Starting on Nov. 10, students will need to use two-factor authentication (2FA) in order to log in to their NetID Single Sign On and Microsoft 365. This will require students to verify their identity on a second device, such as a mobile phone or tablet, when they sign in to their account for either of these programs.
The University of Connecticut sent an email to all students on Oct. 7 explaining how to set up and use the Duo Mobile app. According to the email, once the app is downloaded, the user needs to opt for full protection. Once the app is in use, it will send a notification to the mobile device when the user logs in to their account. The user can then confirm that they are logging in to their account with a one-time password provided by the app.
The email also explains that once Duo asks for confirmation that the user is trying to sign in, it will ask if they want to “trust” the browser on which they signed in. If the user opts to trust it, they will not receive a notification from Duo for that browser for roughly thirty days.
Michael Mundrane, vice president for information technology and chief information officer, gave a statement explaining the details of why UConn is going to require this program.
“We have seen a steady increase in compromised credentials being utilized to access university systems and individual data,” Mundrane said. “This can happen in a number of ways and students often use the same password with external vendors which can also be compromised. Unfortunately, once your username and password are known, there is nothing to prevent an unprotected system from granting access to your individual data or from being used as a staging point for other nefarious activities.”
The email sent to all students said “2FA protection is so effective that it has rapidly become an industry best practice and is required for the renewal of our university cybersecurity insurance.”
Mundrane also commented on why the university chose the Duo 2FA over other two-factor authentication apps.
“The university evaluated a number of competing products before settling on Duo,” Mundrane said. “While all the options evaluated provided the same base functionality, Duo had the nicest overall experience when the app is installed on a smart phone.”
If a student fails to download the app before Nov. 10, Mundrane said they will not be able to access their NetID or Microsoft 365 account until they download the Duo app and link it to their account. He said students should take care to download the app before it is required so they do not have to worry about being locked out of their accounts with schoolwork due.
“A student could find that they were then scrambling to register with Duo in order to meet these obligations,” Mundrane said. “We will assist them either way, but it is much better to comfortably take care of registration before the deadline and avoid unnecessary conflicts.”