Multi-factor authentication is coming for faculty of arts students, here’s what to know

The security measure is being rolled out one faculty at a time and will soon be required for all KPU accounts

Whether you see it as an inconvenience or a security measure, all KPU students will need to set up multi-factor authentication. (Unsplash/Ed Hardie)

Whether you see it as an inconvenience or a security measure, all KPU students will need to set up multi-factor authentication. (Unsplash/Ed Hardie)

Multi-factor authentication (MFA) will be required for all Kwantlen Polytechnic University faculty of arts students beginning Feb. 29, extending to all KPU students in the fall. 

Students will be required to download an authenticator app or hardware token to their smartphone to access web services through one.kpu.ca. There are already nearly 4,000 students using MFA since its introduction last year.

MFA was first introduced to the Melville School of Business last year, in part due to an increase in phishing emails being sent to students. Phishing emails pose great cyber-security threats, including the potential for malware to breach into student devices and across networks.

Last year, 85 students fell victim to phishing. 

Robert Ball is the KPU director of information security, a division of the information technology (IT) department that works specifically to protect the confidentiality, integrity, and availability of KPU’s data and systems. 

“[MFA] is part of our ongoing effort to improve cybersecurity, across the university for staff and students. It’s to protect student accounts from theft and cybercrime [in an] ongoing effort to to improve information security across KPU,” Ball says. 

The MFA system prevents cyber criminals from using students’ login credentials obtained through phishing emails by adding a second layer of authentication to sign-in. 

“Cyber criminals will not have that code or that token, so it prevents that from a successful authentication by an unauthorized third party,” Ball says.  

However, some students fear it will cause more frustration than effectiveness in the long-run. 

“I don’t think it’s all that effective. … I see the need for higher security in personal accounts, but I also feel like multi-factor authentication with the way it is now is just more frustrating than it is productive,” says KPU student Arry Schumacher. 

Schumacher says despite seeing phishing emails in his accounts, they would rather do without it until a better alternative comes around. 

MFA systems like these are becoming standard across most universities, businesses, and institutions, Ball says. While it can’t stop phishing emails from happening, MFA does mitigate the risk. 

“We’re doing all we can to make it easy for the students to do,” Ball says.  

“Multi-factor authentication in itself now is common for all businesses, not just universities.

… It’s pretty well a requirement now as one of the basic security requirements for everybody.” 

How it works

Those with mobile devices are encouraged to download the Microsoft Authenticator or Google Authenticator, with a preference given to Microsoft which integrates smoothly into KPU’s existing Microsoft accounts.

Students without access to a smartphone can download Authy for Windows, Mac, and Linux, or contact the service desk for assistance. 

After enabling MFA, when entering your username and password, you will be prompted to use your chosen MFA method. This may look like entering a time-based one-time password or number matching in the Microsoft Authenticator app.

Students have the option to sign up ahead of the required date, after which point they will be required to have MFA enabled to access student accounts. 

For more information, visit the MFA information page and the MFA frequently asked questions page.