Simply using passwords is not enough anymore. With all the hacking techniques out there, a malicious actor can gain access to your account before you know what is happening.
One way to combat these techniques is to use Multi-Factor Authentication (MFA), sometimes called Two-Factor Authentication. This helps the campus verify you are "you" before access to campus resources is granted. MFA is instrumental in preventing unauthorized access, which is usually the first thing an organization is told to implement after they have suffered a serious security incident.
The separate method is usually through your own personal mobile device, which has previously been verified as yours. You will get a phone call, a text, or the Microsoft Authenticator App asking you if you approve the access. Since two separate methods are used, the likelihood someone has gained access to both is rare since it requires you to be in a specific geographic location or have access to a specific device.
Multi-Factor Authentication (MFA) is not foolproof. If you are not diligent with verifying only MFA requests that you have personally intentionally initiated, you could give access to an unauthorized and possibly malicious actor.
If you would like instruction on how to do any of these tasks, see the Multi-Factor Authentication page.
UM System implemented a System-wide policy requiring Multi-Factor Authentication (MFA) for all accounts on July 8th, 2020.