LACCD makes change to email security

By Leonardo Cervantes

On Sep. 30, the Los Angeles Community College District required all students and employees to use some type of Multi-Factor Authentication to have safer internet access.

 This change included district email, Office365 applications, SharePoint, OneDrive and Microsoft office online.

 MFA requires users to approve all sign-ins an additions account using a second method after entering a password. 

This is done in an effort to make it extremely difficult for anyone who might have gained a the user’s password to access user’s district account.

The district will support two different methods of MFA to prove the identity of users who try to access their online accounts.

 The two methods include use of an authentication application on a mobile device and responding to a text message sent to a mobile phone number.

  “Multi-Factor Authentication is generally understood to be far more effective as a means of authentication than passwords alone,” Patrick Luce, Chief information security officer said.

Having a password isn’t enough these days, as you can be a target to hackers.

 A password with no other form of authentication can be phished or guessed, and will leave users at a disadvantage.

 MFA has been an option online for many years, but with the increase of hackers it has become a necessity to feel safe online. 

“Cyber attacks will continue to increase, but Multi-Factor Authentication will help the District prevent those attacks from being successful,” Luce said. 

This additional layer of security  will make it harder for hackers to access user accounts. 

“The main attacks MFA protects against are phishing and Business Email Compromise,” Luce said.

“Attackers on the internet sometimes use phishing techniques that lead people to a fake website and trick them into entering their email addresses and passwords. 

“The attackers use this information to attempt to scam people, or to steal sensitive information. 

“By requiring Multi-factor Authentication, or MFA,  an attacker will not be able to access a user’s email with their password alone, making phishing attacks less likely to succeed,” Luce said.

MFA isn’t a method that has a 100% success rate. 

It will make it harder for hackers to hack accounts and will require them to use alternative methods to hack specific users, but it will be much more demanding.

 “Hackers can sometimes get past Multifactor Authentication through the use of malware, or by tricking people into providing MFA codes they receive. 

“Therefore, MFA is just part of a comprehensive security strategy to protect users,” Luce said. 

Use of authentication software or codes was made necessary due to the multiple issue LACCD users have experienced in the recent years.

 “The number of phishing attacks against all institutions of higher education are increasing in both number and sophistication,” Luce said. 

If users are still struggling with the transition to MFA, visit for further help.

Instructions are provided in the Frequently asked questions (FAQ) section about setting up either of the MFA methods. The FAQ also provides additional information on the transition.

 The district provides One Time Passwords (OTP) for LACCD faculty, administrators, and other staff that don’t have a mobile device or can’t receive a text message. 

If the staff still hasn’t set up MFA they can request an OTP device.

Leave a Reply

Your email address will not be published. Required fields are marked *