Improving cyber safety at IU
November 8, 2016
From UITS Monitor
Brad Wheeler, IU vice president for information technology and chief information officer, just announced that two-step login will be required for all IU employees as of year-end. That includes faculty, staff, student employees, retirees, volunteer faculty and affiliates.
Here's a quick rundown of what you need to know.
1. See it in action: Did we mention there's video?
Two-step login adds a second layer of security to IU logins. Combining a verification step with your IU username and passphrase keeps anyone but you from logging in.
Watch how simple it is below!
See why we're doing this.
2. Step-by-step enrollment and setup
Good news: UITS just launched the new twostep.iu.edu website (login required) to walk you through the setup on your preferred device. If you'd rather not follow the link, just search One.IU for "two step."
Enable two-step login for all IU logins as soon as possible. It's worth it to keep someone from hijacking your accounts, redirecting your money or changing your grades.
3. Common misconceptions
Two-step login helps keep cyber thieves at bay. But some people have the mistaken impression that it's high tech.
Rumor #1: You need a smartphone. Actually, a tablet, a regular cellphone or even a landline will do. Most people find the mobile app to be the most convenient, but you have several options -- including Google Voice, which doesn't require a separate device.
Rumor #2: You need a Wi-Fi connection. No problem if you can't connect -- the mobile app works in airplane mode, without a cell signal and without Wi-Fi. Just tap the key icon to get a passcode.
Rumor #3: You'll have to verify your identity all the time. That's only every once in a while, when you log in via a new web browser session. (If you keep your browser open, you may only need to log in once a day on each device.) If you forget, lose or misplace your device, contact the Support Center.
Rumor #4: Your old token won't work anymore. If you already have a Duo hardware token, it will continue to work just as it has before.
4. Face-to-face support at upcoming events
Have more questions or need help with setup? During the months leading up to the end-of-year enrollment deadline, you can get in-person support at campus events.
Get help with setup, adding a second device to your profile, and any other questions you have about two-step login. View the current schedule. Regional campuses: Visit your campus help desk for walk-in support.
5. A quick reminder about digital signatures
"This message has been digitally signed by email@example.com."
What does that mean? Digital signatures certify that a message was sent from the account of the digital certificate holder and was not modified during transmission.
Basically, a digital signature is another way to assess authenticity. Even if a message is digitally signed, we encourage you to 1) make sure the "from" address and digital signature match and 2) verify the certificate before following any links.