Multifactor authentication: one piece of a multi-faceted security practice at UB

As more online services, from banking to social media, require a second method of identification before logging in, more people realize the value it adds in helping secure our data, and expect it to be available to protect the kind of sensitive data we at UB access every day through HUB, SUNY’s HR portal and other online tools.

This move also puts us on par with the majority of other AAU universities. It comes recommended by several UB governance and advisory groups, and, most importantly, it will help us continue to prevent attacks like the 2018 attempt targeting students’ UBITName accounts to siphon their tuition refunds.

To be clear, multifactor authentication is not a panacea for threats like these. More important is working with those at risk to educate and limit risky behavior, like reusing UBITname passwords on third-party sites, that creates opportunities for attacks like these to succeed.

Educating the community has always been, and will continue to be, a major component to our security practice.

And unfortunately, as UB employees we are increasingly the target of scammers trying to exploit payroll, healthcare and other sensitive HR information. Multifactor authentication will be an important element in our efforts to better secure this information—but it also requires vigilance on our parts.

As we work with the community to promote better personal security practices, we will be working in parallel to implement this new security tool in a way that is maximally effective and flexible, with minimal burden to our campus community. I encourage you to email me directly with feedback about this change at cio@buffalo.edu.

There is much to be learned from the best practices of our peers in this area. Still, UB is unique. When UB’s students, faculty and staff participate in and benefit from a greater, more flexible kind of security practice—and those benefits are evident to them—we’ll know we’ve succeeded.