What is Multi-Factor Authentication (MFA)?

UMB’s computing environment requires a high level of security to ensure the privacy, integrity, and confidentiality of the data that resides in its systems. The UMID and password has developed and served as a common credential to access systems and services at the University. This authentication strategy has greatly improved the computing services user experience. However, with the growth of cyber threats and attacks, and the attempts to persuade individuals at UMB to reveal their credential, known as phishing, it has prompted the computing industry to address this problem. An approach was devised to leverage multiple verification methods and no longer rely only on a single credential. The combined strength of these multiple factors of authentication create a confidence or level of assurance that the person accessing the system is the appropriate individual. At UMB, we will be transitioning to a MFA approach that allows users to use a mobile device in addition to their UMID and password to achieve a significantly higher level of security and almost entirely negate the risk associated with phishing and similar attacks.

Why is MFA important to the security and privacy of UMB, its data, and its users?

UMB continues to make immense strides toward establishing a common ID and password that provide secure and easier access to systems. While this has greatly improved the usability of our computing services, it has likewise increased the importance and influence of that single set of credentials. The UMID and password now have the highest level of criticality as this credential provides in almost all cases the only verification method that the user accessing a system is the intended person. Therefore, a breach of that credential would provide far-reaching access to a perpetrator.  Unfortunately, most universities and organizations have found themselves in this situation — and UMB is no different. As such, the number of attacks on users to coerce them into revealing their credential is exponentially increasing. These attacks, known as phishing, are operating at such as scale in volume, variety, and degree of sophistication that even with the immense resources dedicated to prevention, detection, and monitoring, some attacks will still reach users. The phishing epidemic has exposed and clearly demonstrated the weakness of only having a single credential to prove identity.

As a result, the industry has started to embrace and move to this new approach. Specifically within higher education, the pace and range of the adoption of multi-factor authentication (MFA) have confirmed it is and should be one of the highest IT priorities on which a university should focus.

UMB’s computing environment requires a high level of security to ensure the privacy and integrity of both its users and the data that reside within its systems. A single credential will only continue to pose a significant risk as a single point of failure within our collective IT infrastructure. The most effective way to mitigate this risk is introduce a second credential and adopt a MFA strategy for all users of all systems. This unilateral approach will almost entirely negate the risk associated with phishing and similar attacks and align UMB’s IT security practices with the overwhelming majority of its peer institutions.

Which users require MFA to access applications and services?

All faculty, staff and students are required to use MFA, along with any affiliates who have access to any systems that contain our University’s most sensitive data.

How do I use MFA?

Watch a short video showing how to register for and use MFA here.

Or follow this link for additional information.