Multi-factor authentication (MFA) is an electronic authentication method which requires you to log in using two different mechanisms. In UCT's case, this would mean using your UCT network password along with authenticating via an app on your smartphone (or a verification code sent to you via SMS).
Cybersecurity attacks are on the rise, and universities are a huge target, given the amount of personal and sensitive data they hold. With email and other online communication methods (e.g. Teams) being so critical in how we operate – especially during remote working and learning – MFA is essential to keep your UCT account, your data, and UCT's network safe.
Consider how banks require you to use MFA to access your account online and make payments. Just like your banking data or medical data is seen as private, sensitive, and requiring maximum protection, your work and study data – your UCT account, email, and other data – must also be considered sensitive, and needs similarly strong protection.
Unfortunately, in today’s times, passwords alone may not be enough to secure user accounts. The rise in data breaches, along with poor password practices (such as reusing passwords), means that stronger security measures are needed. Using a mobile phone as well as a password means that, to access your account and your data, a cybercriminal would need know your password and have physical access to your phone.
MFA is becoming increasingly widespread. For example, when the University of Surrey implemented the same MFA platform we are using, there was a 76% reduction in compromised accounts. And in 2021, Google set about switching on MFA on all Google accounts by default.
MFA is mandatory for all UCT accounts, with the university's Risk Management Executive Committee (RMEC) supporting its implementation as a necessary mechanism for enhancing the university's digital security.
It has been applied to all UCT accounts as of August 2022.
Initially, MFA applies all UCT Microsoft 365 accounts – which includes email (Outlook and myUCT), Teams, and other Microsoft Office applications. It also applies to ServiceNow – the system used to manage ICT incidents and requests, Mimecast, LinkedIn Learning, and the UCT VPN. MFA may later be expanded to other UCT services.
MFA has already been enabled on all UCT accounts as of August 2022. If you joined the university after this date, please see our MFA setup article for more information and full instructions on setting up MFA.