Skip to page content
go to the Penn State home page
  • Home
  • Service Status
  • Services
  • IT Staff
    • Log in to the ServiceNow Tool
    • Service Management Processes
    • Browse Service Request Forms
    • Service Standards
  • Log in
  • Home
  • Knowledge
  • Public Knowledge Base (Knowledge Base)
  • Account Management
Knowledge Article View
KB0012979 - Latest Version - Copy Permalink
7.0 - Updated on 03-07-2023 by Sarah Kate Dills (swd5237)
6.0 - Updated on 05-02-2020 by Eileen Mershon (ejm5988)
5.0 - Updated on 04-09-2020 by Eileen Mershon (ejm5988)
4.0 - Updated on 03-09-2020 by Eileen Mershon (ejm5988)
3.0 - Updated on 02-26-2020 by Eileen Mershon (ejm5988)
2.0 - Updated on 02-26-2020 by Eileen Mershon (ejm5988)
1.0 - Authored on 12-03-2019 by Eileen Mershon (ejm5988)

MFA: Why Does Penn State Require Faculty, Staff, Emeritus faculty to Enroll in Multi-Factor Authentication?

Revised by Sarah Kate Dills (swd5237)
• 2y ago2 years ago • 9719 Views • (*) (*) ( ) ( ) ( )

Article Intended For

Penn State faculty, emeritus faculty, staff, and affiliates who are required to enroll in Multi-factor authentication (MFA).

Introduction

This article explains why Penn State has made enrollment in multi-factor authentication mandatory for employees and affiliates of the University.

Article Body

The Reality

Numerous attacks on institutions of higher education have resulted in the theft, alteration, or destruction of data. Penn State has been targeted by foreign intelligence agencies and cybercriminals with similar capabilities.

The Targets

Penn State systems house various types of confidential and proprietary data that have historically been subject to cyber-attack, including social security numbers, medical records, financial information such as bank account numbers, admission records, grades, and intellectual property of significant scientific and commercial value.

The Risk

If you are able to log in to MFA protected resources, you have access to confidential and/or proprietary data, if only your own. If someone else were to gain access to your Penn State Access account, they would have unauthorized access to that same information. Because of the many ways cybercriminals can and do obtain passwords, a password alone provides increasingly limited protection against unauthorized access. Multi-factor authentication significantly reduces the risk of unauthorized access.

The Consequences

Unauthorized access to sensitive personal or institutional data could potentially result in financial, legal, or harm to the University, members of the University community, or third parties to which the University owes a reasonable duty of care.

Our Obligation

Penn State is committed to complying with federal and state laws, honoring contractual agreements, and meeting the reasonable expectations of our students, staff, and affiliates regarding the security and privacy of their data.

The Bottom Line

Penn State requires those who access protected Penn State resources to enroll in MFA in order to comply with its legal, contractual, and ethical obligation to safeguard the security and privacy of its systems and data.

Why do retired employees also need to use MFA?
All it takes is one unenrolled member of the Penn State community to cause a costly cyber attack. Institutions like major universities are extremely high risk and are frequently targeted by cybercriminals because of the sheer value of information they could obtain. To protect other members of the Penn State community and Penn State as an institution, retired employees that wish to continue to access their Penn State account MUST enroll in and use MFA. 

Copy Permalink

go to Penn State home page
  • Employment
  • |
  • Maps
  • |
  • Contact Us
  • |
  • Search

401 Old Main, University Park, Pennsylvania 16802

814-865-4700

  • Privacy
  • |
  • Non-discrimination
  • |
  • Equal Opportunity
  • |
  • Accessibility
  • |
  • Copyright

The Pennsylvania State University © 2020