Cybersecurity awareness: Get your factors right

by Elizabeth Jenike, IT Services

We’ve been waxing poetic lately about two-factor authentication (TFA), because we are getting ready to launch University-wide two-factor on most Miami resources. It’s for a good reason, and plenty of Miami folks are already on board with enrolling in Duo Security (thanks!).

But why do we talk so much about TFA and its counterpart, multi-factor authentication (MFA)? Why is it so important? Let’s take a look:

MFA: An overview

The benefits of TFA center around the idea that even if your password is somehow stolen or parsed by wily hackers, your account is secure by nature of the fact that you are the only entity with access to your second password, or factor. MFA is another way to refer to TFA, and for the purposes of this piece, we are going to use them interchangeably.

Two Factor Graphic

The idea is this: You log in to a website with your username and password. This is the first factor—the one that hackers could potentially learn. Then, you have to input a randomly generated code via your smartphone or insert a USB security token in your computer—physical devices that only you should have access to. Therefore, MFA uses something you know (your password) and something you have (smartphone app or USB token) to double up on the security.

MFA can also take TFA one step further by adding a third factor—usually biotechnology (something you know, something you have, and something you are). An example of this would be the fingerprint sensor on your smartphone.

Why is using MFA critical for everyone, not just those in the IT world? Say, for instance, that someone with malicious intent learned your username and password. With MFA, when that person tries to access your account, you get a notification that someone has used your credentials. It will then ask you to verify whether or not that ping is you. Since it’s not, you can identify right away that you need to change your password or delete credit card information from that particular online account.

The bottom line is: Having those second and third factors prevents hackers from gaining access.

The problem with remaining digitally unsafe

Despite the clear advantages of installing and using MFA on critical accounts like email and banking services, most online users haven’t taken that extra step toward greater security.

The Register reported at the beginning of 2018 that a Google software engineer revealed more than 90 percent of Google users hadn’t adopted TFA on their accounts. What’s more, a 2016 Pew study found that only 12 percent of people use password managers.

Hackernoon contributor and cybersecurity researcher David Balaban noted that one of the reasons people don’t utilize MFA is because of an issue of mindset. The ever-common epithet “it’ll never happen to me” is hopeful, but unfortunately most likely wrong. It’s a mindset that people should divest themselves from. Some users tend to believe that the additional security would be more of an inconvenience than it’s worth—but that couldn’t be further from the truth.

The truth is that, according to Entrepreneur contributor Carly Okyle, 90 percent of employee passwords can be hacked in six hours, and two-thirds of people use the same password for everything. Better safe than sorry—adding a second factor will help you to negate the impact of a security breach. And when your machine is safe, it gives the network of your entire organization that extra boost in security.

How do we use MFA?

Once you decide to set up that second (or third!) factor, you can rest easy knowing you’re doing your best to prevent attacks on yourself and on your organization. In fact, according to cybersecurity firm Symantec, 80 percent of data breaches could be prevented with the use of TFA.

When you enroll in Duo on your Miami account, you will have an option of what you want your second factor to be. Here’s how Duo is being used at Miami so far, according to our October stats:

  • 76 percent selected to use the Duo Mobile application to push a code to their smartphone
  • 15 percent are using Duo Mobile to input a randomized passcode
  • 2 percent are using SMS text messages
  • 7 percent use voice calls

Since we are not live with Duo yet, these numbers will change by the time we flip the switch on December 19. So far, though, this is what we want to see: Miami staff, faculty, and students are by and large signing up and using the Duo Mobile smartphone application, which is the recommended method for authentication.

Getting ready for Duo

Here’s what you already know: On December 19, 2018, IT Services will be mandating two-factor authentication for the entire University. Miami resources (e.g., BannerWeb, Miami Mail, myMiami, Canvas, etc.) will be blanketed by an extra layer of protection.

Duo will virtually eliminate phishing and will allow us to better safeguard our systems. What’s more, we won’t have to change our passwords nearly as often as we do now—strong passwords will only need to be changed every five years instead of one (which is the current requirement).

The other good news? You can authenticate with the recommended Duo Security smartphone application—and it’s incredibly easy to do so.

We’re asking the Miami community to enroll before the deadline. It’s quick, it’s easy, and it will save you from having to enroll in a hurry on December 19. Visit to sign up now!

White text displaying ENROLL NOW on a red background