10 percent Staff MFA O365 Enrollment
In anticipation of Microsoft's intention to sunset Legacy Authentication and to mitigate potential exploitation within our own architecture, Legacy Authentication protocols such as IMAP and POP3 have been disabled by OIT.
Overall awareness announcement sent to staff describing the changes and requirements.
Option for selecting the 90 Day/8 Character password policy is removed from the myAU portal. Users are only able to subscribe to the 1 Year/16 Character passphrase.
All staff are required to utilize MFA to authenticate to Office 365 and O365 applications.
- Why do we need two-factor authentication?
Login credentials are more valuable than ever and are increasingly easy to compromise. Over 90% of breaches today involve compromised usernames and passwords. Two-factor authentication enhances the security of your account by using a secondary device to verify your identity. This prevents anyone but you from accessing your account, even if they know your password. Enabling two-factor authentication for O365 dramatically reduces the chance that someone can access or send unauthorized messages from your email account, or access documents and other data stored in your OneDrive.
- Why do we need stronger passwords?
Industry password guidance points to password length as a better metric for security than password complexity (e.g., combinations of upper, lower case, numbers, and special characters). Many staff and faculty are already onboard with the 16-character minimum, but there are still some users that will need to be switched to adopt best practices. By adopting the 16-character policy, (which simply calls for longer, less complex, passwords) users can author passwords that are more memorable, can be retained longer, and are above all, harder to “crack”.