U rolling out Duo 2FA requirement for students, affiliates, and alumni
The University of Utah will soon require all community members with a uNID account to use Duo two-factor authentication (2FA) to access certain U online applications and resources. The university is implementing the mandatory IT security measure to better protect institutional and user data.
On Tuesday, February 22, 2022, UIT’s Information Security Office (ISO) began to enforce the requirement on a rolling basis for students. The ISO will enable Duo 2FA for affiliates and alumni at a later date. Previously, only U faculty and staff, including student employees, and University of Utah Health personnel were required to use Duo 2FA. The update to the U’s IT security standards brings the university in line with most of its Pac-12 peers.
“Enabling 2FA on our uNID accounts helps us protect the university and users’ information,” Chief Information Security Officer Corey Roach said. “We strive to make using Duo 2FA as easy and seamless as possible, but with the cybersecurity threats we face today, 2FA has become an essential part of any responsible IT security program.”
2FA provides an extra layer of security by requiring a user to log in with a username and password plus a second method of verifying the user's identity. This helps prevent unauthorized access to university email and online applications as a result of phishing schemes and other scams.
“It is the U’s responsibility to take reasonable precautions to safeguard the privacy, data, and identities of its students, patients, faculty, staff, and guests,” said Chris Stucker, associate director for the ISO’s Identity & Access Management team. “2FA makes compromises more difficult and significantly decreases the number of IT security incidents when implemented.”
The ISO encourages students, alumni, and affiliates to prepare for the change by setting up a Duo 2FA account via the Duo Management Portal. Duo's mobile app works on smartphones and tablets, and is the preferred method of authentication. Users may also purchase a Duo token for $23 through the U Campus Store.
For more information about Duo 2FA, please visit this IT Knowledge Base article.
Duo 2FA requirements
Duo 2FA will be required to access all U resources that use Central Authentication Services (CAS), such as:
- UMail from any email application — e.g., Microsoft Outlook (Windows, macOS, Android, iOS) and Apple Mail
- Campus Information Services (CIS)
- Microsoft Office 365 applications — e.g., OneDrive, Word, Excel, PowerPoint, and Teams
- The Office of Software Licensing web store
Please note that some services, such as the Palo Alto GlobalProtect virtual private network (VPN), currently require Duo 2FA regardless of a user’s role.
The U’s Information Security Office (ISO) encourages the university community to review every Duo 2FA push notification for authenticity. If you did not request a Duo prompt, you should deny it. By denying unexpected Duo prompts, you protect your account and enable the ISO to investigate the incident.
Our monthly newsletter includes news from UIT and other campus/ University of Utah Health IT organizations, features about UIT employees, IT governance news, and various announcements and updates.