FROM: University Technology Services
RE: Attention Faculty and Staff - Duo two-factor authentication is coming soon!
Sent: 7/23/2020 10:11:53 AM
To: Faculty, Staff
To improve our security posture (specifically against phishing), we will be incorporating Duo Security as a two-factor authentication solution into our existing IT infrastructure.
No immediate action is necessary. This email is to notify and educate you about the upcoming rollout of Duo two-factor authentication. You will receive further communications when action is needed.
What is Duo Security?
Duo Security is a company that provides a cloud-based software service that utilizes two-factor authentication to ensure secure access to services and data. Learn more by clicking here.
What is two-factor authentication?
Two-factor authentication provides a second layer of security to any type of login, requiring extra information or a physical device to log in, in addition to your password.
By requiring two different channels of authentication, we can protect user logins from remote attacks that may exploit stolen usernames and passwords.
Why do we need two-factor authentication?
Login credentials are more valuable than ever and are increasingly easy to compromise. Over 90% of breaches today involve compromised usernames and passwords.
Two-factor authentication enhances the security of your account by using a secondary device to verify your identity. This prevents anyone but you from accessing your account, even if they know your password.
How will Duo change my login experience?
When logging in to an application that is protected by Duo, you will still enter your username and password. After inputting your login information, Duo requires you to complete a method of second-factor authentication. This 2nd factor can be either the Duo App on your Smartphone, or a hardware fob that we will provide. (The App is the recommended method.)
Duo does not replace or require you to change your username and password. Think of Duo as a layer of security added to your pre-existing login method.
Some general notes on experience at Cal U:
- On a phone, due to tokens caching - You generally only need to use the 2nd factor when you enroll and when your password changes.
- From a PC browser, you will have the option to check 'Remember Me' which remembers the Device/Browser for 7 days. IF you use a different Device/Browser you would have to use the 2nd factor again as it is device specific.
- If you are on the campus network (wired or wireless), DUO will not ask for authentication. So if you are connected into your work computer, or if you're onsite...you won't have to use it.
More information on the rollout of Duo is coming soon.