September 30: the Duo date for MIT staff and affiliates

September 29, 2015

As announced in a memo sent in mid-July, MIT faculty, staff and affiliates will be required to sign up for a two-factor authentication service called Duo no later than September 30. It?s all about strengthening IT security at MIT, something that?s crucial to both the Institute and our community.

Why the Need for Added Security?
Security breaches make the news with depressing regularity. From retailers like The Home Depot to banks like JPMorgan Chase to health insurers like Anthem, countless systems have been hacked, giving cybercriminals access to credit card numbers, email addresses, phone numbers, or other personal information.

Spear-phishing attacks, such as payroll scams at universities, have taken phishing to a new level. Criminal hackers collect information about a given community and then send targeted emails to try to harvest passwords or other credentials.

It?s also easier than ever to break passwords, due to substantial increases in computing power, an expanding inventory of viruses and other types of malicious code, and keystroke logging.

On top of these vulnerabilities, there?s another major concern. Users may not know for long periods of time that their passwords have been compromised. A hacker logging in with a compromised password merely shows up within security logs as a successful login.

This article is courtesy of the Information Systems & Technology Department. To read the full article visit the IS&T website.