Multi-Factor Authentication Policy

What is Multi-Factor Authentication (MFA)?

MFA is a required account security protection that helps protect Middlebury and GMHEC accounts from potential compromise by requiring more than just a username and password to prove one's identity during login.

When you sign in to an MFA-protected online service (like webmail), from off-campus (or outside of the Middlebury networks), you are prompted to verify the authentication request using one of your preset verification methods.

MFA helps safeguard our accounts from online criminals who would steal account credentials and use them to launch cyber attacks from our technology services and/or steal sensitive and confidential information.

Purpose
The purpose of the Multi-Factor Authentication (MFA) policy is to ensure that enhanced account security is enabled for all user accounts, to help protect against unauthorized access to personal, private, and confidential information.
 
Scope
The scope of this policy includes all Middlebury and GMHEC user accounts.

Policy
Multi-Factor Authentication (MFA) is a required security protection for all Middlebury user accounts.

Any exceptions must be approved by the Middlebury Information Security team. Requests for exceptions will be considered on a case by case basis, and only if there is no alternative. 

An example might be if there is an urgent academic or business process that MFA is preventing.

Contact infosec@middlebury.edu regarding all MFA exception requests.

Learn more about MFA here: http://go.middlebury.edu/mfa