Why is two-factor authentication (2FA) being applied to email?
Many university email accounts contain confidential and sensitive information. Phishing attacks via email represent a potential source of account compromises with the University of Missouri System. Additionally, email is used to communicate with faculty, staff and students when changes are made to their profiles and systems holding personal information.
For example, when an employee changes their password or payroll deposit information, an email is automatically sent to alert them to the change, and what they need to do if they didn’t make the change themselves. When an employee or student is the victim of phishing, attackers may use the account information to log into the individual’s email account and delete these notifications.
Why is 2FA being applied to MU Health first?
MU Health is the custodian of sensitive information within the University of Missouri System; therefore, we are starting our implementation with MU Health to further enhance the security of this sensitive information. 2FA for email will be applied across the remainder of UM System for faculty, staff and students in the coming months.
Why will 2FA be applied to student accounts in the future?
Many students at each of our universities benefit from being part-time employees, and many are involved in research activities or serve on various committees. University faculty and staff must be able to communicate with students securely, so the same protections being extended to faculty and staff will be used to protect student accounts.
How often will I have to use 2FA when using webmail?
MU Health users will be required to use 2FA to log into webmail after Oct. 6, 2019. The first time a MU Health employee logs into webmail, 2FA will be required. After that, 2FA will be required every 30 days or when an employee uses a new/different computer, a new browser, or when automated monitoring tools indicate suspicious account activity.