Destry Adams
If you are employed at NC State, you know the horrors of Google 2-Step and Duo Security — Two-Factor Authentication, or 2FA for short. We all scoff at 2FA, thinking, “Why do we need this?” or “It’s so annoying.” I get it; it’s annoying having to pull out your phone when you try to log in on a different computer. However, it is there to protect our accounts from being breached by unauthorized personnel through phishing attacks.
The NC State Office of Information Technology (OIT) describes phishing as attempts made by cybercriminals to steal a user’s information. Phishers often send emails, phone calls and text messages pretending to be someone legitimate, like a bank or a professor.
2FA can be a nuisance, even downright infuriating at times. Yet considering how many cyberattacks and phishing attempts NC State potentially faces, it is necessary that students who don’t have 2FA enroll in the service to prevent hackers from breaching our accounts.
Stan North Martin, senior director of communications and consulting for OIT, described the function of 2FA.
“[Duo Authentication and Google Two-Step] are an additional layer of protection for your accounts,” Martin said. “You have to have a token or device with you that confirms, that says you are who you say you are.”
Both Duo and Google 2-Step require students and staff to use an app or enter a code when accessing their accounts on different devices. If students and staff don’t have their phones with them, they can print out one-time use codes to access their accounts.
Martin said 2FA helps prevent unauthorized personnel from breaching a student or faculty member’s account. Just because your account has been compromised, or someone has your credentials, doesn’t mean they have full access to your account.
If someone steals your credentials and you lack 2FA, they can gain access to your personal information, like addresses, bank accounts and social security numbers. With 2FA, these cybercriminals might have your credentials, but they can’t access your Gmail, Moodle, MyPack Portal or other NC State-affiliated services.
One breached account from someone without 2FA can also put other information at risk.
“We have had situations where an employee’s account has been phished, and the account was used to send out emails … to other individuals from that person’s contact,” Martin said. “It looks very legitimate. We have had situations where one account was compromised because of a phish, and that ended up compromising other accounts.”
NC State is trying its best to prevent phishing scams from reaching students. While NC State has developed AI to attack any phishing attempts, some manage to slip through the cracks. Luckily, OIT has listed several ways to detect phishing attempts, such as making sure the email address ends with ncsu.edu, hovering over suspicious links to see the web address, and never sharing sensitive information online.
Unfortunately, some people will have their accounts compromised, but 2FA makes this much more difficult. If students or staff discover their accounts may have been compromised, they should contact the NC State Help Desk for further instructions.
Although 2FA is not required for all students yet, it will be in the near future. Regardless, students should enroll in 2FA to prevent cybercriminals from stealing their data, even if it means pulling out our phones just to sign onto a different computer.