IT News & Events

News about IT at Indiana University and the world

Menu

Two-step logins: A few taps can save you a lifetime of headaches

Dan Calarco, who manages IU’s anti-phishing campaign, explains why doing the two-step is a necessary part of modern life

By Dan Calarco, chief of staff, IU Office of the Vice President for IT and CIO

I admit it: when I hear the ding from the Two-Step Login (Duo) app, I roll my eyes, reach for my phone and click the green check. Most days I don’t even think about how it’s saving me from myself.

Dan Calarco

But it is protecting folks at IU every single day, and it has a perfect record.

Let’s rewind to April 2016. Twelve thousand IU folks received phishing messages and over 800 turned their usernames and passwords over to cyber criminals. The cyber criminals used these credentials to view their W-2s, pay stubs, and even attempted to reroute IU paychecks. This was not a breach or a hack of our systems; it was 800 people individually turning over their credentials unknowingly.

Stealing a password is tough. Stealing a device is tougher. Stealing both at once is pretty ridiculously tough. It’s why we have not seen any unauthorized access to systems behind two-step logins.

It was the digital equivalent of a car thief putting on a red blazer, standing outside a fancy restaurant, and driving off with cars when patrons handed over their keys.

In the months that followed, the cyber criminals have adapted. At universities across the US, we’ve seen criminals use stolen passwords to steal or reroute students’ financial aid and tuition. We’ve seen stolen passwords used for cyberstalking and cyber harassment of students. And we’ve seen more cases of attempted identity theft like IU experienced last year.

Two-step logins like Duo can help prevent many of these cyber attacks. To access systems behind two-step logins, you need to know something (a password) and have something (a trusted device like a smartphone, tablet, landline or a token). Stealing a password is tough. Stealing a device is tougher. Stealing both at once is pretty ridiculously tough. It’s why we have not seen any unauthorized access to systems behind two-step logins.

On November 2, all students will be required to use Two-Step Login (Duo) to access most systems at IU. If you have already signed up—awesome. Just remember to carry your two-step device with you on November 2. If not, go to twostep.iu.edu and register a device. Actually register two devices—there are nearly a dozen different kinds of devices (smartphone, tablet, landline phone, feature phone, Google Voice account, etc.) that you can register, and several of them are free.

Being cyber secure is a 24/7 job. Hovering over every link, inspecting every “From” field, and checking digital certificates on emails and websites is exhausting. Two-step login with Duo is the easiest way  to increase your cybersecurity and save you from turning over valuable personal or university information to cyber criminals.

Want to do more? You can use Duo to secure your personal accounts like Google, Facebook, Dropbox, Twitter, Snapchat and tons more. Is that still not secure enough for you? Check out it.iu.edu/jobs; you may have a promising career in IT security ahead of you!