UTRGV’s additional level of data protection
Starting Tuesday, UTRGV will begin to require multifactor authentication, or MFA, for students to access ASSIST and student emails, among other services.
Four applications will require multifactor authentication, according to Isai Ramirez, UTRGV’s assistant chief information officer for Information Governance and Project Portfolio Management.
“They are the ones we consider to have some of the riskiest or most vulnerable data,” Ramirez said.
The first application that will require MFA is the ASSIST portal, where students go to view classes, grades and financial aid. Office 365, including all the Microsoft products that students access via the web, will also
require MFA.
The third is ProEd, which is also high on the list of priorities as it is a financial aid verification app that contains sensitive financial data.
“The last one, which may or may not go live Sept. 21 like the first three, is the V One Card application that students use to pay for things on campus,” he said. “That one is lagging a little bit behind, but as soon as it’s ready, it will require MFA.”
Students should complete their multifactor authentication registration and test it before the requirement goes into action.
If a student’s MFA test fails, or if they need any help at all, they can contact the Information Technology service desk for assistance, Ramirez said.
The IT service desk phone number for Brownsville, Harlingen and South Padre Island is 882-2020, and in Edinburg, McAllen and Rio Grande City, the number is 665-2020.
Multifactor authentication is the premiere method for protecting an individual’s data, according to Kevin Crouse, UTRGV’s chief information security officer.
“We exist to serve students, and every decision we make is based on that,” Crouse said. “This is a very easy step to implement [to reduce] the vulnerabilities for our student population and protect them.”
The FBI estimates that between 85% and 95% of all common cyberattacks are prevented by multifactor authentication, he said.
Other protection methods, such as encryption, may only help once the data is already stolen.
“So, it’s kind of like the back door,” Crouse said about encryption. “Multifactor [authentication] protects the front door of your house. So, that’s why it’s so important.”
MFA will help secure sensitive data from being stolen in the first place.
“In my line of work, there are no guarantees, there really aren’t,” Crouse said. “This extra step just makes
it more difficult for the bad guys, which means they will focus their energy on something that’s easier and cheaper to get to.”
University faculty and staff have already been using a multifactor authentication system for over a year, so this upcoming requirement is
new only to students, according to Jeffrey Graham, UTRGV’s chief information officer.
“It’s a lot like the two-factor you have if you have a bank account that requires two-factor or other systems,” Graham said. “[Multifactor] is something you know plus something you have.”
There are two requirements to satisfy before logging in with MFA: the individual’s login credentials and an additional confirmation code from
the Microsoft Authenticator app on the individual’s personal device.
Multifactor authentication will be required only when the student is off campus. If an individual is logging in to an account on campus, the university will be able to tell that they are using a secure campus server.
“Part of it is, a year and a half ago, there were students who lost financial aid,” Graham replied when asked why the extra measure was being added. “Not at UTRGV, but in systems around the country.”
The University of Texas System then introduced the multifactor authentication requirement.
“We can’t protect passwords all the time, because passwords can get compromised so easily,” Graham said. “So that’s why we’re doing it; it’s probably the best thing we can do to protect students’ data.”
UTRGV will continue to do its best to protect sensitive data from being compromised, and Ramirez would like to encourage the whole university community to be more mindful of information security in general.
“If we can create an awareness around information security … it would make me very happy,” he said. “We, a lot of times, do not realize it, but there are bad actors all across the world whose job it is to infiltrate, in an unauthorized way, our accounts.”
In the meantime, UTRGV’s IT service desk is available to help students whenever necessary.
“We really value our relationship with the students,” Crouse said. “Students should never be concerned about [contacting] IT or the [Information Security Office]. We’ll just do everything we can to not only help them but keep them safe.”
