Multi-factor authentication is one of the most effective ways to protect your accounts, but cybercriminals are constantly finding new ways to get around it.
As threats evolve, so does MFA, now using technologies like biometrics, passwordless logins, and AI-driven security that adapt to your behavior and context, such as location or device.
WVU recently switched from DUO to Okta Verify for MFA, and during Cybersecurity Awareness Month, Information Technology Services encourages all students and employees to also enable MFA on their personal accounts to add an extra layer of protection.
MFA improves security by requiring you to verify your identity in more than one way: with something you have (a phone, hardware token, authenticator app or facial recognition) in addition to something you know (your password).
Authenticator apps are more secure than text or email-based methods. Trusted MFA options include Microsoft Authenticator and Google Authenticator.
Unfortunately, MFA isn’t foolproof. Cybercriminals use tactics like:
MFA fatigue. Repeated login requests designed to wear you down until you approve one out of confusion or frustration.
SIM-jacking. Hijacking your phone number to intercept authentication codes.
Adversary-in-the-Middle attacks. Intercepting login sessions to bypass MFA protections.
Never approve any MFA prompts you did not initiate and change your password immediately.
In recognition of Cybersecurity Awareness Month, learn more about keeping your data secure.