ODU Will Require Two-Factor Authentication to Access Accounts
October 08, 2018
Old Dominion University receives thousands of phishing emails each year, and 10 to 30 percent of phished accounts become compromised, according to Doug Streit, ODU's chief information security officer.
Hongyi "Michael" Wu, professor of electrical and computer engineering, said that the Verizon 2016 Data Breach Investigations Report shows that 63 percent of confirmed data breaches involved weak, default or stolen passwords.
These are just two reasons why ODU will require two-factor authentication starting in November.
"Two-factor authentication is a proven technology that adds further security to the login sequence. Many other organizations have adopted or will soon adopt two-factor authentication," said Wu, who was an early adopter of two-factor authentication.
Two-factor authentication adds a layer of security to online accounts by requiring users to provide a second form of digital identification in addition to a standard user name and password.
Considering that a MIDAS ID and password provide access to most ODU services, a single compromised account poses a notable risk to ODU systems and personal information.
"Last year, a student's email account was compromised and used to send a job scam out to thousands of ODU students. Several of those students responded to the job scam, and at least one resulted in a police report," Streit said.
When accounts are protected by two-factor authentication, scammers who are able to steal MIDAS passwords hit a wall when they're asked for a second form of identification.
"Phishing and job scams will still be possible," Streit said, "but it will be much more difficult to initiate them from odu.edu email addresses."
Enrolling in two-factor authentication
Faculty and staff can enroll in two-factor authentication between now and November, at which time it will be enforced for all faculty and staff accounts. Students and other University affiliates have until spring 2019 to enroll.
Complete enrollment instructions are found at www.odu.edu/two-factor.
Using two-factor authentication
After enrolling, users will log in to Monarch-Key services (including myODU, Blackboard and Leo Online) with a MIDAS ID and password. They will then have to confirm their identity with a second authentication method.
Verification takes just a couple of seconds. Most users will use the Duo Mobile app to send a push notification to their personal mobile device. Other options include hardware or software tokens that generate single-use passcodes.
"So far, over 1,000 employees have enrolled in two-factor authentication at ODU," Streit said. "Many have told me that they appreciate the added protection."
Representatives from Information Technology Services (ITS) will be available at several events across campus in the next few months to increase awareness and assist with two-factor enrollment. Visit www.odu.edu/two-factor for upcoming events and other helpful tips.