Written by Bryce Ethridge, Asst. Entertainment Editor
Employees’ MyVSU accounts have experienced many security breaches over the past two years leading to the Department of Information Technology to create a new verification system.
The new verification system is called two-factor authentication or 2FA for short. According to Computer Specialist Rachel Martin, over 300 users—23 repeatedly—had their accounts compromised and a security team had to handle it. She said that these situations were the deciding factors to go to 2FA.
“It’s taking something you own, such as a mobile device and taking something you know, such as your password, for security,” Todd Mitchell, computer operator, said.
Mitchell said that for someone to be able to access your account they would have to have something you physically own such as your phone.
“They can know your password all they want,” Mitchell said. “In the case of a hacker, if they don’t have a physical device, it won’t work.”
Martin said that the two-factor authentication system only applies to people who have worked for Valdosta State University or have an Automatic Data Processing (ADP) record.
“Most students—unless they’re student employees—aren’t going to do this process,” Martin said.
During the first week of using the new system, users must set up a security question and from there they are prompted to get a code from the VSU mobile app, a phone call or a text message.
Martin said that after the first week of using the system, computers on-campus will automatically login without having to use 2FA. She also said that off-campus users of ADP or MyVSU will be prompted by the 2FA system.
“The reason behind that is because ADP—whenever you do password resets—is linked to your MyVSU e-mail,” Martin said. “Since ADP holds things such as social security numbers and bank account information, if your VSU e-mail gets compromised that gets your ADP compromised and all of that information is available.”
Mitchell said that 2FA was first implemented with the IT department in order for them to get accustomed to it. After that, the IT department continued to implement the system with other departments around campus.
“We started out with high priority departments like financial services and then, based on the priority, we’re doing it in waves,” Martin said.
Since Feb. 23, Financial services employees, Human Resources employees, University Advancement employees, social work employees, Athletics department employees, aerospace program employees, the office of the President and the office of Student Affairs have all had the 2FA system implemented.
Assistant Director for IT Services Malynda Dorsey said that no students’ accounts were compromised including current student employees. The only people that were affected were faculty, staff, and alumni who previously were student employees.
The assistant director reiterated that when she said compromised she did not mean hacked. She said that employees left their information up on a computer and another person or employee saw it.
Dorsey said due to this employee’s passwords could be reset using that information left on the screen.
Dorsey also said that in the future students can opt to have the 2FA system implemented on their accounts, but it won’t be mandatory since the system was originally meant to protect employee’s sensitive information.