Introducing Multi-Factor Authentication For Your Single Sign-On Experience
By Jim Beers
Your Single Sign-On Login Experience Will Soon Change!
The IT department is piloting a multi-factor authentication (MFA) tool to improve the Moravian community’s login experience. The tool, HYPR, will be rolled out in phases and it will work in conjunction with Moravian’s single sign-on portal, Okta.
All campus community members will begin to notice some changes, though not big ones, as we begin to pilot this tool. Within the next two weeks, the login sequence will change. This will be in preparation for authenticating using MFA, even if you are not part of the pilot group.
Currently, you are required to enter your NetID and password at the same time when logging into single sign-on.
The login sequence will shift to begin by asking for your NetID and then you will be prompted for your password on a subsequent screen.
Stay tuned for detailed instructions as your roll-out phase approaches. In the meantime, everyone can catch a preview of the new multi-factor login experience here!
If you have any questions or concerns, please contact Jim Beers, Director of Information Security, at email@example.com.
FAQ – Multi-factor authentication at Moravian using Single Sign-On and HYPR
What is Multi-factor Authentication (MFA)?
When you log into a website, you use your digital identity, usually a username and password. Moravian calls that your NetID. MFA adds another piece to your digital identity, such as a pin code or biometrics on your cell phone (for example, Face ID or Touch ID on Apple iPhones). MFA protects your accounts by making it more difficult for a hacker to gain access by simply guessing your password.
Why is Moravian piloting this tool?
Multi-factor authentication is the new standard for logging in to many systems, and is widely implemented at higher education institutions, including a number of our consortium partners across LVAIC. Many different types of sensitive data are stored in the cloud, from educational records, to human resources records, to medical records, to email accounts. Access to these records is a valuable target for hackers and phishers, so we must take extra care to secure all Moravian data and make sure only authorized people have access. We are implementing MFA to better protect our data and reduce the risk that an unauthorized person can access it just by guessing or phishing your password.
What is HYPR?
HYPR is a company specializing in multi-factor authentication, which Moravian has partnered with to pilot this system at the College.
Why did we choose HYPR?
We are working with HYPR because their process and tool positions Moravian to provide secure access moving forward. Some multi-factor companies still have you log in using your password, but add a second factor. Many of the US’ leading companies agree that passwords aren’t safe enough and we need a better solution (https://fidoalliance.org/overview/). HYPR works by replacing your password with an encrypted key inside the app on your phone or other device. No, you don’t need to worry about remembering or typing in the key—the app on your device handles all that for you.
Traditional MFA = username + password (factor 1) + pin code (factor 2)
HYPR MFA = username + encrypted key on your device (factor 1) + pin code or biometric (factor 2)
How will HYPR be rolled out?
There are a few phases as we set up, test, take feedback, adjust, test some more, and ultimately roll out the best login experience we can provide for our users:
- Phase 1 (beta) – IT & Volunteer Early Adopters
- Phase 2 (pilot) – Selected Users (faculty/staff)
- Users selected for the pilot program are identified based on single sign-on usage and access to data or systems with highest security priority
- Phase 3 – Remaining Faculty
- Phase 4 – Remaining Students
How will my login experience change?
Once you are enrolled in HYPR and go through the setup process, you will no longer use your password to log in to the College’s single sign-on portal. When you are at the login page, you will type in your username, click the ‘next’ button, and you will be prompted to approve the login in the HYPR app on your phone/tablet/computer. Once you approve, you’re in!
What types of devices are supported by HYPR?
HYPR is compatible with:
- Phones and tablets running Apple’s iOS (Requires iOS 12.4 or later)
- Phone and tablets running Google’s Android (Requires 6.0 and up)
- Apple computers with a fingerprint reader (Touch ID)
- Windows computers with a fingerprint reader (Windows Hello)
How many devices can I pair?
This is no limit to the devices that you can pair with HYPR. Minimally, the Moravian IT department urges each member of the Moravian community to register 3 devices wherever possible— phone, iPad, and TouchID with the Chrome browser on their Mac (Chrome and Safari are supported using TouchID).
What if I don’t have my device with me but need to login?
Having more than 1 device registered with HYPR gives you the ability to authenticate to the single sign-on portal with HYPR in the event that you do not have your phone.
Is HYPR or Moravian College collecting your biometric information?
No. HYPR leverages the built-in biometric security offered by your phone or device. For example, Apple’s Touch ID and Face ID do not share your biometric information with every app that you use— the biometrics are kept secure inside your device, and it simply approves or denies login requests from your apps. HYPR is another app that uses Touch ID and/or Face ID, but is not given access to your biometric data.
Apple Touch ID: https://support.apple.com/en-us/HT204587
Apple Face ID: https://support.apple.com/en-us/HT208108