Skip Navigation
Services

Multi-Factor Authentication for Users

You hear about it almost every day in the news: hackers successfully gaining access to sensitive information while exploiting stolen data for personal financial gain. Although Hopkins as made some significant advancements in threat prevention, detection, and mitigation; we continue to strengthen our IT security posture to unprecedented levels.

One of the biggest methods of attack seen today is when a user account becomes compromised due to phishing. Report after report describe how easily some individuals fall victim to phishing attempts. Couple this with an already inherently less secure username and password, and you have a perfect example of how a hacker gains unauthorized access. This is why we require everyone to enroll their account in our myIT Login Code system.  An account which has been protected with Multi-Factor Authentication (MFA) makes hacking much more difficult, if not nearly impossible. 

What's Multi-Factor Authentication?

Multi-Factor Authentication (MFA) combines more than one method of authentication to verify your identity. There are all sorts of interesting ways to implement MFA (such as scanning your fingerprint, typing in a one-time passcode, and/or providing an answer to personal questions). As you might guess, some methods are more secure than others. And thanks to social media sites, determining someone's maiden name or the date to their wedding isn't as difficult as it was just a few years ago. Here at Hopkins, we offer three forms of secondary authentication: myIT Login Code (recommended), myIT Security Alerts, and Secret Questions and Answers

What's the difference between the myIT Login Code and myIT Security Alerts?

The myIT Login Code generates your passcode directly from within your smartphone or workstation through the use of a small application called an "Authenticator". Unlike our myIT Security Alerts system, the myIT Login Code system negates the need to have any cellular service when retrieving your passcode. The myIT Security Alerts system sends a one-time passcode through SMS text message and because of this, the myIT Security Alerts is inherently less secure as hackers can potentially intercept your passcode.  This is why we recommend that you enroll in our myIT Login Code system.

Why can't I continue to just use a password when authenticating?

To be honest, passwords are usually too short and too easy to guess. Have you ever created a password with a number on the end and just incremented the number by one each time you have to change it? Have you ever used the same password for multiple websites? We could go on and on as to why passwords are insecure, but the one effective way to combat weak passwords is to leverage MFA.

 

If you have any problems or questions, please contact enterpriseauth@jhmi.edu.