After a number of phishing and spam messages were sent to Central Connecticut emails, the Information Technology Department created a “Multi-Factor Authentication” that will help limit the number of potential hackers from infiltrating secure student and faculty accounts.

With the new Multi-Factor Authentication, students and faculty will be required to take part in a two-step login process, in which one must type in their password followed by receiving an authentication code on their cell phones that they must type in to gain access.

“It’s very easy for spammers or cyber-criminals to be able to reconstitute an email list and email everybody,” Chief Information Officer George Claffey said. “Our university and all universities and all colleges have seen a dramatic increase in students being targeted by cyber-criminals.”

Phishing hackers often pose as valid companies offering a service or good to customers, but actually stage a potential threat. Central Connecticut students have received a number of phishing attempts recently, including offers for part-time jobs and requesting help to purchase an iTunes gift card.

“They’re bad people,” Director of Technical Services Sean Mcnickle said. “They’re stealing money from innocent people. They’re trying to build confidence with you and build trust by mentioning places you know and they know from looking at a map. They want you hooked.”

The new system was put into action for student emails on April 22; staff emails will begin to use the Multi-Factor Authentication program on June 3.

Shortly after the process was put into use, Central students began to argue the need for the newly-added steps. Some have claimed that the new Multi-Factor Authentication two-step process is unnecessary and rather than being beneficial for the students, it is creating added struggles.

Devon J. Wilson, a senior majoring in film and media production, has found the Multi-Factor Authentication to be tedious after struggling with accessing his student email on multiple occasions.

“It’s pretty annoying because I’ve been logged out of my devices twice so I’ve had to re-sign in on my phone and my laptop a lot,” Wilson said.

“I get why they’re doing it, but it’s happened to me more than twice already, so I just think it’s useless. They mostly need to lock down on whoever is doing the phishing stuff. It’s not that hard. The emails are so suspicious you can tell it’s a scam,” Wilson explained further.

With the added struggle of accessing one’s student email all over again, some students have also described the two-step login process as “a waste of time.”

“It’s stupid, I feel like that’s a whole extra step that’s not necessary,” Lauren Santiago, a sophomore majoring in music education, expressed. “The phishing emails are so common nowadays anyway that I know how to spot them so the extra step is so pointless.”

Aside from using common knowledge, the IT department has informed students on ways to identify and avoid phishing attempts as well. Some tips include being able to properly identify the person contacting via message and if the website asks for personal information it is likely a phishing attempt so it is safe to disregard.

“I don’t think it will protect students [from phishing] because people who are hacking are going to figure out a way around it. I feel like every time I get a phishing attack, I get an email right after about it,” Santiago continued.

Find out more information by visiting Phishing Education page:  http://www.ccsu.edu/it/itselfhelpfaq/phishing_education.html .