Online security vulnerability is a critical risk to not only our students’ private information but also to the California Community Colleges’ operations. Stolen credentials can be used to spread ransomware or interrupt services to our students. To combat this risk, the California Community Colleges Chancellor’s Office is recommending that the colleges and grantees immediately implement multi-factor authentication (MFA).
What is MFA?
By definition, MFA is a security mechanism to protect systems, services and accounts for which a password alone does not provide sufficient security. If you have ever tried logging in to a website and received a text message with a code containing four to six numbers to enter along with your username and password, that is an example of MFA.
MFA is remarkably simple in its logic: It prevents one mistake from leading to another. It is based on the principles of requiring something you know (e.g., your username and password) and something you have (e.g., your cell phone or a hardware token). That way, even if hackers can phish for your password (“something you know”), they won’t be able to compromise your account if they can’t access your mobile phone (“something you have”).
While not a new technology, it did take a little time for MFA to become more widely adopted, due to the complexity of its setup and the requirement of an expensive token to provide access. However, today’s MFA solutions are designed to be much easier to set up and use. They cause minimal disruption because MFA solutions typically use our ubiquitous mobile devices for the additional authentication level.
Systemwide MFA initiative in progress
The Chancellor’s Office strongly believes in implementing MFA and is currently exploring options of how it can further support the MFA initiative within the system.
For any questions regarding MFA implementation or the Chancellor’s Office MFA strategy, please contact Barney Gomez, Vice Chancellor, Digital Innovation and Infrastructure, at firstname.lastname@example.org.