Next semester will bring a revamped security system from IITS for many Haverford-related websites. In August, IITS announced a gradual roll-out of a two-factor authentication system throughout the year which will reach all students come February.
IITS has chosen to implement Duo, a two-factor authentication system, to protect all web pages which currently require a Haverford email to log on. These include BiOnIC, Moodle, GMail, and Workday, among others. “Duo is the industry leader in providing 2 factor authentication and many other colleges and corporate institutions of varying sizes use it,” said Director of Client Services Benjamin Roma via email. “Bryn Mawr and Swarthmore both use Duo as well. It is very fast, reliable, and works with all of our systems.”
Implementing Duo will increase Haverford’s online security at the cost of adding an extra step to log onto certain college sites. “Duo effectively protects against phishing attempts, as well as any other account compromising method such as keylogging, by requiring the user to provide a second method of authentication,” said Roma. “This way even if a user’s password is compromised the bad actor still cannot access the account without that second factor.” Haverford account-holders will thus need a second device, typically a cellphone, to enter an authentication code each time they attempt to log on to a Haverford site from a computer.
IITS plans to offer students a keychain-like device which can provide authentication codes as an alternative to secondary cell phones or tablets. These will be available for $20 from the ProDesk, though Roma notes that LIFTFAR may cover the cost of these devices for those who need assistance paying for it.
Currently, all faculty and staff are enrolled in Duo, as well as some students who will be going abroad for the Spring 2019 semester. “As a Computer Science major I see the value [in the security that Duo provides] but I find it hard to believe that anyone is trying to hack me in a way that Duo can stop,” said Emily Lobel, BMC ‘20, who has had Duo since Bryn Mawr implemented the system earlier this year. “It’s annoying but it’s not the worst ever. The only problem is what are you supposed to do if your device with the app on it dies? How can I check my email if my phone is dead?”
Soon, all Haverford students will receive information about how to enroll in Duo. The deadline for self-enrolling will be Feb. 25 at 12:00 PM, after which time IITS will automatically enroll all accounts.