All students will be required to enroll in a security enhancement system for their UCLA internet applications by April 17.
The security enhancement, called multifactor authentication, requires users to provide two methods of identification when logging into UCLA websites such as MyUCLA. In addition to entering their password, users will have to choose a second authentication method from a mobile application, a text message or a phone call. The enhancement is meant to protects students’ accounts because even if a hacker has a user’s password, they cannot log in without having access to their phone or another authentication device.
UCLA previously required all employees to enroll in multifactor authentication by Oct. 31, 2017.
Karen Hedges, deputy director of student development and campus life, said the security enhancement is necessary because more cyberattacks have targeted the university in recent years.
UCLA officials announced in July that a cyberattack on a UCLA administration server in May potentially breached the personal information of about 32,000 students. The university offered one year of free identity protection for students who may have had their information accessed.
“The university has a lot of information about you,” Hedges said. “This is really about protecting you.”
Students can activate multifactor authentication when they log into their MyUCLA page. If students enroll a mobile device as an authentication factor, they must also install Duo, a third-party mobile app, to link their device to their UCLA account. After supplying a phone number on the multifactor authentication webpage, students must scan a QR code with their device to fully link it to their account.
Hedges said students who do not own a cell phone or misplace their phone can receive temporary tokens from the Bruin OnLine office that they can plug in to any computer when logging into UCLA websites.
Students also receive 10 emergency codes when they first sign up for multifactor authentication that they can use to log in if they are unable to use their phones, Hedges said. She added UCLA is working on a 24-hour service that can help students who have broken or lost their cell phones log into UCLA internet applications.
To inform students of the policy, UCLA will hold several events next quarter, including tabling at various locations on campus, Hedges said. She added the administration will send out a
reminder notification on MyUCLA starting April 2.
Hedges said UCLA is the largest educational institution to use multifactor authentication.
“I know that other universities are looking to us to implement (multifactor authentication),” she said.
While some students felt multifactor authentication was an onerous process, others felt it was straightforward.
Melissa Rodriguez, a second-year psychology student who has already enabled multifactor authentication, said she thinks while there are many steps required to set up the system, the mobile phone authentication is relatively simple to use.
“I just log in and then it automatically sends a notification and I approve it,” she said.
Riley Reyes, a fourth-year chemical engineering student, said he thinks the additional security protections are unnecessary.
“It’s just an extra step I don’t want to do,” he said. “I don’t worry someone is trying to hack my CCLE.”