On April 13, New Mexico State University will mandate two-factor authentication for everyone’s Office 365 apps in the NMSU system. 

Two-factor authentication (2FA) is an extra verification step that supports the 17-64 charter passphrase already required by the system. Users will have to download the “Microsoft Authenticator” app to use 2FA. When logging into Office 365, users will be asked to authenticate from their smartphone using what they use to unlock their phone, i.e., face scan or passcode. If they don’t have a smartphone, they will be called on their cell or landline. 

The app will work regardless of cell service or internet connection. 

NMSU is currently offering an opt-in period from Dec. 15 through April 13. However, the full rollout will begin on April 13, and it will be mandatory to get into all Office 365 apps. In the next couple of months other NMSU websites will be added like Canvas and Banner. 

NMSU Chief Information Security Officer John Roberts encourages everyone to sign up before the mandatory date, to reduce stress if they have an exam. 

Roberts said single sign-on does not offer the same protection as 2FA. This leaves important information like social security numbers, financial aid and direct deposit information vulnerable to hackers. 

“It is up to [NMSU] and you to protect that data,” Roberts said. 

Phishing emails are the leading cause of security breaches in the NMSU system. Opening a link or an attachment can cause a virus to attach to your computer, allowing hackers to retrieve personal information. 

“We only deliver about .9% of the emails that we receive and so that will tell you how many terrible emails are coming out. We have an appliance that filters out all the rest… but you can only tighten the screws so tight before you start impacting real email,” Roberts said. 

Some bad emails still get through the system. Roberts says the real “weak point” is the knowledge about security.  

“Students and staff are on the frontline and you’re the ones we’re going to get hit and we really want you to understand you know and be confident out there,” Roberts said.  

Roberts said it [the program] will trust a computer and students and employees can opt to “not be bothered” for 30 days following the first authentication. 

Gabe Doherty, a graduate student studying Agricultural Extension Education, is not worried about the new implementation of the 2FA system. 

“I’m not opposed to the idea of two factor authentication. If those in administration and the IT experts are of the opinion that will make our information safer and less compromised towards those who want to hack the system,” Doherty said. 

However, Doherty is concerned that 2FA could discourage some students from using the Office 365 apps because of the extra hassle.
 

“I don’t log into Canvas and Banner a lot but a lot of times when I do I’m in a hurry and I need to print something within the next 15 minutes,” Doherty said, “[2FA] is not a bad idea, but if it’s discouraging students from using services, maybe that’s something to look at.”