Georgia Tech Introduces Two-Factor Authentication to Secure Data and Services
Beginning with the Office of Information Technology (OIT) in 2014, two-factor authentication is an Institute-wide initiative aimed at protecting all campus-wide data and systems. Supported by DUO Security, two-step authentication further secures the Georgia Tech network application data, intellectual property, and user accounts of students, faculty, staff, and researchers.
To date, more than 4,000, faculty, staff, and student workers use two-factor authentication at Georgia Tech, including the Office of the President. Plans are underway to enroll all faculty and staff by the end of 2016, with students being required to use two-factor authentication in the coming year.
A single authentication method helps to decrease the risk for data and system vulnerabilities, but the risk of compromised accounts by phished credentials is still high. Now, with the implementation of two-factor authentication, those security vulnerabilities are decreased. Users will be required to use two-factor authentication when accessing systems on campus as well as when accessing them remotely via Virtual Private Network (VPN) protocol.
“We are living in a time where cyber attacks are the norm, and Georgia Tech is not immune. In fact, we are subject to millions of attempted attacks each day,” said Rafael L. Bras, provost and executive vice president for Academic Affairs. “Two-factor authentication makes our systems and each one of us much safer. “
How does it work?
Two-factor authentication works on two factors – something you know and something you have. For example, using a Tech application such as BuzzPort currently requires a username and password (something you know). The second layer of security, the second factor, requires a user to provide a second authentication (something you have), usually in the form of a generated number from a phone application or key fob, to a login screen before gaining access to protected applications. Because the second authentication is independent from your username and password, if your password is stolen, the web application using two-factor authentication is safe from attempted hackers.
Currently, two-factor authentication will only be used on applications and systems that are web-based and require you to login via CAS (Central Authentication Service). The upgraded CAS service will continue to offer a first layer of security when you enter your username and password, but will now also support two-factor authentication when accessing Georgia Tech applications.
“I have been using two-factor authorization successfully for months, and the additional step to log in to secure sites is very much worth the additional peace of mind and added security,” said Bras. "The system being implemented across the Institute is the standard in many organizations, is easy to use, and works very well. The security of our data is a shared responsibility of all of us.
Already, OIT has added enhancements to the application including self-service options in Passport which allow you to add a second device, print a series of codes for one-time use, see the status of your security using two-factor from the CAS login screen, and add a trusted friend or colleague to help you access systems if you forget your second device.
IT support professionals in each college will be working with individuals in their units to implement the change.
"OIT is committed to empowering campus IT professionals in supporting all of our campus users as effectively as possible," said Greg Phillips, associate director in OIT. “We’ve worked collaboratively across the organization to design processes and modify the existing DUO user interface in order to facilitate the deployment of two-factor authentication more effectively. Working with our Technology Support Center, we’re focused on ensuring that all of our campus is well supported with this and other central technology services."
If your department or school is ready to enroll in two-factor authentication, send a request (including your name and department) to 2FA@oit.gatech.edu.