Secure logon – two-factor authentication

Secure logon

NMBU is about to introduce secure login (two-factor authentication) for staff and students. Several of NMBU’s services will eventually require secure login. Secure login has been used by online banking and services like Altinn, for years.

Why?

Many have experienced attempts to fraud them in to give up the user name and password. When the user name and password are astray, criminals (hackers) can access NMBU systems and manipulate, delete, or copy out data. They may use the access to attack or abuse NMBU’s IT systems or to take over and send out fake emails from NMBU users.

Having unauthorized control over your email, they can reset the passwords on any other services you use, and effectively block you from all of your digital life.

What is the secure login?

Secure login is about using at least two of the following combinations:

  • Something you know (eg your password)
  • Something you get (eg one-time code)
  • Something you have (eg NMBU controlled device)

To log in, you will need to go through the two steps of verification. To log in, you need to complete two steps of verification. The first step is to enter your password, as before, while the second step is a completely different layer of protection, in most cases, either a text message you receive, a code you extract from your own app or a code sent directly to your phone.

NMBU will mainly use passwords combined with one-time SMS text on services available outside the NMBU network.

Is it completely safe when using secure login?

No, it’s not 100% safe. For example, some may make fake webpages that also allow us to enter the one-time password at the same time as the password. We must therefore always be on guard. The advantage of two-factor authentication is that fraudsters can only act like us on one service and only once per fraud attempt (the codes are usually unique and only valid once)

So, even if that’s not certain, it’s so much safer that everyone should activate it.

Read more about secure login here: (external website).

Password advice from National Cyber Security Centre: https://www.ncsc.gov.uk/guidance/multi-factor-authentication-online-services

Guides to enable 2-step verification privately from Nettvett.no https://nettvett.no/2-trinns-bekreftelse/