ITS rolling out new login protection


Starting in June 2017, the ITS department has worked to implement multi-factor authentication to increase security for students and faculty alike.

The new security precaution adds a third level to the standard two-step username and password process. This third step requires an additional form of recognition like texts or a phone call.

“Multi-factor authentication is an SVSU strategic initiative to help protect our users with an additional layer of protection,” said Larry Emmons, director of ITS. “We all have a (username) and password, something we know. Multi-factor authentication adds a third factor, something we have.”

Emmons said the authentication process is being implemented on a rolling schedule.

“We started with a pilot group of users in June of 2017, and once we had overcome obstacles and barriers discovered through the pilot, we began the rollout for the (university) administration and Business Affairs in March of 2018,” Emmons said. “In July of 2018, we began the rollout to the Academic and Student Affairs offices and the President’s Office.”

Emmons said the rollouts have been halted temporarily, allowing students, staff and faculty time to adjust. However, they will resume implementing the new process Oct. 15, beginning with adjunct faculty members.

Emmons said the goal is to implement multi-factor authentication for all members of the University, both on and off campus.

“We have quite a few compromised accounts at the University each year, and while we have protections in place to alert us, the number of compromised accounts should go down once we implement multi-factor authentication,” said Joe Wojtkiewicz, a manager of the IT Support Center.

He said students should not be concerned about accessing their accounts.

“Adding in multi-factor authentication will be an additional layer of added security,” Wojtkiewicz said. “The best part of this is it works on Wi-Fi or a cellular network, which means it will work anywhere on campus.”

Wojtkiewicz added that if the authentication is left incomplete for 55 seconds, users will be presented with security questions. Once implemented, use of the multi-factor authentication will be mandated for anyone with an SVSU network account.