You know the drill: you log in to your Wiscmail account, you get another buzz in your pocket from your phone- you have to tap a prompt that confirms that you are you. This feature (multi-factor authentication- MFA) was rolled out to the UW-Madison campus a few years ago, but it’s actually not a recent technological feat of the 2020s- the technology has been around since the 1990s! 

Why is this a thing? Why do you need to prove that you are you when logging in, when you didn’t have to previously? 

It all comes down to privacy and an increased desire and need for security in online spaces. 

Back in the mid-1990s-early 2000s when multi-factor authentication first came about (then known as 2FA, or two-factor authentication), most people and companies didn’t see the need for the increased security. It seemed too clunky and required organizations to give people two devices or tokens in order for them to log in. (For more on the history of 2FA, see this blog post from LastPass, a password management company.) 

Fast-forward to the 2010s, when hacking and phishing schemes became more sophisticated, and now companies realized that the increased cost might be worth it. Additionally, most employees had their own smartphones that could be used as a second authentication device. 

The process still works the same way in the 2020s as in the mid-2010s- an employee (or student at UW) puts in their password, then the MFA system pushes a prompt to the person’s personal device that they need to tap in order to verify their identity. Some MFA systems even add a third layer, requiring users to answer a question or put in a number that pops up on their screen to make sure that they have access to both the device they’re logging into and their personal device. (For more on UW’s MFA provider system, Duo, check out Wisconsin’s IT page about it here.) 

We wish you continued secure access to all of your UW accounts!

Submitted by Babler,Emma on September 17, 2024

This article appears in the categories: Law Library