We are implementing multi-factor authentication (MFA) for all Single Sign-On (SSO) users across the University. This means you will be asked to verify your account using a second factor, such as a text message, code from an app on your phone or a phone call. How often you are required to authenticate will depend on individual circumstances such as what device you are logging in from, your physical location and what applications you are using.
SSO credentials, based only on a username and password, are vulnerable to phishing attacks which, when successful, give an attacker direct access to confidential or sensitive information.
The University has been at particularly high risk of cyber-attack during the pandemic because people are working from home using multiple devices to connect to work accounts and the University has become a target due to its high profile COVID-19 research.
Cyber-attacks have caused serious damage to other universities in the UK recently and early indications highlight that weak authentication played a role in the success of these attacks.
The key driver for this project is to reduce the number of confirmed security incidents by adding this extra layer of security to your logins.
Account compromises across the University risk the following:
- Financial loss through cyber fraud
- A personal data breach
- Complex cyber-attacks
- Damage or loss of research / clinical trials data
- Reputational damage to the University
- Infrastructure abuse damaging our ability to send and receive email
We are therefore fast-tracking the implementation of multi-factor authentication for all SSO users across the University – staff and students – to attempt to reduce the risks to the services that we rely on daily.
We understand that this new system will cause inconvenience to people, but we hope that this disruption can be weighed against the potential disruption caused by a successful cyber-attack against the University.