not attempting to log into an RRU resource when you receive the prompt to authenticate. Deny or ignore the request. This means the MFA is working and that some else is trying to access your account.

In some cases the perpetrator might “bomb” you with repeated requests to “authenticate” hoping that out of frustration, or by accident, you might approve the request. If this happens please put your phone aside, or on silent, and ignore the requests. Please notify the Contact the RRU Help Desk so we can track these instances.

 I didn't find the answer to my question in these FAQs - where can I get help?

Contact the RRU Help Desk for assistance. 

about anchors: https://confluence.atlassian.com/doc/anchors-139442.html

  • No labels