UCLA making campus workers use multifactor authentication online
Employees who do not enroll in multi-factor authentication by October 31 will not be able to access UCLA websites and applications. (Daily Bruin file photo)
By Jacob Preal
Oct. 10, 2017 1:12 a.m.
UCLA is requiring faculty, student workers and staff to enroll in a security enhancement for their login to UCLA internet applications by Oct. 31.
All campus faculty, staff and student workers will be required to use multifactor authentication when signing into UCLA applications, said Andrew Wissmiller, associate vice chancellor of information technology services, in a staffwide email last week. However, UCLA Health organizations, including the David Geffen School of Medicine and Ronald Reagan UCLA Medical Center, do not need to enroll in UCLA logon multifactor authentication.
Multifactor authentication is a security system that requires two methods of identification to protect a user’s identity. In addition to providing the password to log into MyUCLA, the user will have to choose a second authentication factor from an application, a text message or phone call.
Campus workers can activate multifactor authentication when they log into their MyUCLA page. If workers choose to enroll a mobile device as an authentication factor, they must also install Duo, a third-party mobile app, to link their device to their UCLA logon. After supplying their phone number on the multi-factor authentication webpage, workers must scan a QR code with their device to fully link it to their account, according to the UCLA Information Security Office.
Workers can also add a backup device as an additional authentication factor.
Employees who do not enroll in multi-factor authentication by the Oct. 31 deadline will not be able to access UCLA websites and applications, including CCLE and MyUCLA, until they enroll in the program, according to the UCLA Information Security Office.
Wissmiller said in the email UCLA is implementing multifactor authentication to protect against malware attacks that may compromise information housed on campus servers. He added cybercriminals may target collective material, like UCLA’s intellectual property and research, as well as personal data, like individuals’ financial and personal information.
Wissmiller said there is currently a high rate of compromised passwords at UCLA and these pose a threat to UCLA’s security.
UCLA officials announced in July that a cyberattack on a UCLA administration server in May potentially breached the personal information of about 32,000 students. The university offered one year of free identity protection for students who may have had their information accessed.
