Skip to Main Content
Information Technology Services
twoColumn twoRight

Multi-Factor Authentication Emergency Security Change

What is Happening?

Phone and SMS (text message) Multi-Factor Authentication (MFA) at UNF has been temporarily disabled for security reasons. MFA using the Duo Smart Phone App has not been changed.

Who is impacted?

Any individual that uses a phone call or text message (SMS) for Multi-Factor Authentication to access UNF resources will be impacted. If you already use the Duo Smart Phone App, you will not be impacted directly. Select “send me a push” when prompted during login.

I am impacted. What do I need to do to reconfigure my Multi-Factor Authentication?

If you are impacted, please contact the UNF Help Deskfor assistance in verifying your identity and reconfiguring your multi-factor authentication method.

Why is this Happening?

UNF students, faculty and staff have experienced an increased volume of phishing-related emails in the past few weeks. Some individuals followed through with submitting username and password information which resulted in unauthorized access to their account. This unauthorized access appears to have been gained by exploiting SMS (text) messaging and/or phone-based multi-factor authentication.

The unauthorized access was used to send phishing emails from what appear to be authentic UNF senders. Each compromise of an individual account produces an amplifying effect which leads to additional compromises.

Security for UNF students, faculty and staff is of the utmost importance. Out of an abundance of caution, phone and text MFA methods were disabled to prevent additional compromises from multiplying.

Who is not impacted?

Any individual that uses a push-based notification to the Duo Smart Phone App will not be impacted.

What’s next?

The UNF ITS Security team is working with our security partners to analyze the current risks and identify remediation options.

How do I learn more about phishing?

The UNF ITS Security team’s website contains information about phishing including information on how to report phishing and steps to take if you think your account has been compromised.

TAGS: Security