Brock’s Information Technology Services (ITS) team is advising users to set up the Microsoft Authenticator app as their default multi-factor authentication (MFA) method for logging into their Brock accounts before the end of April.

On Wednesday, May 1, The University will move away from the use of SMS (text) and voice (call) as default MFA methods. Users will be prompted to set up the Microsoft Authenticator up to three times before registration of the app will be required by default.

SMS and Voice authentication are now considered the least secure MFA methods available today and are vulnerable to SIM swapping, SMS redirection, Signaling System 7 (SS7) attacks and network connectivity issues.

SIM swapping is a technique where cybercriminals deceive a phone operator or mobile carrier into transferring the victim’s phone numbers to SIM card under their control. With control of a victim’s phone number, cybercriminals can intercept SMS and voice MFA prompts and gain access to the victim’s accounts.

SMS redirection is a technique where cybercriminals exploit a loophole with a third-party SMS marketing and mass messaging company to reroute a victim’s text messages to their phone number.

An SS7 attack is used by cybercriminals to record and eavesdrop on a victim’s phone conversations and intercept their text messages by exploiting weaknesses in a set of telecommunication protocols that are used to set up most of the world’s public switched telephone network telephone calls.

Network connectivity issues can prevent a user from receiving MFA texts and calls during cellular service outages, while out of the country or in areas with poor signal.

Visit the Brock MFA website for instructions on adding the Microsoft Authenticator app or contact the ITS Help Desk at x4357 or ithelp@brocku.ca for further MFA assistance.