Two-Factor Authentication (2FA) using Duo Security

What is Two-Factor Authentication?

Two Factor Authentication, also known as 2FA, is a two-step verification method that requires a username and password and a second method of verification.  Many consumer email and online banking applications now incorporate this additional layer of account security. For most applications using 2FA, it is most common for users to retrieve a passcode from their cell phone, smartphone, or other smart device to access their account. 

2FA is an important step in providing security beyond your password.  In addition to awareness programs and systematic updates to systems and computers, 2FA is an extra layer of security that protects against unauthorized access due to phishing and other password attacks.

Why is SJU moving to Two-Factor Authentication?

As part of our ongoing efforts to enhance information security at SJU, the Office of Information Technology will be releasing a 2FA tool in March, 2018.  Password management has always been a weak point in systems that rely solely on a knowledge-based authentication factor. As the number of accounts that the average user must maintain has exploded, passwords are reused across multiple systems, making unassociated services vulnerable when a reused password is leaked.

More important, however, is the increasing sophistication of phishing attacks. These targeted attacks can be difficult for even savvy users to avoid. Passwords are simply no longer reliable as the sole method of authentication to sensitive systems.

What product is SJU using for 2FA?

SJU has selected and implemented Duo Security as our 2FA application. Duo is an industry leader that provides users with multiple options to gain access to their account using 2FA.  You can prompt the code from a device of your choosing (typically your smartphone).  Using the Duo Mobile smartphone app (for iOS and Android) is the simplest and preferred method for obtaining the second-factor codes, but tokens and other methods are available.

How do I enroll in Duo Security?

At this time, SJU will only be implementing Duo Security for VPN users but we do have plans for widespread use in the near future. For instructions on configuring Duo Security for the first time, visit our Knowledgebase.  



Mon 1/29/18 11:10 AM
Thu 4/12/18 9:43 AM