The security feature Duo Two-Factor Authenication is coming to Colorado State University’s Microsoft 365 applications and email to protect students, faculty and staff from attacks like phishing and other scams.
“It is to protect us,” said Kelly Poto, information security specialist and cybersecurity internship coordinator for Colorado State University. “There have been several instances very local that have really sparked us to reconsider how we do our security and to ensure we are securing everyone to the best of our abilities.”
Ad
Beginning Oct. 4, the University will require Duo Two-Factor Authentication for all students, faculty and staff to access their email and other Microsoft 365 applications, including Microsoft Teams, Word and OneDrive.
“On Oct. 4: That is a very hard date, and you will be cut off to your email services — Word, Microsoft Teams, any of that,” Poto said.
According to CSU’s webpage about Duo Two-Factor Authentication, Duo requires a piece of information other than a username and password for access to an account. Authentication methods can be a push authentication request through the Duo Mobile app, a passcode generated by the Duo Mobile app, a phone call or a hardware token purchased from RamTech.
After logging in with a username and password, users will choose which authentication method to use to verify their identity.
In the last five years, the increase of attacks on universities has dramatically increased. Here at CSU, of the attacks that we do have, about 82% of those are successfully targeted toward student accounts.” –Kelly Poto, Information Security Specialist
Students, faculty and staff not already registered with Duo are encouraged to do so before Oct. 4. The Duo Mobile app, any phone or a hardware token can be registered for Duo Two-Factor Authentication. The Duo Mobile app can be downloaded from a smartphone’s app store.
“What this will do is essentially put everyone on campus behind Duo, which will require that when you log into your email, or that when you log into (Microsoft) Teams, that you will need to authenticate,” Poto said.
However, students, faculty and staff won’t need to authenticate every time they log in. According to CSU’s Duo Two-Factor Authentication FAQ webpage, within 48 hours of activation, users should expect login prompts from the Microsoft applications, including Outlook, Teams, etc., that they use.
According to Poto, after the first authentication through each Microsoft product, authentication will only be required when a password is renewed or if the system recognizes a device or network that it doesn’t know.
Poto explained that technology-related attacks on universities have increased in recent years.
Ad
“In the last five years, the increase of attacks on universities has dramatically increased,” Poto said. “Here at CSU, of the attacks that we do have, about 82% of those are successfully targeted toward student accounts.”
CSU will be offering in-person support across campus to set up Duo Two-Factor Authentication and register devices until Oct. 1. The dates, times and locations are on CSU’s Duo In-Person Support page.
“Once you get it established, it’s very easy to use; it is not invasive, and it’s going to add a ton of protection to your data, to your personal information,” Poto said. “So we’re really excited that we’re rolling it out, and we’re happy that leadership is supporting it in this way.”
Piper Russell can be reached at news@collegian.com or on Twitter @PiperRussell10.
