By next semester, all students will be required to use a two-factor authentication method because hackers continue to compromise student accounts, according to MSU’s Information Technology Services.
In just one month last year, there were more than 300 break-ins after a successful phishing scam, said Tom Ritter, ITS security and compliance officer.
“This is the problem that I was trying to resolve,” Ritter said. “Over the last few years, we’ve had a steady break-in rate. Most of these break-ins were associated with phishing attacks. They would send a fake email message, and they would get someone to click on it.”
These hackers have developed from their old ways of stealing information, however. Ritter said they can create fake websites that look almost exactly the same as a real one. Ritter said one hacker even created an identical copy of MSU’s website hosted in the Netherlands, with the only difference being its url.
The spam emails have escalated into cyber attacks, like identity theft and stealing bank information.
“What we started noticing last year is what they were actually doing changed some,” Ritter said. “They started trying to login to banner and look if they could change direct deposit information.”
About a year ago, at least one MSU employee even lost their paycheck due to a hacker logging in and changing the information for direct deposits.
To help prevent this problem, last year, all faculty and staff are required to use Duo, MSU’s two-factor authentication program. After users login, they are sent a notification on the Duo app, where they can see where the login attempt is coming from and either accept or deny it. Users can also get a code sent to their phone number.
If users do not have a smart phone, ITS will give one security token per person for free. If a user presses the button, a six digit code will pop up.
Since the amount of student account compromises are still high, Ritter said the two-factor authentication will help reduce this number.
In addition, online hacking is not the only way students can have their information stolen. Ritter said plug-in keystroke loggers can catch every stroke put into a keyboard, thus making it easy for hackers to get passwords. Ritter said one student was charged with a felony for doing this exact thing.
“Go plug that in to locations around campus and it will log every netID and password of everyone who used it,” Ritter said.
Chief Information Officer Steve Parrott said students will soon have a warning screen pop up on their login page, asking them to sign up for Duo. He said a “Continue to myState” option will be available until the spring.
Parrott said this authentication method may seem like a hassle, but it is only beneficial for students.
“This is a great thing for students,” Parrott said. ”Yeah, it’s going to be one more thing they have to do when they login every time, but it’s protecting them.