Body
During 2024, Hancock College is beginning a new security program called Phishing Resistant Multifactor Authentication for staff members who have access to critically sensitive information. The term refers to the change in the way employees will get One Time Passcodes (OTPs) when logging into the Hancock College SSO system. Instead of an email or SMS text message to a mobile phone, employees will be able to use physical device plugged into their computer's USB port known as a FIDO2 key. This key provided by the ITS department generates OTP codes without needing to wait for an email or text message.
Why the new OTP methods?
Emails and text messages can be easily spoofed by attackers and are a common vector for bad actors to gain initial foothold into a system. The OTP generated by FIDO2 key or mobile authenticator application is only valid for a short time. FIDO2 keys are also significantly longer than the usual 6 digit code in email and text message OTPs.
Who will be added to the new security policy?
Employees who will be brought into the new policy include members of the Information Technology Services, Business Services and Human Resources departments. Mangagers, supervisors and assistants of the executive staff will also be included. Other staff members are invited to join the program as well by submitting a request through the ITS Help Desk.
When will these changes happen?
ITS has already begun to use Phishing Resistant MFA for logins. Departments and offices will be added gradually throughout 2024. ITS will provide a USB FIDO2 key and a training to assist staff with setting up the FIDO2 key as well as an authenticator application on a mobile device.
How does one set up the new OTP methods?
The ITS Help Desk Knowledge Base already has information on setting up a mobile authenticator and FIDO2 key. After a staff member has successfully enrolled their FIDO2 key they will be enrolled into the new policy and all OTP logins will require use of a Phishing Resistant Multifactor Authenticaton method. Should you ever have trouble with an OTP you can contact the Help Desk. Broken or lost FIDO2 keys can be replaced by ITS by filling out a Help Desk Ticket.