Security breaches due to compromised credentials have unfortunately become an occurrence. With an increasing number of passwords to remember, people are prone to re-use the same passwords for many accounts or to use passwords with easy-to-use and easy-to-access information (date of birth, names of family members or pets, etc.). When other non-University services (social networks, websites, etc.) have breaches, these in turn can lead to your credentials being compromised and used to access confidential or restricted University information.
Multi-Factor Authentication (MFA) is an additional service in the authentication process. It validates the identity of the user accessing online systems and applications. MFA works on these principles: what the user knows (their password), what the user has (their smartphone or a physical device that generates one-time passwords), what the user is (e.g. their fingerprint or iris).
MFA is very easy and convenient as you are using your smartphone, which most of us carry it everywhere. And you don’t need to have your work email on your phone since MFA only uses it to get your approval via the app. Your data plan will also not be affected by any text messages or data transferred. For now, MFA has been activated for the accounts of the pilot projects participants.
|Feb. 5||IT Reps|
|Nov. 14||MFA use for VPN access (IT Reps)|
|Oct. 24||MFA use for VPN access (IT staff)|
You are working off-campus and need to use the VPN client. Open your laptop, click on Connect in the Cisco AnyConnect VPN login box, and enter your account and password. A new step gets introduced: a yellow warning symbol appears in the VPN client and a notification is sent to your phone asking you to verify your identity. Click Approve and you will see the usual Welcome to the University of Ottawa pop-up message. You can then proceed with your normal activities.