Required Two-Factor Authentication Enrollment for All Faculty/Staff Nears January Deadline
Starting Jan. 23, every faculty and staff member accessing Georgia Tech campus services and systems will be required to use two-factor authentication using DUO Security. Enrollment continues in the six colleges and in all academic support units of the Office of the Provost. Any faculty or staff member not enrolled by this time will be locked out of all campus systems and services.
Beginning with the Office of Information Technology (OIT) in 2014, two-factor authentication started being implemented as an Institute-wide initiative aimed at protecting all Institute data and systems.
Two-step authentication further secures the Georgia Tech network application data, intellectual property, and user accounts of students, faculty, staff, and researchers.
All faculty and staff will be enrolled by January 23, 2017, with students being required to use two-factor authentication in the coming year.
A single authentication method helps to decrease the risk for data and system vulnerabilities, but the risk of compromised accounts by phished credentials is still high. Now, with the implementation of two-factor authentication, those security vulnerabilities are decreased. Users are required to use two-factor authentication when accessing systems on campus as well as when accessing them remotely via Virtual Private Network (VPN) protocol.
“We are living in a time where cyber attacks are the norm, and Georgia Tech is not immune. In fact, we are subject to millions of attempted attacks each day,” said Rafael L. Bras, provost and executive vice president for Academic Affairs. “Two-factor authentication makes our systems and each one of us much safer."
How Does it Work?
Two-factor authentication works on two factors – something you know and something you have. For example, using a Tech application such as BuzzPort currently requires a username and password (something you know). The second layer of security, the second factor, requires a user to provide a second authentication (something you have), usually in the form of a generated number from a phone application or key fob, to a login screen before gaining access to protected applications. Because the second authentication is independent from your username and password, if your password is stolen, the web application using two-factor authentication is safe from attempted hackers.
Currently, two-factor authentication is only used on applications and systems that are web-based and require you to login via CAS (Central Authentication Service). The upgraded CAS service will continue to offer a first layer of security when you enter your username and password, but will now also support two-factor authentication when accessing Georgia Tech applications. Additionally, after adopting two-factor authentication, user passwords are reduced from 11 to eight characters, and are only required to be changed once per year, rather than every 120 days.
“The system being implemented across the Institute is the standard in many organizations, is easy to use, and is very much worth the additional peace of mind and added security. The security of our data is a shared responsibility of all of us," said Bras.
OIT has added enhancements to the application, including a "Remember Me for Seven Days" option, self-service options in Passport which allow you to add a second device, print a series of codes for one-time use, see the status of your security using two-factor authentication from the CAS login screen, and add a trusted friend or colleague to help you access systems if you forget your second device.
IT support professionals in each college have worked with individuals in their units to implement the change.
If your department or school is ready to enroll in two-factor authentication, send a request (including your name and department) to 2FA@oit.gatech.edu.