50°F

To acquire wisdom, one must observe

New security systems to be added online

Information Technology Services (ITS) have implemented Duo two-factor authentication in an attempt to better secure access to Brandeis University systems, according to an email sent to Brandeis students. With Duo, members of the Brandeis community must validate every login to their account, which “enables you to deny fraudulent login attempts to your account.”

David Albrecht, the Director for Network, System and Security at Brandeis, expects all students to be signed up for Duo by the next academic year, and said the authentication was partly implemented to decrease the number of compromised accounts on campus. “We look at the total threat landscape and as we look at the systems responsible for holding protected information based on state and federal guidelines, over the past few years, we have seen a fair number of compromised accounts,” said Albrecht in an interview with The Brandeis Hoot. “Mostly those come from students, but we have had some staff and faculty, especially dealing with password related phishing attempts.”

Albrecht says that main reasoning for implementing the two-factor authentication system is to help the university “mitigate the risk” of more compromised accounts.

Once enrolled in Duo, individuals will be required to sign in with two forms of authentication: a username and password and a physical device. All Brandeis protected systems and services including Google Suite, LATTE, and Sage, among others, will have Duo authentication added. According to Albrecht, since Brandeis’ security system is a single-sign on system, all applications will now have Duo.

Duo will prompt an authentication through three different methods. When attempting to login, the user will be prompted to send a push notification to the Duo mobile app, available on both iPhone, Android and Windows Phones, which will allow the user to verify the login. A SMS/text message or a phone call can also be used to authenticate a login. A tablet or landline phone is also usable as a second device, if an individual is not in possession of a smartphone.

Students may also obtain a hardware token from the Technology Help Desk. Hardware tokens are devices that display six-digit passcodes at the push of a button. Tokens do not require wireless access or data connection.

Once on the “Duo Authentication” page, students are able to remember their browser for 30 days. According to the website, “Two-step authentication is requested at least every 30 days for each computer and each browser you use to access Brandeis protected websites.”

If a student forgets their two-step authentication device and does not have access to a backup device, the Technology Help Desk will provide a one-time use password to access their accounts. Verification of identity is required.

Duo is currently not compatible with other authentication applications, such as Google Authenticator or LastPass Authenticator, according to the ITS website. It states that if a student has Google 2-step on their Brandeis account, Duo is meant as a replacement. Both may be used together, but it will prompt twice for a second authentication factor.

If a student is traveling to a location with limited, or no, cellular service or internet connection, they should obtain a hardware token from the Technology Help Desk prior to travel and have Duo send 10 different passcodes to their phone that can be used throughout their trip.

The IT department has had Duo for almost a year, according to Albrecht. It has also been slowly implemented with different faculty in certain departments, depending on their access to university services.

Albrecht says the main goal of using Duo is “to protect data and minimize the number of account compromises,” and it will hopefully help bolster more security awareness across campus.

“Higher education has always lagged behind in IT security,” explained Albrecht. “There are new threats every day and it’s hard to keep up with those threats and the only way to deal with that is to start to implement more security features to limit the risk, to provide more education for the community.”

According to the email, Duo is currently being rolled out to student workers in two different waves according to their department. By April 2019, Duo two-factor authentication will also be required to access Workday, according to the ITS website.

Get Our Stories Sent To Your Inbox

Skip to content