Ithaca College

Within the next 4 weeks, your access to Ithaca College email will be restricted unless you have activated Duo Multi-Factor Authentication (MFA).  As previously announced, Duo MFA will be required by ALL faculty, staff and students to access email and Office 365.  Duo Multi-Factor Authentication open enrollment is now available - Please enroll now by visiting the IT Website at www.ithaca.edu/it

•  Students who have not self-enrolled in Duo MFA by Monday October 22nd, will be automatically enrolled between then and mid-November, on a group by group basis.

If you choose not to self-enroll, you will receive a notification a few days before your automatic enrollment date.

Please note:

Not all email programs will work with Duo MFA. If you are using an unsupported program you will need to switch to a compatible email program such as Microsoft Outlook or Office Online. Apple recently announced that their latest operating system (Mojave) will support MFA, but may have limitations running 32 bit applications.  Please see the document “Duo FAQ” on the Duo enrollment page (linked from www.ithaca.edu/it) for details.

We thank you for working with us as we take this important step to enhance the security of IC’s information systems and the data our students, faculty, and staff have entrusted to the College. Please contact the IT Service Desk at servicedesk@ithaca.edu or (607) 274-1000 with any questions or concerns.

The Importance of MFA

Multi-factor authentication is the single most effective protection available to reduce the likelihood that our students, faculty, and staff, and the college itself, will be victims of cyber-crime. Although Duo MFA itself does not stop phishing attempts, it ensures that a stolen password alone is not enough to access our accounts, frustrating the primary goal of phishing. Because attacks against our email accounts are so common, and because compromised email accounts are used to spread attacks to others and to other systems, requiring Duo MFA for access to all email accounts is a top priority.

In addition to using compromised accounts to attack others, criminals search inboxes and sent folders for messages and attachments that contain valuable data. Often this includes personal data about the account holder and others, including social security numbers, driver license numbers, health and insurance information, bank account numbers, and other information that can be sold or used in other crimes. Much of this data mining is fully automated and can occur within minutes or hours. They also commonly use their access to the email accounts to reset passwords the users have on other systems. MFA helps significantly to protect against this.