Two factors are better than one: sign up now for Duo authentication

January 29, 2015

Security breaches make the news with depressing regularity. Retailers including Target, Home Depot, and Staples have been hacked, giving cybercriminals access to customers? credit card numbers or other personal information, from email addresses to phone numbers.

Spear-phishing attacks, such as payroll scams at universities, have taken phishing to a new level. Criminal hackers collect information about a given community and then send targeted emails to try to harvest passwords or other credentials.

If people are using two-factor authentication to protect their fake money in a video game, shouldn?t we be using it to protect our real assets at MIT?

On top of this, substantial increases in computing power have made it easier than ever to break passwords. Beyond ditching your devices and hiding in a cave, what can you do to protect sensitive data?

The benefits of two-factor authentication

One way to strengthen security is to use two-factor authentication (2FA). Twitter, Google, Facebook, Dropbox, Apple, and Microsoft all offer it, as does Blizzard Entertainment in its World of Warcraft game. As IS&T manager Garry Zacheiss notes, ?If people are using two-factor authentication to protect their fake money in a video game, shouldn?t we be using it to protect our real assets at MIT??

The answer is yes. IS&T is now providing access to Duo, a two-factor authentication system from Duo Security. It?s being used for Touchstone-enabled web applications at MIT ? from Atlas and Stellar to the Roles Database and MIT Wiki Service.

But let?s backtrack a moment: just what is a factor? In cyberspeak, a factor is something the user "knows" (such as a password), "is" (such as a fingerprint), or "has" (such as a smartphone). Adding a second authentication factor to a login, beyond a password, makes the process much more secure. Even if hackers steal your password, they can?t pretend they?re you if they don?t have access to your smartphone or have your fingerprint (literally) on hand.

Duo at MIT

After in-house testing and a successful pilot, IS&T is making Duo available to the MIT community. This self-service web application lets you:

  • Enroll with Duo Security if you?re a new user
  • Associate a phone or phones with your Duo account
  • Manage existing devices associated with your account
  • Enable Duo authentication as a requirement for Touchstone logins

Zacheiss recommends that community members sign up for Duo with their smartphones, since they offer the best user experience (via Duo Push). If you don?t own a smartphone, you can opt to receive authenticating robocalls on your landline.

Learn more

To learn more about installing and using Duo at MIT, visit the Two-Factor Authentication with Duo page in the Knowledge Base. You may also want to check out Duo?s Guide to Two-Factor Authentication.

Questions

If you have questions, contact the IS&T Computing Help Desk at helpdesk@mit.edu or 617.253.1101.

This article is courtesy of the Information Systems & Technology website.