Multi Factor Authentication coming for students

A photo of someone using the Microsoft Authentication App CREDIT: FANSHAWE COLLEGE
Multi Factor Authentication will soon be required for students attempting to access Fanshawe resources while off campus or from a VPN.

Starting Nov. 6, students looking to access Fanshawe resources off campus or through a VPN will be required to use Multi Factor Authentication (MFA) as part of their login process. Students will not be required to use MFA if they are using the college’s wireless network or accessing Fanshawe resources on an on-campus device.

MFA is a method that requires users to use two or more verification factors to access a resource. Rather than simply using a username and password to access Fanshawe resources, students will also be required to verify their identity through the Microsoft Authenticator App. Students are encouraged to download the app onto their devices prior to Nov. 6.

The Fanshawe apps that will require MFA are:

The Fanshawe College Student Services and Here For You logos are shown. A young woman is shown sitting at a desk. Text states: Support comes in many forms. Experience flexible seervices that support you where you are. go.myfanshawe.ca/hereforyou

  • FanshaweOnline (FOL)
  • Page 1+ (library account)
  • StarRez (Residence portal)
  • WebCheckout (loans system)
  • Global Protect (VPN)
  • WebEx
  • Apps Anywhere
  • Microsoft applications and services (M365) including:
    • Word
    • Excel
    • PowerPoint
    • SharePoint (used to access this site and team sites)
    • OneDrive
    • Teams
    • Outlook Email (any client or application that connects to your email)
  • IMLeagues
  • Cornerstone
  • Archibus
  • Salesforce
  • People Admin
According to Craig Reed, Fanshawe’s Senior Manager of Information Security, the decision to implement MFA came about because the college identified the need to strengthen its digital security. “It’s a generally accepted tool that an organization can put in place to help strengthen their security, to safeguard not only the user’s information, but also safeguard the college’s information,” Reed said. “If a cyber attack gains access through a more simplified security approach, they could have access to whatever resources that account holder would normally have access to. So we’re not only protecting a person’s information, we’re protecting the college as well.”

MFA is becoming more and more commonplace across various platforms, with Data Management and Communications Facilitator Tina Chappell calling it, “basically industry standard.”

“Everywhere we go, we’re being asked to do that,” Chappell said. “It’s just becoming a standard with any sort of technology and digital information.”

MFA was implemented in waves for staff at Fanshawe over the past year. Chappell, who was a key member of the implementation team for staff, noted that there was some feedback regarding the change but that the extra step of MFA makes a big difference when it comes to protecting sensitive information.

“You can’t say anybody will get excited, but they do say that it prevents 99 per cent of compromised accounts and so that one small, extra step that everyone has to take is well worth it for the gain,” she said.

The team also spoke with other colleges who have already rolled out MFA for students to learn more about best practices regarding implementation for students.

“They basically told us that students sort of handled it a lot more readily and easily than the employees did,” Chappell said. “I think students are more used to doing a lot of things on their phones or their tablets, more so than some of the staff are.”

Conversations about implementing MFA at Fanshawe began as early as 2022, with a pilot group testing the product and the process. Later in 2022, MFA was applied to the college’s VPN service. Employees were brought on board beginning late in 2022 and in phases through 2023 ending in July.

Both Chappell and Reed confirmed that since the implementation of MFA for staff, the number of successful malicious logins and login attempts to staff accounts has dropped “dramatically.”

For Reed, who has been an active player in the MFA planning process since the beginning, watching the rollout finally begin is “rewarding.”

“It’s a huge team effort to make this successful, with support going right up the chain to the senior executives,” Reed said. “And although [MFA] might not have been palatable or pleasing for everybody, it’s certainly an element that is needed and it’s something that we do so we can better protect ourselves.”

Students can download the Microsoft Authenticator App to their devices from the Apple App Store for iOS users or the Google Play Store for Android users. To learn more about MFA, check out MyFanshawe.