Fact: Multifactor Authentication Adds a Layer to School Cybersecurity
Many of us have already encountered MFA. The process generally involves users correctly entering their passwords into various applications, after which they are prompted to enter a text code or approve the login via an authenticator app. That is an example of MFA using layers to ensure that the correct person is seeking access to a particular platform. MFA comprises many methods, but they are typically categorized as:
- Something you know, such as a password or PIN
- Something you have, such as a phone number or security key
- Something you are, using face recognition or fingerprint scanning
From this list of categories, you can see how MFA uses a variety of methods or layers to prove the correct person is logging in to the correct account.
DIVE DEEPER: K–12 Schools ratchet up cybersecurity on a budget.
Fallacy: MFA Provides a 100 Percent Security Guarantee
While MFA is an excellent way to keep unauthorized individuals out of sensitive accounts, it is not guaranteed to work 100 percent of the time. A savvy hacker can still bypass security using a popular technique called an MFA fatigue attack.
Attackers using this method will continuously text or call a phone with a second-factor authentication request, hoping the phone’s owner will approve it, giving them access to the protected account where they can wreak havoc. If this happens to you, the best response is to deny the continuous requests and contact your IT department.
I have seen this attack firsthand at my district, which is why I am testing different methods of non-phishable MFA.