Multi-Factor Authentication (MFA) at RIT

Recognize, Respond, Report

MFA fatigue refers to the weariness or frustration experienced by users when repeatedly encountering Multi-Factor Authentication prompts. While MFA provides a significant enhancement to user security, it also can lead to user inconvenience. If you begin to feel overwhelmed or annoyed having to repeatedly verify your identity through MFA throughout the day, you may be experiencing MFA fatigue.

Recognize
  • Recognize repeated failures; attackers often trick users into approving Duo prompts by repeatedly requesting access. 
  • Watch for frequent authentication requests; if you are receiving an unusually high number of Duo requests be cautious of potential threats.
  • Monitor Geographical anomalies; keep an eye on where the Duo requests come from, if it is an unexpected location be cautious granting access.
  • Beware of unrecognized devices; if a Duo prompt is from an unexpected device be cautious granting access.
  • If a Duo prompt differs from that of your usual authentication methods, be cautious of granting access.
Respond
  • Always verify that an MFA request is coming from you, your devices, or a trusted source before granting access.
  • After suspicious activity, immediately change your password; start.rit.edu
Report
  • If you believe you approved a fraudulent MFA request contact the RIT service Center by phone; 585-475-5000, or online; help.rit.edu to open an incident report.

Which RIT Applications use MFA?

MFA is currently required by RIT applications such as eServices, myCourses, myInfo, myLife and Peoplesoft. MFA is in the process of being rolled out to additional RIT applications.

Duo prompt

MFA Fatigue and Harassment

As MFA adoption grows, so does the risk of MFA fatigue, potentially leading to security vulnerabilities. MFA fatigue refers to the weariness or frustration experienced by users when repeatedly encountering Multi-Factor Authentication (MFA) prompts during their interactions with digital systems or applications. MFA is a security mechanism that requires users to provide multiple forms of authentication (e.g., something they know, something they have, or something they are) to verify their identity before gaining access to an account or system.

While MFA significantly enhances security by adding an extra layer of protection against unauthorized access, it can also lead to user inconvenience and reduced productivity. Users may feel overwhelmed or annoyed when they have to repeatedly enter verification codes, use fingerprint recognition, or respond to push notifications for each login attempt, especially if they access various systems throughout their day.