Password Change Campaign/MFA Enforcement - 2024

Little bit of background; to ensure the security of all our systems, we undergo a Password Change campaign every 6 months across the Ecosystem.

With the start of our Cyber Essentials Plus accreditation, MFA/2FA is becoming an industry-wide requirement to have enforced on all our systems. Any systems which do not offer MFA/2FA would need to be reviewed and possibly replaced.

With the above in mind, our 2024 campaign will combine Password Changes and MFA Enforcement in a phased way for Q1.

This is off the back of feedback from the previous Password Campaign and the result of the enforcement of MFA in December 2023 with our Google accounts. The longer time frame, coupled with MFA enforcement dates, will help to manage your time to change your passwords and set up MFA. This way will also help to ensure that the IT Team doesn't become overwhelmed with Support Requests from users who need assistance and to prevent any wide-range system lock-outs due to MFA enforcement.

Key Points:

The Campaign will start on Monday 15th January 2024 and end on Friday 1st March 2024
You can start changing your passwords and setting up MFA yourself (particularly before the MFA enforcement dates)
The User Guide (Password: cXyUqV9bZb9L) contains all the information you need to change your passwords and to set up MFA/2FA yourself
MFA will be enforced for each system listed in the User Guide on the dates provided (as a rough guide, every Monday) - enforcement means that you will have to set up MFA before you can access a system
MFA is a security tool used to identify yourself while accessing a system. The very nature of MFA means that the choice of MFA method falls to you, the user. IT is able to advise and present to you the options but we can't always tell you definitively which MFA method is correct for you. We have produced MFA guidance in the User Guide for you, but if you still require more assistance, please send us a request on the IT Platform to book some time with us.

The Core Accounts which are included in this Campaign (available in the User Guide):

MFA - Authenticator App Options (available in the User Guide with additional guidance):

Your actions for this Campaign:

Follow the guidance in the User Guide to change your passwords and set up MFA
Review the sharing permissions for your passwords and revoke any unnecessary shared access (BlueCube can be removed across all of your passwords)
Complete and Sign the Disclaimer sent to you via DocuSign to confirm you have changed your passwords and enabled MFA. DocuSign disclaimers will start to be sent out from Monday 15th January 2024

Key Links:

The User Guide (Password: cXyUqV9bZb9L)
This information is available on our Knowledge Base
Book IT Support or email us at itservices@m2m.bio

Reminders will be sent out periodically on the IT Updates channel and on the IT Platform as an announcement

Thanks to all - send us any questions if you've got any