In response to the escalating threat of cyber-attacks and the imperative to bolster network security, in the Spring Semester of 2021, the President’s Council, mandated the implementation of Multi-Factor Authentication (MFA) for all campus stakeholders, including employees, emeriti, current students and alumni.
Phishing attacks and data breaches pose significant risks to both individual accounts and institutional data. MFA serves as an additional layer of security for SUNY Potsdam M365 accounts. With MFA enabled, accessing your account requires two forms of verification:
- Something you know, such as your password.
- Something you have, like a passcode, physical device, or mobile app.
While the Microsoft Authenticator Application is the preferred authentication method due to its encryption, integration with our M365 environment, and reliability, it's important to note that certain authentication features, such as telephone and SMS text message, have been discontinued by Microsoft due to cybersecurity concerns.
Recognizing that not all employees have access to smartphones or may be reluctant to use personal devices for College business, CTS has endeavored to provide alternative, zero-cost methods. However, no viable zero-cost options meeting campus needs are available following the discontinuation of these methods.
As a result, in collaboration with College Administration and collective bargaining units, physical key devices for MFA have been procured. CTS will manage the campus key inventory, and faculty and staff requiring a key may obtain one from the IT Service Desk.
These keys are state property, and as such, the following guidelines apply:
- CTS will track the serial numbers of purchased security keys and the individuals to whom they are assigned. Upon an employee's departure from the College, it is preferable that they return the key to the IT Service Desk, akin to physical building keys returned to the physical plant. Unreturned keys will incur replacement charges to the employee’s department.
- In cases of loss or damage, it is the individual employee's responsibility to procure a replacement key, similar to campus-issued keys or cards.
- Malfunctioning keys should be reported to the IT Service Desk for assessment.
- Upon retirement, faculty members must return the campus-issued key, along with the campus-issued computer and other technology.
CTS will not distribute College-purchased MFA key devices to alumni or emeriti. However, information on the currently supported key device can be provided for individual purchase.
This policy will be periodically reviewed by CTS and the College to incorporate any changes to available MFA methods on campus.