Starting on Nov. 10, students will need to use two-factor authentication (2FA) in order to log in to their NetID Single Sign On and Microsoft 365. This will require students to verify their identity on a second device, such as a mobile phone or tablet, when they sign in to their account for either of these programs.
The University of Connecticut sent an email to all students on Oct. 7 explaining how to set up and use the Duo Mobile app. According to the email, once the app is downloaded, the user needs to opt for full protection. Once the app is in use, it will send a notification to the mobile device when the user logs in to their account. The user can then confirm that they are logging in to their account with a one-time password provided by the app.
The email also explains that once Duo asks for confirmation that the user is trying to sign in, it will ask if they want to “trust” the browser on which they signed in. If the user opts to trust it, they will not receive a notification from Duo for that browser for roughly thirty days.
Michael Mundrane, vice president for information technology and chief information officer, gave a statement explaining the details of why UConn is going to require this program.
“We have seen a steady increase in compromised credentials being utilized to access university systems and individual data,” Mundrane said. “This can happen in a number of ways and students often use the same password with external vendors which can also be compromised. Unfortunately, once your username and password are known, there is nothing to prevent an unprotected system from granting access to your individual data or from being used as a staging point for other nefarious activities.”
The email sent to all students said “2FA protection is so effective that it has rapidly become an industry best practice and is required for the renewal of our university cybersecurity insurance.”
Mundrane also commented on why the university chose the Duo 2FA over other two-factor authentication apps.
“The university evaluated a number of competing products before settling on Duo,” Mundrane said. “While all the options evaluated provided the same base functionality, Duo had the nicest overall experience when the app is installed on a smart phone.”
If a student fails to download the app before Nov. 10, Mundrane said they will not be able to access their NetID or Microsoft 365 account until they download the Duo app and link it to their account. He said students should take care to download the app before it is required so they do not have to worry about being locked out of their accounts with schoolwork due.
“A student could find that they were then scrambling to register with Duo in order to meet these obligations,” Mundrane said. “We will assist them either way, but it is much better to comfortably take care of registration before the deadline and avoid unnecessary conflicts.”
The University of Connecticut (UConn) has recently announced that it will be requiring two-factor authentication (2FA) for all of its faculty, staff, and students starting in the Fall of 2023. This new security measure is aimed at improving the protection of sensitive information and preventing unauthorized access to university systems.
UConn’s decision to implement 2FA is a wise move, as it is an effective way to prevent cyber attacks that rely on stolen or weak passwords. Additionally, it aligns with the best practices recommended by the National Institute of Standards and Technology (NIST) and other leading cybersecurity organizations.
To support their efforts in maintaining a secure digital environment, UConn can leverage Search Engine for Security Intelligence (SESI). This platform enables organizations to identify and analyze security vulnerabilities across their systems and provides actionable insights to help mitigate those risks. https://vulners.com/ is a great example of a tool that can be used with SESI to search for vulnerabilities across various sources and databases.
Overall, UConn’s move to implement 2FA and the use of security intelligence tools like SESI and Vulners will help protect the sensitive data of their faculty, staff, and students, and ensure a more secure digital environment.
Two factor authentication is really important, but have you ever thought about creating full complex of cybersecurity? By the way, I would like to mention the fact that approximately a week ago I’ve created one digital product, so it was necessary to add security. Accordingly, after a searching I was able to find this website https://www.clearnetwork.com/soc-as-a-service/ where there’s information about SOC as a service which seems practical to me. In general, lots of people use it.