Two-factor authentication at the U enters the pilot phase - University Information Technology

Note: Some of the information in this article is outdated. For current 2FA information please visit it.utah.edu/2fa.

Enabling 2FA using DUO

By Emily Rushton

Whether we like it or not, these days, passwords alone are no longer sufficient – especially when it comes to protecting your data.

“It’s just really easy to guess passwords. Especially when you have people whose full time jobs are attempting to get past those passwords,” said Rachael Sheedy, senior business analyst for UIT’s Identity and Access Management group within the Information Security Office (ISO).

“Passwords are vulnerable,” she said. “And even though we encourage complexity rules and periodic password changes, people simply don’t do it.”

That’s where two-factor authentication (2FA) comes in – the idea that you are authenticating your identity via two separate factors, one of which isn’t your password.

“Something you know, which is your password, and something you have, which is your token,” explained Sheedy. “It’s far less likely that someone is going to have access to both of those items.”

The token is a secondary device, typically a phone or tablet, that will provide assurance beyond a simple password when authenticating with 2FA. The enhanced security means that even if hackers managed to obtain your login credentials, the information is useless to them without access to your token.

This will create an extra step for authenticating, depending on the application users are trying to access, but Sheedy says the extra protection is more than worth it.

“It will take just a little bit longer,” said Sheedy. “But for me, this is a strong, compelling reason to use 2FA, because I know that I’m responsible for my University account. And I do not want to let down my guard or be the weak link in the organization.”

“It’s not fool-proof,” she added. “But it’s so much better than just using a password.”

The 2FA program is currently in a pilot phase, with University Information Technology (UIT), Campus Human Resources, and Utah Education Network (UEN) participating. The goal is to further test and refine the service before it’s launched University-wide.

“We don’t want to make this a University-wide change until we’re confident that we’ve worked out all the details,” assured Sheedy.

Simply put, 2FA will provide increased security and better protection for University of Utah users during a time when massive security breaches continue to govern the news headlines.

As Sheedy summarized it matter-of-factly, “You can’t always be 100% on your game. And that’s when they get you.”