Security Advice from a Busy Student

Fingerprint and padlock on digital screen

By Jack Ballenger (Class of 2024)

During these two weeks of virtual classes, students will need to use Duo Mobile, an app for two-factor authentication (2FA), to access Canvas, Outlook, WebStac, and other WashU resources since they are not connected to campus WiFi. Two-factor authentication, also called multi-factor authentication (MFA) or two-step authentication, supplements your password as an added layer of security. This second factor may be a password, push notification, hardware token, or biometric data. At WashU, the second factor is the Duo Mobile app. Because of Duo Mobile, a cybercriminal would need to acquire both your login credentials and your phone to hack into your WashU accounts.

The use of two-factor authentication is required at WashU, but you can and should enable it on other accounts. In the past, I never enabled two-factor authentication on my accounts when it was not required. Like many of our readers, I am a busy student, and I simply found it faster and more convenient to log in using just my username and password. However, learning about the strength of two-factor authentication as a cybersecurity measure made me realize this was a mistake. According to Microsoft, 99.9 percent of automated attacks are prevented by using multi-factor authentication. Similarly, Google accounts with multi-factor authentication can stop almost all automated bots and bulk phishing attacks. Your information is not really secure if you only use passwords on your accounts. Account compromises are increasingly likely because of the evolution of password cracking techniques and the affordability of high-powered computing. In addition, many passwords are weak and used on several accounts.

After I realized that multi-factor authentication is an amazing mechanism for protecting my information, I enabled it on many of my accounts. Considering how effective MFA is at stopping cyberattacks, I recommend you do the same. If you do not know how to enable 2FA, the website 2FA directory will show you the details of the security that a website offers, and it provides information about enabling two-factor authentication for the account. When enabling multi-factor authentication, CNET recommends that you choose to use an app as opposed to SMS to access your account. An app is better at preventing account compromise than SMS is due to SIM swap fraud, where your calls and texts are routed to a cybercriminal’s phone. Additionally, this cybercriminal may also be able to find passwords for some of your accounts due to data breaches and other hacks. Since the criminal would have both factors, they would be able to access your account. Another suggestion from CNET is to save recovery codes when you enable multi-factor authentication by putting them in a password manager. If your second factor is lost, recovery codes are used for logging in to an account.

Take a moment to set up 2FA wherever possible, and you’ll keep your accounts and data safe from attackers. The time saved by using poor security practices is not worth the risks to your privacy.