By November 1, every student will need to set up multi-factor authentication (MFA) to login to certain applications requiring their CWL when off-campus.
UBC faculty and staff have already been using MFA, but starting next month students will be required to use it as well. The change comes amid increased knowledge and concern for cybersecurity and data privacy.
Phishing incidents are a common cybersecurity issue and have increased in recent years at UBC.
In January 2023, an email sent to students by Gage Averill, provost and vice-president academic of UBC Vancouver, and Rehan Sadiq, provost and vice-president academic of UBC Okanagan, read “[UBC has] received multiple reports of fraudulent emails being sent to UBC students,” with certain cases resulting in financial loss or identity theft.
In a statement sent to The Ubyssey, Jennifer Burns, associate vice-president, information technology, and chief information officer at UBC, wrote the move to MFA is a proactive effort by UBC to "keep data safe and protected.
Students are required to use the Duo Mobile app for MFA in most cases. To use Duo, students need to access their mobile phone to approve CWL logins on other devices. Faculty and staff also have access to secondary authentication by SMS or phone.
UBC is not the first university to implement MFA. Burns wrote “over 300 educational institutions in North America, including UCLA, Harvard, the University of Toronto, and Toronto Metropolitan University,” are all using Cisco Duo to implement double authentication.
According to Burns, MFA offers an additional layer of protection by ensuring the user's identity is verified through their password and the Duo app.
In November, MFA will be limited to the Student Service Centre, UBC Email and Office 365. However, Burns wrote it will expand to Canvas and UBC VPN “in the coming months” and to all UBC applications and services requiring the CWL in the future.
If on a personal device, using a browser's 'remember me' option to stay logged-in can avoid the use of Duo.
However, the UBC service-now site does say “you will likely be prompted for a second factor if you're logging into an application that requires a higher level of security, regardless of whether you have the ‘remember me’ option set.”
Another common concern with MFA is the need for two devices to log on to UBC systems. In cases when a student does not have two devices available, the IT Service Centre will be able to issue a temporary password or access code through a support line.
UBC has also started a forum with frequently asked questions to help students.
Burns said UBC Information Technology will continue to ensure community members are protected online using the best recommended practices and offer help to students during the transition.
“By implementing MFA protection for all UBC community members using their CWL from off-campus, the university is committed to providing a secure digital environment that protects personal information."
Share this article
