The College Introduces MFA to its Web Portal
Posted On: October 13, 2021
Starting on November 1, 2021, the College of Naturopaths of Ontario is introducing multi-factor authentication (MFA) to our web portal to enhance security.
Everyone will agree that we hold—what can only be seen as—highly personal and sensitive information not only about our Registrants but also applicants for registration, examination candidates and, to a lesser degree, our stakeholders. This information can be as routine as a home or cellular phone number or a home address but can also include financial information, examination scores, registration information and history, audit information, etc.
We’ve always taken the security of this information seriously to the point that we maintain all user data separate from any other data systems, including e-mail or regulatory data in three distinct servers.
Why is this important?
Any breach of one system (i.e., hacking of an in-house server), while serious, will not automatically cascade to breaches of the other two systems, maintaining considerable security. Additionally, to gain access to any of the data systems, hackers would have to get through complex firewalls and other security measures.
When it comes to our web portal, users can update and add considerable information. It’s therefore imperative that this process be as secure as possible from unauthorized access.
Presently, we use dual or “Duo Two Factor Authentication”. This simply means that for a user to access the web portal, they need to enter two pieces of information that only they should know. The proper username (an email address that is one of many an individual may have) and a unique password that only they should know.
In the past this was considered highly secure based on the assumption that people would not use predictable passwords, would not reuse passwords and held multiple email accounts. With the ever-growing need for password protection on nearly all data-bearing websites and e-mails, and the fact that most individuals are entering log-in information on multiple sites daily, reusing passwords has become common. This means that if one site is hacked and usernames/passwords are stolen, cyber thieves can then use those on other sites that you access.
Multi Factor Authentication
“Multi Factor Authentication” (or MFA for short) takes security to the next level by ensuring a third piece of data is needed to access the site and is NEVER the same. While you may use a common e-mail address and even a commonly used password, you cannot enter the site without the final piece of information: a 5–6-digit security code. This code is automatically generated and remains valid for no longer than one minute in duration, after which a new automated code is created. This code is different for every user, for every login and for a maximum of every minute to make it more difficult to access any account information.
We’ve been using the Multi Factor Authentication tool for all our staff to access the College’s systems daily, with an identical process.
Starting on November 1, 2021, when entering your e-mail address and password to access the College’s web portal, you’ll be prompted to add a unique code. This code is generated instantly and sent to your contact e-mail on file with the College. Only once you’ve added this code as part of the log-in process can you gain access to the web portal where your information is held.
Current programming being developed by the College’s web portal provider will see an added option in the future where the code can be sent to you via SMS text message.
While no security system is 100% foolproof and vigilance is always required, we’re pleased to implement this next phase of our data changes to enhance our security and further safeguard your information.
Andrew Parr, CAE
Chief Executive Officer