Phishing attempts. Ransomware demands. Data breaches. Hacking systems. Threats to the security of computer networks, systems, and stored information are rapidly increasing. Beloit College is not immune from this growing risk.
As part of an increased emphasis on the security of campus systems and information, LITS is announcing a significant change to the process that faculty, staff, and students use to login to Beloit College computer systems - specifically, Gmail, School Dude, Google Apps, Office 365, Moodle, Swank, and the Portal.
One of the easiest ways for hackers to gain access to a computer system is by obtaining your login credential and password. That is the primary purpose of the phishing emails that continue to land in our inboxes - getting your username and password. While we may never be able to eliminate those emails, we can provide a better method of protecting your account from hackers getting into college systems — that method is multi-factor authentication (MFA).
Many of you have probably used MFA even if you didn’t know what it was called. For example, MFA happens when entering a pin number when you use your debit card or having a banking website send a code to your phone that you must use to access your account. The process is not difficult and it greatly increases the security of your credential and the accounts that you need to access.
Beginning at 9 am on Tuesday, February 9, 2021, all Beloit College employees and students will be required to use MFA to access the Portal, Google Apps for Education, Moodle, and other campus resources.
This means that you will need to provide two pieces of evidence to verify your identity when you log in to your Beloit College account. One will be your existing username and password. The other will be choosing one of the following 3 options that you will need to set up in advance:
These 3 methods are required for everyone to set up:
- Answering 3 of 5 security questions correctly.
- Entering a code that can be sent to a non-Beloit email address
- Entering a code that can be sent via text (SMS) message to your cell phone
These 2 methods are optional and not required to be set up or used.
NOTE: If you do not have a mobile device capable of receiving an SMS message or a non-Beloit email address, please contact LITS support at firstname.lastname@example.org.
How to set up your MFA
Sign in to password.beloit.edu with your Beloit username and password. (You may be asked to re-enter your password; if so, enter and click Submit.)
Select and answer five security questions with answers that are known only to you, then click Submit.
- Click the Email Recovery tab and enter an alternate (non-Beloit) email address. A verification code will be sent to the address you submitted. Enter the code and click Verify to verify your email address.
- Click the Phone Recovery tab and enter up to two recovery phone numbers. A verification code will be sent via text message to the phone number you submitted. Enter the code and click Verify to verify your phone number.
When you have completed these 3 steps, close the tab on your browser. (If you want to set up a personal YubiKey device or the Google Authenticator app on your mobile device, you will find the directions here.)
These directions and additional information about using your MFA security option are available on this web page. If you have questions or concerns, please contact LITS support at email@example.com.
Thank you for your support of this new process to increase our security.