2FA reduces compromised accounts at FSU

Monday 05/03/2021

In 2020, Information Technology Services (ITS) implemented 2-factor authentication (2FA) for all FSU accounts. Students, faculty, staff and retirees now see 2FA every time they sign in to an FSU system via a pop-up box asking to confirm their identity . This extra layer of security is designed to prevent unauthorized access to personal information. Essentially, 2FA makes sure that your account stays in the right hands.

Previously, account protection was limited to passwords. The problem with passwords is that they can be easily hacked. If someone falls for a phishing attack or forgets to sign out of a shared computer or enters their password on a public Wi-Fi network, all of these mishaps can lead to a stolen password. As a result, hundreds of FSU accounts were compromised each year, exposing individuals’ personal information and requiring ITS staff to help individuals secure their accounts.

But does 2FA protect students and employees more than before? According to the Compromised Accounts chart below, the number of compromised accounts at FSU are projected to be less than 100 this year. Since implementing 2FA for all accounts in Fall 2020, FSU went from having 500+ accounts compromised each month to an average of 3.3 accounts per month. By requiring 2FA to access university accounts, the number of compromised accounts has plummeted to a miniscule amount.

While compromised accounts do not cost money in themselves, the labor required to regain control of the accounts for the user adds up. Based on the model presented on the Specops blog, implementing 2FA will save the university 57,523 hours of productivity. Adding in the hours required for a compromised account, the university is saving a total of 67,913 hours. Using the Florida minimum wage as the hourly rate, this amounts to $581,339 in savings. This shift not only saves costs in terms of labor, but also ensures students and staff are better protected than ever before.

Chart of compromised accounts per month in 2019, 2020 and 2021

So if you have noticed the extra step to access your FSU account, remember that this measure is helping to ensure all your information is kept safe and that your account solely belongs to you.