Introducing Number Matching for Multi-Factor Authentication/Two-Factor Authentication
March 17, 2023
Passwords alone are no longer enough to protect sensitive information from being compromised. This is where Multi-Factor authentication (MFA) comes in. MFA requires users to provide multiple forms of identification to access a system, application, or service. To enhance your security, Chapman University Information Systems and Technology Team (IS&T) will roll out number matching on Friday, March 17th.
The security measure of MFA number matching serves to prevent MFA Fatigue attacks, which are a form of cyber attack that exploits user fatigue or frustration with the MFA process. These attacks usually involve deceiving users into granting MFA permission by compromising their passwords and repeatedly attempting random logins until the user inadvertently (or in frustration) approves an MFA login attempt. The number matching feature ensures that only the user who initiated the login request and has access to the Multi-Factor Authentication device is allowed access.
Number matching is a type of MFA that requires users to enter a sequence of numbers generated by an authentication app or sent via SMS. These numbers are typically valid for a brief period of time, usually between 30 seconds to a few minutes. To successfully log in, the user must enter the correct sequence of numbers.
So, how does number matching work? Let’s break it down:
Step 1: Username and password
The first step in any MFA process is typically the username and password. The user enters their username and password as they normally would.
Step 2: Number matching
Once the user has entered their username and password, they are prompted to enter a sequence of numbers. This sequence of numbers is generated by an authentication app or sent via SMS. The user has a short period of time to enter the correct sequence of numbers.
Step 3: Access granted
If the user enters the correct sequence of numbers, they are granted access to the system, application, or service. If they enter the incorrect sequence of numbers, they will be prompted to try again, or the account may get locked for a set period of time.
Number matching provides an additional layer of security to your login process. Even if an attacker is able to obtain your password, they will not be able to access the system without the correct sequence of numbers. This makes it much more difficult for attackers to gain unauthorized access to your account and sensitive information.
As mentioned above, we will roll out this feature for the Chapman University community on March 17th.
For more information, please visit our 2 Factor Authentication/MFA site, and if you have any questions or concerns about MFA number matching, please contact the Service Desk. We are here to help you keep your account secure.
Chapman University Information Systems and Technology (IS&T)