Multi-Factor Authentication (MFA) at RIT

Overview

RIT provides Multi-Factor Authentication (MFA) to selected information resources. All RIT faculty, staff, and students are affected.

What is MFA?

Multi-Factor Authentication (MFA) is an authentication method that helps ensure that only you are able to access your accounts. Rather than just using a username and password, you provide a second factor to prove it really is you. For RIT accounts, that second factor is provided by Duo. The second factor may be a text message, a push notification on your phone, or a phone call.

Which RIT Applications use MFA?

MFA is currently required by RIT applications such as eServices, myCourses, myInfo, myLife and Peoplesoft. MFA is in the process of being rolled out to additional RIT applications.

Screenshot of application using Duo MFA

MFA Fatigue and Harassment

As MFA adoption grows, so does the risk of MFA fatigue, potentially leading to security vulnerabilities. MFA fatigue refers to the weariness or frustration experienced by users when repeatedly encountering Multi-Factor Authentication (MFA) prompts during their interactions with digital systems or applications. MFA is a security mechanism that requires users to provide multiple forms of authentication (e.g., something they know, something they have, or something they are) to verify their identity before gaining access to an account or system.

While MFA significantly enhances security by adding an extra layer of protection against unauthorized access, it can also lead to user inconvenience and reduced productivity. Users may feel overwhelmed or annoyed when they have to repeatedly enter verification codes, use fingerprint recognition, or respond to push notifications for each login attempt, especially if they access various systems throughout their day.

Identifying an MFA Threat

Watch for Frequent Authentication Requests: If you receive an unusually high number of Duo requests within a short period, be cautious of potential threats.

Monitor Geographical Anomalies: Keep an eye on login attempts from unexpected or distant locations, which may indicate unauthorized access.

Beware of Unrecognized Devices: Exercise caution when receiving Duo prompts from unknown devices not associated with your regular access patterns.

Recognize Repeated Failures: Report repeated Duo failures to our IT team, as it may indicate brute force attacks or account takeover attempts.

Stay Alert for Unexpected Authentication Methods: If you encounter Duo prompts that differ from your usual authentication methods, be vigilant for possible security breaches.

 

Additional Resources

Please contact the RIT Service Center at 585-475-5000 or visit help.rit.edu for any problems or questions about MFA and Duo. 

For more information

Duo video explaining MFA (2FA)

ITS how-to information for MFA

MFA Fatigue