CIO'S MESSAGE - February 3, 2021

Implementing Multi-Factor Authentication (MFA) to Enhance Security (for Employees)

Dear Colleagues,

Recently, a CSU campus experienced a ransomware attack.  That CSU campus had to pause their information systems and cut itself off from the Internet for seven days.  Eventually, the CSU campus neutralized the cyberattack by implementing multi-factor authentication (MFA), also known as two-step verification.  Learning from the lesson of that CSU campus, the Chancellor’s Office urged all CSU campuses to implement MFA as a preventative measure against cyberattacks. 

At present, approximately 1,000 CSULB employees with access to sensitive CFS information or that manage information systems and services have been using MFA.  We expanded the use of MFA to all students on January 27.  Now, we will extend MFA to the rest of our employees on February 24.  We anticipate that MFA will help us significantly reduce the risk of falling victim to cyberattacks

What to Expect

Beginning Wednesday, February 24, those of us who are not on MFA will be prompted to use  Microsoft MFA when we access Microsoft desktop applications or chiclets in Single Sign-On (email, OneDrive, Office Apps).  A quick, one-time activation process will be initiated the first time we access a Microsoft desktop application, such as Outlook, or click a Microsoft chiclet.  After completing this process, we will be required to use our second factor authentication each time we access a Microsoft service.

For University-licensed Microsoft desktop software installed on personal or University-owned devices, we will be prompted for MFA approval upon first login. The successful MFA login will be remembered and there will be no prompt again for MFA unless the application has been inactive for 90 days or the password is changed.

What are My Two-Step Authentication Options

1. ​The easiest and recommended option is to download and use the Microsoft Authenticator mobile app. This app is free to download for Apple and Android devices (mobile phone, tablet, Apple Watch) and simplifies the two-step process by allowing a one-touch login.
2. Using the SMS text delivery code to mobile devices
3. A land line phone call

A hardware token can be provided for CMS users who cannot use the above options.  Please consult with your Administrative Services Manager (ASM) about obtaining a hardware token.

What We Can Do to Prepare

For a smoother experience, we encourage all of us to pre-register your device and setup multiple authentication options in advance.  The Microsoft Authenticator app method has proven to provide the most convenient overall user experience after it is set up. 

Additionally, if you frequently access your campus email via SSO, consider using the Outlook desktop application on your computer(s) configured with your CSULB email to take advantage of the 90-day MFA retained authentication mentioned above.

To learn more about the service, please see the following documentation and frequently asked questions (FAQs), including videos to preview the process. 

• MFA at CSULB Project Page
• Microsoft MFA Service Page
• Microsoft MFA FAQs

If you have questions or need assistance, please contact please contact your area’s technical support or the Technology Help Desk at 562-985-4959.

 

Brian Jersky, Ph.D.

Provost and Senior Vice President for Academic Affairs

 

Scott Apel

Vice President for Administration and Finance

 

Min Yao, Ph.D.

Vice President & Chief Information Officer