Cybersecurity Hub
Cybersecurity is a shared responsibility and your actions can make a big difference to protect your security, both at home and at Swinburne.
On this page you will find information about reporting cybersecurity concerns and security initiatives such as Multi-factor Authentication.
Cybersecurity threats are relentless and constantly changing. The impact can be significant and costly for both individuals and for Swinburne. To protect against cyber threats, we all have an active role to play in helping to keep our data and resources safe and secure. At Swinburne we are continuously working to improve our capabilities to safeguard our valuable research, student and other critical data. Translating our security vision and strategy into execution requires the efforts of all members of our Swinburne community.
We take cybersecurity very seriously and are committed to keeping our community safe from cyber threats. If you have noticed a cyber threat or security breach (including data breach), please report it as soon as possible. Examples of cyber threats may include:
- security issues with any Swinburne web sites, systems or data stores
- suspicious emails, phishing scams or other unsolicited messages
- suspicious software, spyware or malware on devices
- data breaches or leaks to personal information.
To report a Cybersecurity related incident or security issue, this page provides details on what to do. For staff, please follow our usual processes during business hours and contact the Service Desk.
- Use the My Service portal
- Phone +61 3 9214 5000.
For anyone else or for out of hours reporting, please use our web form.
Multi-factor Authentication
Multi-factor Authentication (MFA) is an additional security step to verify your identity when you login to selected Swinburne applications and systems. This extra layer of security protects you and Swinburne from unauthorised access.
To ensure the cyber safety of our Swinburne community, more pages on the Swinburne website may require MFA, or may require a combination of MFA plus login access to the web application once your MFA challenge has been authorised.
If you have a question regarding authentication, please contact the IT Service Desk on +61 3 9214 5000 or or use My Service Portal.
Multi-factor authentication explained: password + verification = access
How to get set up
Multi-factor authentication (MFA) set-up process
Watch how to set up multi-factor authentication.
Viewing time: 3:09
How MFA works
When logging into selected Swinburne systems and applications, you will be prompted to verify your identity via your phone in addition to your login details. This prompt is known as an MFA challenge. In most cases, you will be asked for an MFA challenge whenever you need to sign-in to an application or system using your student email address (student ID) and password if you are a student, or email address (SIMSID) and password if you are a staff.
Multi-factor authentication (MFA) user experience
See how MFA works
Viewing time: 2:33
Don’t delete your Authenticator app
To avoid issues in accessing your Swinburne email account and other Swinburne systems, please do not delete the Authenticator app from your phone. As part of our Multi-factor Authentication (MFA), you may still need the app to access your account.
If you have deleted the app, please call Service Desk on +61 3 9214 5000 during operating hours to reset your MFA.
Receive an MFA challenge that you didn't initiate?
Tap Deny, then Report Fraud if you are using the Authenticator app or follow the call prompts to deny the challenge if you are using the phone call authentication method. We recommend you change your password immediately. This will make your account secure again.
Multifactor authentication FAQs
General
Passwords are becoming increasingly easy to obtain. They can be stolen, guessed and hacked. New technology and hacking techniques combined with the limited pool of passwords most people use for multiple accounts means information online is becoming increasingly vulnerable to being hacked.
Staff benefits:
- MFA helps protect you and your research. It reduces the risk of having research disrupted and/or extremely valuable intellectual property (IP) stolen.
- MFA reduces the risk of phishing emails. These emails are used to target individuals in order to obtain user credentials for accessing applications that contain sensitive Swinburne data.
Student benefits:
- MFA reduces the risk of identity theft and helps protect your personal information such as bank details, address and date of birth from being stolen.
For staff, MFA is currently used for the following applications:
- Office365 applications
- VPN (Virtual Private Network)
- Library Database Restricted Resources (Ezyproxy)
- Swinburne Commons and Swinburne Research Bank (Equella)
- Canvas (staff login only)
- Salesforce (B2B CRM)
- Ethics (ERM)
- Studylink
- Unicard
- Workday
For students, MFA is currently used for the following applications:
- VPN (Virtual Private Network)
- Canvas
- Library Database Restricted Resources (Ezyproxy)
- Studylink
Swinburne has no access to the app on your phone and cannot view any of the information on your phone including passwords, other apps installed or calls.
There are a number of factors involved. In most cases, you will be asked for an MFA challenge whenever you need to sign-in to an application or system using your email address (SIMSID) and password. If you feel you are being prompted too often, we recommend you re-start your computer.
If the problem still persists, please contact the IT Service Desk on +61 3 9214 5000 or use My Service Portal.
We strongly encourage you to set up another device as your backup authentication method in case your primary authentication method is not availabe to you. Having a backup device will allow you to use MFA on another phone or tablet and will ensure you are able to access your applications and systems.
To set this up:
- Log into Microsoft My Account. (You will need to do this on a computer, not a phone).
- Click Update Info under the Security Info section of the page.
- Click Add method and follow the prompts to add your backup method.
Due to security reasons, we do not recommend you using SMS/text as an option. Also avoid the office phone option if you cannot easily access your office phone.
Yes. To change your default authentication device/method:
- Login to Microsoft My Account. (You will need to do this on a computer, not a phone).
- Click Update Info under the Security Info section of the page.
- Click Change next to Default Sign-in method and follow the prompts to change your authentication method.
Due to security reasons, we do not recommend using SMS/text as an option.
Setting up MFA
The app is the most secure and easiest method for MFA. If you do not have a smartphone, there is the option to receive a phone call to either a landline or your mobile device to verify your identity. Follow the MFA Setup Guide [PDF 966KB] on how to do this.
If neither of these options are available to you, please contact the IT Service Desk on +61 3 9214 5000 or use My Service Portal.
Due to a rising number of cases where SMS services have come under cybersecurity attacks, we do not recommend you using the SMS option. If it is not practical to use the app, you may wish to receive a call to your mobile device or landline.
For Apple devices, the app requires iOS 11.0 or above. For Android devices, the app requires 6.0 or above. If you do not have a device that meets software compatibly requirements, there is the option to receive a phone call to either a landline or your mobile device to verify your identity.
If neither of these options are available to you, please contact the IT Service Desk on +61 3 9214 5000 or use My Service Portal.
Using MFA
Instructions for students are available on the Student systems, hardware and software page.
Instructions for staff are available on the VPN Wiki page (login required).
For security reasons, your VPN session will time out after 12 hours regardless of level of activity detected.
Tap Deny, then Report Fraud if you are using the Authenticator app or follow the call prompts to deny the Challenge if you are using the phone call authentication method. We recommend you change your password immediately. This will make your account secure again.
You can still use the app when you are not connected to the internet. Open the app to find a 6-digit code. Use this code instead to verify your identity.
If you have set up a backup method and have access to it, use that to log in. Otherwise, you may need to borrow a phone to call the IT Service Desk on +61 3 9214 5000 who will be able to assist you.
Yes. The app will continue to work.
No. You will need to re-set the app on your new device however this will require you to be able to use MFA on either your default device or backup device. If you are unable to do this, please contact the Swinburne IT Service Desk on +61 3 9214 5000, option 5. Otherwise, follow these instructions to re-set your device:
- Log in to Microsoft My Account. (You will need to do this on a computer, not a phone).
Click Update Info under the Security Info section of the page.
- Click Change next to Default Sign-in method and follow the prompts to change your mobile device.
- Click Delete in the last column of the table once you have successfully set up your new device.
Due to security reasons, we do not recommend using SMS/text as an option.
No. Swinburne IT only supports the use of the Microsoft Authenticator app.
Your access to this mailbox is based on your SIMS ID access. Please use your current email address and password and related Multi-Factor Authentication method to login.
If you find your Swinburne email account has stopped working on your smartphone or Mac, simply delete your Swinburne email account from your Mail/Gmail app and add it back. Search Android Help or Apple Support for detailed instructions and further information on how to do this.
Check that push notifications has been enabled for the Microsoft Authenticator app by going into the Settings app on your phone. If this doesn't fix the issue, please make sure the time and date settings on your device match those of your current location.
Tips
Have a backup plan
To avoid getting caught without access to your default MFA verification method (eg if you lose/damage your phone or your app stops working temporarily), we recommend you set up another device/method as a backup. See the FAQ (General) section for instructions on setting up a backup device/method.
Plan ahead
To avoid delays when logging in, always keep your mobile device handy in case you are prompted for an MFA challenge.
Secure your other accounts
Protect your non-Swinburne accounts such as LinkedIn, Amazon, Dropbox, Google and Facebook from being hacked by adding them to your app. Find out about using the Microsoft Authenticator app.
Need help or want to share your feedback?
For general enquiries, please contact the IT Service Desk on +61 3 9214 5000 or use My Service Portal.
You can also share feedback and tell us about your experience with using MFA by emailing itfeedback@swinburne.edu.au.