St. Bonaventure University’s Technology Services has begun implementing a two-factor authentication process for all Bonaventure email accounts to reduce the number of phishing attacks.
Email accounts were added to the new system in groups over a two-week period, and users were then asked to participate in a 10-minute process to successfully implement the authentication to their account.
For students to set up their two-factor authentication, they can go onto the my.sbu.edu website and click on “OFFICE 365 EMAIL,” and login as usual. Following this, students are asked to click “Next,” “Additional security verification” and select “Authentication phone.” Students are then asked their preferred method of alternative contact and can input their information. A verification code will be sent to their mobile device and that is to be entered in the text field.
Once the account user has set up the two-factor authentication, any time one logs into their Bonaventure account on a new device, he or she must verify it by not only the username and password, but on one’s mobile device.
The two-factor authentication capability was already contained in the Microsoft license agreement that SBU Technology Services has, making the shift easier.
Prior to this, Bonaventure account holders simply logged into their accounts on any computer with their own password and gained access to their account. This led accounts to be vulnerable to cyber attacks and thus compromised.
In the past year, the university has seen a decrease in phishing attacks as more students become aware of such attacks and how to prevent it. But, despite the decrease, there was still a substantial number of accounts compromised. In 2019, 186 student accounts were compromised compared to 242 in 2018, reports SBU Technology Services.
Faculty accounts have also seen a significant decrease in phishing attacks.
“Our employees have gone way down,” said Daniel Donner, director of User Services for Information Technology at St. Bonaventure. “We have rolled out with about half our employees on campus and as you can see our numbers have dropped from 22 to 7.”
Unfortunately, not all accounts have seen the same results. Alumni accounts saw an increase in compromised accounts from 116 in 2016 to 202 in 2019, reports SBU Technology Services.
“Our next population we really need to hit are our alumni which have gone up, and the great majority of our accounts are alumni accounts,” said Donner. “My target is next spring, addressing our alumni and giving them the two-factor authentication, and the idea is really to get this number down to as close to zero as we possibly can.”
Once an account has entered two-factor authentication, it does not need to be reauthorized upon graduation.
“Seniors going out will be next year’s alumni, but they are already in two-factor,” said Donner. “They do not have to do anything different as long as they have those accounts. They always will have the two-factor.”
With such amounts of phishing attacks, the two-factor authentication seeks to quell this problem.
Any students with questions or concerns are encouraged to contact the helpdesk at (716) 375-7600 or at helpdesk@sbu.edu.
By Julia Schneider, Staff Writer
schneije18@bonaventure.edu