The University of Michigan is making it mandatory for all faculty, staff and sponsored affiliates to turn on two-factor authentication through Duo by Jan. 23. An email from University Information and Technology Services was sent out to all faculty on Oct. 1, encouraging them to begin turning on two-factor authentication in acknowledgment of National Cybersecurity Awareness Month.
Two-factor authentication is a method meant to make personal accounts more secure. With the system enabled, users must log in to their account by verifying their information with a second factor. Duo Security is one of Ann Arbor’s fastest growing startup companies—Cisco purchased the company for $2.3 milion this summer.
Ravi Pendse, ITS vice president and chief information officer at the University, explained two-factor as a combination of what you know and what you have.
“When I think of two-factor, I really think of it as a combination of what you know, meaning your password, and what you have, meaning your second factor,” Pendse said. “And what you have could be your smartphone, or it could be a variety of other things.”
Pendse described a number of options people can choose from for their second factor. The most common is to receive a push notification on your smartphone, but a text message, a hardware token or a special string of code are also available.
Pendse said he believed that in the current climate, it is necessary to make sure we are protecting our accounts from phishing attacks and other forms of hacking.
“Frankly, in the world we live in right now, we are constantly dealing with security challenges,” Pendse said. “I’m sure not a day goes by when you don’t pick up a newspaper with an article where somebody is hacked.”
DePriest Dockins, assistant director of identity and access management at ITS, also voiced his excitement about the potential of two-factor authentication on campus.
“We are really excited about expanding two-factor across the Ann Arbor and the Dearborn campuses,” DePriest said. “I think that this will go a long way in making us more secure.”
Florian Schaub, assistant professor at the School of Information and College of Engineering, said he enabled two-factor authentication as soon as it became available and believes in the push to make it mandatory among faculty.
“I think it is an important step,” Schaub said. “Personally, it doesn’t affect me too much because I already have two-factor authentication enabled from the day we were able to do it, and the reason why two-factor authentication is important is because it potentially limits the risk of phishing attacks, someone trying to hack into your account, and all kinds of other things.”
Schaub said he heard some faculty members voice concerns about the logistics of authentication.
“I know people who have been using two-factor authentication for a while now, but I also hear of people who are a little bit concerned that they have to change how they log in to their systems or might be concerned because they don’t have a smartphone, for example,” he said.
Receiving a phone call or a text message are options for people who do not have smart phones. ITS is prepared to tackle questions that faculty or students might have about two-factor authentication.
Pendse said he has faith that two-factor authentication will help protect accounts, and believes that collaboration and conversation with other campus groups will make two-factor authentification a reality for all students. Pendse acknowledged that the change will take careful consideration for the interests of students and will not happen overnight.
“It takes the whole University of Michigan to keep us safe, so each one of us needs to do this,” Pendse said. “That way not only will it keep each person’s personal information safe, but it also will help protect everyone.”