Skip to main content


Repost Message will copy the article into draft mode and enable you to edit/change dates and information.
Do not change the dates of this posting because it will affect the original.

MCC Daily Tribune

(MFA) Multi-Factor Authentication 101 at MCC

What is MFA? 

Traditional authentication involves a username and password to gain access to protected resources. Many organizations have moved on to using multi-factor authentication, where the second factor is one of the following:

  • Security questions*
  • Access to a predefined email address or a text message sent to a phone number*
  • The use of an authenticator app
  • A hardware security token
  • Biometric factors

* Now considered insecure

The general principle is that one factor is something you know (your password) and the second factor is something you possess (this being the tokens produced by your authenticator app or hardware security token).

What does MFA do for me?

MFA acts as a second line of defense in the event that someone guesses your password, your password is leaked via a breach, you accidentally give away your password to a malicious third-party, or malware on one of your devices harvests your password after you type it.

For your own protection, you should enable MFA or two-factor authentication (2FA) on any service you access using a username and password.

You probably already do this when you access many of your personal accounts, particularly when logging on to your banking and investment websites.

What does MFA do for MCC?

We have all seen the news articles about colleges and K-12 schools having to shut down for days or weeks at a time following ransomware or similar attacks.  These attacks have hit close to home, both literally and figuratively, disrupting operations at Victor Central School District and Rensselaer Polytechnic Institute in 2021 alone, among many others.  While we aren't privy to the intimate details of each event, broad consensus is that they all start with a compromised username and password combination; if people with bad intentions gain access to valid user credentials, other security measures can unravel quickly without a second line of defense in place.

The trickle-down effects of a successful attack at MCC would be enormous. Any breach of personally identifiable information or an attack that disrupted the teaching and learning process by bringing our services offline for an extended period of time could put us in the headlines for all of the wrong reasons.

Additionally, the SUNY Chancellor has communicated to SUNY College Presidents the expectation that MFA controls are implemented to protect campuses from cyber attacks.  As such, we have been working to develop a solution that can be introduced as soon as possible in order to protect students, faculty, staff, and college operations.

While there is no silver bullet to stop ransomware or data leaks, MFA is generally considered as close as we can get to one at this point in time.

More to come soon!

Eileen Wirley
Technology Services - AVP Office
07/19/2021