UNIVERSITY PARK, Pa. — Beginning May 12, all Penn State students will be required to enroll in and use Two-Factor Authentication (2FA) to access the more than 2,300 sites and services protected by WebAccess.
WebAccess is the University’s authentication system that protects such systems as Canvas, Outlook and LionPATH.
Used by faculty and staff since 2016, 2FA provides a second layer of security when users attempt to login to Penn State services by sending a message to their mobile devices that verifies their identity. To date, more than 45,000 students have enrolled in 2FA.
Students are encouraged to enroll more than one device (such as a smartphone, tablet or desk phone) to avoid difficulties authenticating if their only enrolled device is unavailable.
Students who are not enrolled after the May 12 deadline will be prompted at the time of login (via WebAccess) with instructions on how to enroll. Once enrolled, they may continue the log in process.
Penn State’s Office of Information Security identifies and repels numerous attempts by cyber criminals to breach University systems and steal account credentials daily. Implementing 2FA has been a key part of the University’s strategy to combat these attempts because it is very effective and often stops attackers in their tracks.
Increased security is particularly important during this period of remote instruction.
“We have already seen a surge in phishing victims, with 2,500 detected in the last three months alone,” Acting Chief Information Security Officer Rich Sparrow said. “Last year, the total number of attacks detected for the entire year was 3,500.”
The effects of account compromise can be particularly harmful for students. Attackers who gain access to student accounts could drop classes, alter enrollment and tuition, and attempt to acquire important financial information and redirect funds.