West Lafayette faculty and staff will be required to use Microsoft Multi-Factor Authentication as a security measure to protect their Purdue emails, ITaP announced Monday morning.
Microsoft MFA protects users by requiring a second form of authentication, in addition to one's career account password, when signing into Office 365 applications (including Outlook email). Options include receiving a text message, audio phone call or using the Microsoft Authenticator App to authenticate.
The extra layer of security is aimed at preventing phishing scam attempts, the Purdue News release said.
Over 4,600 accounts were compromised in 2021 when faculty, staff or students clicked on the link attached to emails falsely promising "anything from part time jobs to free pianos," Purdue spokesperson Tim Doty said.
Faculty and staff were initially alerted to the shift from Boiler Key to MFA in October, the release said. Around 6,000 have already started using it, Doty said in an email.
Those who haven't signed up to use Microsoft MFA will receive an email on Tuesday with instructions on how to set up authentication for their accounts, according to the release. Users will then have two weeks to set up their authentication method. After the two-week period, faculty and staff on the West Lafayette campus who have not set up an authentication method will be unable to access their email until multi-factor authentication setup has been completed.
Faculty and staff can set up their accounts here.
Though the release says the change will only be made for faculty and staff, an Exponent staffer received an email from ITaP on Jan. 14 saying they were selected to take part in an MFA test program. They were sent another email on Jan. 18 saying they had 14 days to sign up or they would be locked out of their Outlook email. As of Tuesday, about 23,000 students have started using it, Doty said.
ITaP is rolling out the new registration process in waves, Doty said. Only some students have been notified to register so ITaP isn't overwhelmed with calls for support.
Microsoft MFA differs from Boiler Key in that it doesn't require authentication each time a user logs into an account. Instead, MFA authentication is required only every 90 days or when signing in for the first time on a new device.
An ITaP representative said nobody was available Tuesday morning to answer questions, but that someone would call back in the afternoon. No call was made as of Wednesday morning.