Important upgrade to 2Factor authentication coming soon

May 10, 2018
smartphone with app
MUSC students and employees can now download the new Microsoft Authenticator app (available for Apple and Android devices) that is required to access MUSC email from off-site.

Data security is important to everyone today, especially as it relates to securing personal, professional and financial records stored online. The media reports mass breaches to security on a daily basis.

According to Steven Cardinal, a senior information security analyst in MUSC’s Information Security Office, MUSC successfully blocks more than 500,000 spam and malicious emails every day. Cyber attackers are using various methods to steal usernames and passwords to gain access to sensitive systems where they can steal data and launch attacks against others.

Recently, foreign hackers were able to bypass MUSC’s existing 2Factor phone authentication system. MUSC stopped the hackers from doing major damage, but this incident shows the need to upgrade security measures. Therefore, MUSC is upgrading its 2Factor authentication system to protect patients, students, faculty and staff from hackers who are more aggressive and getting savvier every day.

MUSC Information Solutions will be updating the system over the coming months. To accomplish this, all users will need to download an app to their smartphones by May 31. This app is similar to those used by financial institutions and email platforms and will generate a unique 6-digit code to your phone. This improvement coincides with the migration of email to Office 365 Cloud, an additional security upgrade that also will be revealed soon. These measures will replace the current phone call or app pop-up method of authentication.

How you will be affected by the upgrade

In order to continue receiving MUSC information off campus, you will need to complete these three easy steps by Thursday, May 31.

1. Download the free Microsoft Authenticator app. It’s available for both Apple and Android devices.
2. Register your smartphone. Leave the app open while accessing 2factor.musc.edu.
3. Follow the registration steps on 2factor.musc.edu and scan the registration code with the app on your smartphone.

Once you have registered the app, accessing one of MUSC’s remote services such as webmail (OWA), VPN or Webapps will require you to open the app on your phone, access the remote service, and, when prompted, enter the 6-digit code displayed on the app. It’s that easy.

There is also a bonus: There will be no more phone calls every time you access email from offsite. The MUSC Information Services and Innovation Station staff will be around campus throughout May to communicate this process and answer questions.

This app upgrade must be completed by May 31. To install the new phone app, visit https://2factor.musc.edu for instructions. If you have further questions, contact the MUSC Information Security Office.

Using 2Factor

•Log in to your MUSC system — Web Mail, VPN, or Webapps — as usual, with your NetID and password.
•When the system prompts for a 6-digit code, open the Authenticator app on your smartphone.
•Enter the 6-digit code from your app into the system prompt, and hit Enter.
•Use the system as normal.

Registering your phone for 2Factor

If you don’t already have it, install the free Microsoft Authenticator app on your smartphone using either the Apple or Google app store.
The steps to configure the app vary depending on if you already have a 2Factor account. Visit https://2factor.musc.edu for instructions.
Information Solutions will have resources on and off campus to help you. Watch for live events in your area.

2Factor Upgrade FAQ

What is 2Factor?
A factor is just a fancy word for method. One method for logging in to a computer is with a username and password. When accessing a computer from the Internet, we ask for a second method to confirm you are who you say you are, since attacks come from all over the world and passwords are easily stolen and re-used. That method may be something like a code on a smart phone that we know is yours.

Why are we changing now?
Attackers have gotten much better over the past few years and have increased their attacks against hospitals and universities. MUSC must continue to be a leader in protecting our patients, students, faculty, and staff. With a large number of technology projects moving MUSC into the cloud, now is the best time to make this change and ensure those projects may proceed safely.

Is 2Factor hard to use?
We don’t think so! Information Solutions will have plenty of resources available to help you setup your smart phone to use 2Factor and show you how to use it. We think you’ll appreciate that there will be no more 2Factor phone calls in the middle of the night.

I access my email from my phone. Will I need to use 2Factor?
A. If you have MUSC’s MDM installed on your phone, you can keep using your mail app (Apple Mail or Android Touchdown) without having to do 2Factor. If you access your mail using a browser, you will have to use 2Factor, same as if you’re on a PC or Mac connecting from the Internet.

What if I have more questions?
Send an email to the Information Security Office with your questions and we’ll provide answers to you.