Institutional Effectiveness
Space shortcuts
Page tree
Skip to end of metadata
Go to start of metadata



Find Policy by Category
Academic Affairs

Communication and Public Relations

Enrollment and Admissions

Facilities and Auxiliary Services

Finance and Risk Management

Financial Aid

Governance

Human Resources

Information Services and Technology

Libraries

Marketing and Branding

Public Safety and Security

Records

Student Affairs


Click here to view faculty-only policies

Multifactor Policy

Policy Information

Issuing Office

Information Services

Affected Parties

All University Students, Faculty, Staff and Alumni

Policy Language

Liberty University utilizes multi-factor authentication for network access to privileged accounts and non-privileged accounts.

Policy Rationale

The purpose of this policy is to define requirements for accessing Liberty University’s network and information systems whether on or off campus. These standards are designed to minimize the potential security exposure to Liberty University from damages that may result from unauthorized access of the university’s resources. Multifactor authentication adds a layer of security which helps deter the use of compromised credentials. Cyber criminals and attackers are becoming more advanced in their efforts to not only steal information, but also modify data, delete data, spread malicious code, harvest credentials and distribute spam. No organization regardless of size is exempt from such attacks. Password theft has also been on the rise with the use of methods such as key logging, phishing, and pharming. Requiring an additional layer of authentication helps reduce the risk of a compromise.

For additional information, please visit the University’s Multi-Factor Authentication webpage.

Definition of Glossary Terms

Key logging: Recording a log of keystrokes on a computer in order to gain access to passwords and other confidential information

Multi-factor authentication (MFA): Requiring two or more authentication methods for a secure login. Authentication factors are typically something you know (knowledge factor), something you have (possession factor) and something you are (inherence factor).

Phishing: Sending emails appearing to be from a reputable company in an effort to acquire personal information under false pretenses

Pharming: Sending internet users to a false website that mimics a legitimate one

Procedural Information

Procedures

Secure all individual non-console administrative access and all remote access to sensitive data using multi-factor authentication for every session.

Incorporate multi-factor authentication for all network access, both privileged accounts and non-privileged accounts.

  1. The multi-factor authentication should be device specific and need not be required at every login, but on the first login of any new device, and again every 75 days after initial device multi-factor authentication, or upon suspicious changes to the login session.
  2. Passwords must still be required at every login or after a session timeout.

Sanctions

None specified

Exceptions

Exceptions for active military personnel can be granted on a case-by-case basis.

No exceptions allowed for Faculty/Staff members.

Date Approved

12/2022

Date for Review

12/2023

The information contained herein is confidential and proprietary to Liberty University.
Policy Directory Home | LU Administration Page