By Jonathan Bradley
Students who enrol at Ryerson University this fall and onwards will have to use two-factor authentication when logging into their university email accounts, according to Brian Lesser, Ryerson’s chief information officer.
Two-factor authentication requires students to refer to a code on an authenticator app linked to their email account or by inserting a U2F key into a computer to access it.
“Accounts are being attacked all the time, and we need to do a better job of defending them,” said Lesser. “We’ve made a lot of progress, but two-factor authentication is required to really defend accounts. It’s not perfect, but using it is the single best thing you can take to defend your account.”
Ryerson’s cybersecurity team said that it wants all Ryerson email users, including existing students, to sign in with their password and two-factor authentication by 2022.
Lesser said they are starting with new students so two-factor authentication can become part of the process of setting up their Ryerson accounts.
He said that Ryerson’s cybersecurity team detected 79 account hijackings in 2018. In 2014, there were 1,170 account hijackings.
In 2017, 46 per cent of universities reported attacks, according to Statistics Canada. This was one of the highest levels of cybersecurity incidents of Canadian businesses who reported attacks in 2017.
Ryerson two-factor authentication has been mandatory for employees since last August. According to Lesser, as of Feb. 1, 2019, there were 2,838 students who had two-factor authentication.
Ryerson’s cybersecurity team detected 79 account hijackings in 2018. In 2014, there were 1,170 account hijackings
“So 95 per cent are only protected by their password,” he said. “That means those thousands of accounts are too easy a target.”
He said that hackers like to target email accounts because there are many activities they can do with them. Hackers can send out spam from Ryerson email accounts, look for banking information, and enter fake assignments into D2L.
If hackers receive access to a human resources system, they can change banking information, steal information for identity theft and more, he said.
Robert Hudyma, an information management technology professor, said that two-factor authentication is a great way to protect email accounts, but it is not entirely effective.
“Two-factor authentication will protect your email accounts in the event a hacker finds out your username and password combination. But it provides no protection if the communications channel or email server has been compromised,” said Hudyma. “The way to protect yourself from this…is to use encrypted email for all your communications.”
Tarab Shah, a second-year aerospace engineering student, said that she uses two-factor authentication for her Ryerson email because she is currently a part-time staff member with the Faculty of Engineering and Architectural Science.
“It’s very challenging to constantly keep a U2F key on me. I don’t keep a lanyard on me, and it’s one more thing to keep track of,” said Shah. “My phone doesn’t usually have a lot of space, so the Google Authenticator app is just inconvenient.”
Abhi Wagle, a fourth-year architectural science student, said that he believes two-factor authentication is a waste of time.
“It means that I always need to carry my charged phone on me wherever I go, or I don’t have access to my Ryerson account,” said Wagle.
Lesser said that two-factor authentication is a little frustrating to use at first. Although it might be a minor inconvenience, but he said he feels safer using it.