...

MFA Fatigue: A Growing Headache for Universities (and How To Combat It)


Multifactor authentication is a must for defending against cyberattacks at colleges and universities. But what happens when those extra layers of security start to wear people down? That’s MFA fatigue. It’s the frustration that users feel when they’re repeatedly hit with MFA prompts, and attackers are ready to exploit this.

Why Higher Ed Is a Prime Target for Cyberattacks

Higher education institutions are, unfortunately, a favorite target for malicious actors for a few reasons. First, student data is incredibly valuable; it contains personal health information and financial details that can be sold on the black market. Second, the open and supportive nature of higher education environments can lead to employees being more susceptible to phishing attempts.

Click the banner below to learn what it takes to build a cyber resilient higher education environment.

 

The good news is that you don’t have to choose between frustrating your staff and leaving the door open to hackers. Here are some ways to fight MFA fatigue.

Get Smarter With Risk-Based Authentication

Not every login needs MFA. Adapt your process to risk level. Low-risk actions shouldn’t need them, saving your staff the hassle.

Teach Staff How To Identify Suspicious Requests

People are your first line of defense. Teach staff, educators and administrators the value of MFA, how to identify suspicious requests and why higher education is such a tempting target for cyberattackers.

Consider Security Keys or Biometrics

Look into advanced standards, such as Fast IDentity Online 2, or FIDO2, that use security keys or built-in biometrics. These are harder to fake and less annoying for users.

Explore Alternative Notifications

Push notifications are simple to set up but are the easiest to abuse. Explore alternatives, such as one-time codes or hardware tokens.

EXPLORE: Learn how to execute an incident response plan.

Have a Plan for When Cyberattacks Happen

Train staff on how to report attacks related to MFA fatigue. Swift action can drastically limit the damage. And don’t authenticate employees into oblivion. To limit unnecessary prompts, adapt their frequency based on user history.

Offer Clear Explanations To Avoid MFA Fatigue

Give context with MFA requests, such as device or location. A little information helps people make better decisions.

Combatting MFA Fatigue Is Not Just About the Tech

Ultimately, it’s a balancing act. MFA fatigue highlights the fact that good cybersecurity isn’t only technical. It’s about making security work with your staffers, not against them.

Source link

#MFA #Fatigue #Growing #Headache #Universities #Combat