OIT changing identity verification process after recent increase in account breaches

In response to a substantial increase in cyberattacks attempting to gain unauthorized access to UCCS accounts, OIT will require virtual identification via web cam for multi-factor authentication and password verification starting Dec. 1. 

According to a mass email sent on Nov. 15 from the OIT service desk, the new method is the only way the department can confidently protect UCCS accounts. The recent spike in unauthorized access attempts in addition to over 300 UCCS accounts breached in June have prompted OIT and HR to implement the additional security requirements when individuals need to obtain information about their records or reset their passwords.   

Breaches to UCCS accounts pose multiple threats, such as access to financial information affecting direct deposit, grants, scholarships, FAFSA funds and additional personal identification including birthdays and home addresses. 

According to Assistant Director of OIT Services Dan Lemack and IT Security Program Manager Charlie Wertz, OIT has been providing the phone and account numbers used to gain financial information in the last few months to UCCS police to aid in their investigation of the cyberattacks, but the change is still necessary to protect accounts. 

“It’s our hope that it’s smooth and, you know, most students will be able to come in person. I know we have remote students, and we understand it might be a little bit more difficult for them, especially if they’re overseas or something. In the end, we have to make these measures to increase security,” Wertz said. 

This change will only impact account holders who have updated their linked mobile number or have lost access to their account due to the UCCS portal’s MFA requirement through a six-digit certification code sent via text or a phone call to verify the user’s mobile number. 

If a student needs account access after business hours, their only option is to use Microsoft’s self-service tools or wait for the Service Desk’s to open the next day for assistance. 

“It will be extremely important for students to verify their MFA settings and ensure they can login before extended breaks like Thanksgiving break or winter break,” Lemack said over email. 

Students who do not have the ability to join a Zoom call are encouraged to contact Disability Services or the Dean of Students’ office for assistance with accessible technology. 

Lemack noted the importance of UCCS students having access to open computer labs with web cams and added that students can checkout Chromebooks with web cams as well, which provides solutions in place for students without access to technology. 

“There are almost always exceptions, and we are happy to work with students, staff and faculty alike — we just have a priority on security,” Lemack said. 

According to OIT, students, faculty and staff can use these preventative methods to protect their information and account access: 

  • Use multi-factor authentication, via Microsoft Authenticator.  
  • Make your social media posts only accessible to people you know, and keep sensitive personal information (such as birthdays, current workplace with dates of employment, full names and addresses) private or don’t enter it into social media at all. LinkedIn and Facebook users especially should take a second look at what they have displayed publicly.  
  • Make periodic checks of your direct deposit information.  
  • Never share your passwords with anyone.  
  • Don’t use the same password for multiple accounts and websites.  
  • Change your passwords often. 

In the event of a technology-related issue, students, staff and faculty can contact the Service Desk from 7:30 a.m. – 6:00 p.m. and OIT by emailing [email protected], calling them at 719-255-4357 or by using the live chat on their website.

The OIT Help Desk is located on the first floor of the clock tower. Photo by Lillian Davis.