On Wednesday 6 April, UiA will introduce two-step verification for students when they log into Outlook, Teams, OneDrive and other Microsoft programs.
“It is about increasing security”, says IT Director Tord Tjeldnes.
All employees at UiA started using two-step verification in the winter of 2020.
The process has many names: two-step verification, two-factor authentication or two-step login. What happens is that when you log in with your username and password, you have to verify that it really are you who are logging in (step 2) before you can access Outlook, Teams or OneDrive. The best way to do it is to use the «Microsoft Authenticator» app on your mobile: How to set up 2-step verification. The «Microsoft Authenticator» app are said to be safer than a step 2-code from a text message.
Most people have two-step authentication when using their online bank, for example.
“We see that the threat is increasing, and there are many systems at UiA that we need to protect”, says Chief Information Security Officer (CISO) Johanne Warberg Lavold in the Division of IT.
Universities are attractive targets for hackers of all kinds, and although SPAM filters take care of most of the attacks, they are not foolproof. Some slip through the first line of defense and must be stopped later.
“It is important that we all make sure that our account is not hijacked by anyone else. UiA wants our students to collaborate with each other, and many programs offer opportunities for collaboration. That means we must control who gets access”, Lavold says.
When an intruder gains access to a UiA user’s accounts, this stranger will have all the access that the actual user has. This means that the intruder can retrieve all the information that the user has access to in UiA's programs and will be able to mess up files and other things that are in the user account.
Many intruders use the access to send out huge amounts of emails with content that the owner of the account would never approve of.
The two-step verification process only kicks in when you want to enter the system. If you only access the public site, UiA.no, there is no need to log in.
“We also plan to introduce two-step Feide login, that will come later”, says IT Director Tord Tjeldnes.