Coming Soon - Multi-Factor AuthenticationJanuary 28, 2022 at 2:15 PMDear Campus Community,
This Spring semester, the University of Central Arkansas will begin rolling out multi-factor authentication (MFA), an easy and secure way of logging into many University-related applications that allow access to sensitive information. This MFA process is part of UCA’s overall cyber security plan and will be required for Faculty and Staff users.
What is MFA?
MFA adds another layer of security to your UCA user account by utilizing a secondary device (e.g., your smartphone) to prevent anyone but you from logging in to your account, combining something you know (your password) with something you have (your smartphone). Our partner for this project is Duo (duo.com), a leader in multi-factor security.
Why MFA?
Defending against cyber security threats has become a major part of the overall security plans for universities across the country. It is becoming increasingly easier for your password to be compromised either through phishing attacks, illegitimate emails, or malicious software on your computer.
Over the last three years, UCA IT initiated three separate planned phishing attempts and, on average, we saw a 15% click through rate. In a real world phishing attack, we would see a significant loss of credentials and potential negative impact to our systems.
How?
We will provide much more detail in future communications, but here is an overview of the enrollment process. When it is time to enroll, you will receive an enrollment email which includes the steps to add the Duo application and activate your device. After enrollment and activation, when accessing some University-related applications, you will be asked to perform a second authentication step by simply responding to a notification on your device.
Please note that you will not be prompted for each separate MFA-enabled service during a single browser session. After responding to the first MFA prompt of a session, you will be able to access other services without additional prompting for the duration of the session. Some exceptions would be if you start a new browser, end your current session, there is a network connectivity problem, or your session exceeds the MFA timeout (to be determined).
Here is a list of services included in the initial rollout:
Banner Admin
Banner Self-Service
Google services (G Suite)
Argos
AppWorks
Global Protect VPN
Maxient
StarRez
When?
We will be taking a phased approach to the MFA rollout:
Phase 1 (February 2022) The IT Department will be the initial rollout phase and will allow for extensive testing and other activities to ensure that the rollout to the rest of FS goes smoothly.
Phase 2 (March/April 2022) UCA Staff will be enrolled
Phase 3 (Fall 2022) UCA Faculty will be enrolled. There may also be the opportunity to opt-in to MFA during Phase 2. (More to come on this as we get closer to Phase 2.)
Information Sharing
The IT department will provide all of FS with an opportunity to join a Zoom call in February where we will present information related to this effort and provide an opportunity for general Q&A. In addition, we will have the recording of that Zoom call, links to useful information, and a brief instructional video placed on our IT homepage for you to access anytime.
If you have questions related to this effort, we will be addressing those throughout the phases of rollout but you can also reach out to Tim Roach (IT) via email at troach@uca.edu.
Thank You,
University of Central Arkansas
Division of Information Technology
Burdick Hall
Conway, AR 72035
501-450-3107 | uca.edu/it | @UCAInfoTech
This Spring semester, the University of Central Arkansas will begin rolling out multi-factor authentication (MFA), an easy and secure way of logging into many University-related applications that allow access to sensitive information. This MFA process is part of UCA’s overall cyber security plan and will be required for Faculty and Staff users.
What is MFA?
MFA adds another layer of security to your UCA user account by utilizing a secondary device (e.g., your smartphone) to prevent anyone but you from logging in to your account, combining something you know (your password) with something you have (your smartphone). Our partner for this project is Duo (duo.com), a leader in multi-factor security.
Why MFA?
Defending against cyber security threats has become a major part of the overall security plans for universities across the country. It is becoming increasingly easier for your password to be compromised either through phishing attacks, illegitimate emails, or malicious software on your computer.
Over the last three years, UCA IT initiated three separate planned phishing attempts and, on average, we saw a 15% click through rate. In a real world phishing attack, we would see a significant loss of credentials and potential negative impact to our systems.
How?
We will provide much more detail in future communications, but here is an overview of the enrollment process. When it is time to enroll, you will receive an enrollment email which includes the steps to add the Duo application and activate your device. After enrollment and activation, when accessing some University-related applications, you will be asked to perform a second authentication step by simply responding to a notification on your device.
Please note that you will not be prompted for each separate MFA-enabled service during a single browser session. After responding to the first MFA prompt of a session, you will be able to access other services without additional prompting for the duration of the session. Some exceptions would be if you start a new browser, end your current session, there is a network connectivity problem, or your session exceeds the MFA timeout (to be determined).
Here is a list of services included in the initial rollout:
Banner Admin
Banner Self-Service
Google services (G Suite)
Argos
AppWorks
Global Protect VPN
Maxient
StarRez
When?
We will be taking a phased approach to the MFA rollout:
Phase 1 (February 2022) The IT Department will be the initial rollout phase and will allow for extensive testing and other activities to ensure that the rollout to the rest of FS goes smoothly.
Phase 2 (March/April 2022) UCA Staff will be enrolled
Phase 3 (Fall 2022) UCA Faculty will be enrolled. There may also be the opportunity to opt-in to MFA during Phase 2. (More to come on this as we get closer to Phase 2.)
Information Sharing
The IT department will provide all of FS with an opportunity to join a Zoom call in February where we will present information related to this effort and provide an opportunity for general Q&A. In addition, we will have the recording of that Zoom call, links to useful information, and a brief instructional video placed on our IT homepage for you to access anytime.
If you have questions related to this effort, we will be addressing those throughout the phases of rollout but you can also reach out to Tim Roach (IT) via email at troach@uca.edu.
Thank You,
University of Central Arkansas
Division of Information Technology
Burdick Hall
Conway, AR 72035
501-450-3107 | uca.edu/it | @UCAInfoTech