College of Education > News and Publications > 2016: 01-03 news > 2FA enrollment deadline approaching for College of Education

2FA enrollment deadline approaching for College of Education

Faculty and staff in the College of Education who have not yet enrolled in two-factor authentication (2FA) have until April 5 to register. After that date, College of Education faculty and staff who have not enrolled will be automatically forwarded to a 2FA required logon site when they attempt to to log in to WebAccess, the University’s authentication system that protects such systems as WebMail, ANGEL (and Canvas), the Employee Self-Service Information Center (ESSIC) and more.

Editor’s note: The following incorporates additional information specific to the College of Education into an article published as part of Penn State’s ongoing Secure Penn State series, which provides information about Penn State’s two-factor authentication (2FA) service and upcoming changes for faculty and staff.

Faculty and staff in the College of Education who have not yet enrolled in two-factor authentication (2FA) have until April 5 to register. After that date, College of Education faculty and staff who have not enrolled will be automatically forwarded to a 2FA required logon site when they attempt to to log in to WebAccess, the University’s authentication system that protects such systems as WebMail, ANGEL (and Canvas), the Employee Self-Service Information Center (ESSIC) and more.

“So far 416 people in the College have registered, which is fantastic,” said David Cochrane, College of Education IT manager. “The other 228 members of our College who have not yet registered can enroll anytime between now and April 5 to ensure a seamless transition and avoid disruptions logging into online systems and services.”

According to Information Technology Services, it also is important to enroll more than one device (such as a smartphone and desk phone) in 2FA to avoid difficulties authenticating if you lose or don’t have your only enrolled device with you.

Penn State students and retirees are not required to use 2FA. Research partners from other institutions (who access Penn State systems using Friends of Penn State accounts or their own university credentials) are also not required to use 2FA. However, some individuals in these groups (who work for the University or who have access to secure systems) may be required to enroll.

The 2FA process is now a Penn State requirement that offers a second layer of security similar to how you protect your bank account with a pin number (something you know) and debit card (something you have) when you withdraw money from an ATM.

Two-factor authentication
Using the Duo smartphone app as the device for two-factor authentication is easy. Step 1: Launch the app. Step 2: When the app receives the 2FA request, it displays an alert. Step 3: Following the alert’s directions, tap on the alert to respond and options to approve or deny appear. Step 4: Tap approve, and the request is approved, sending a signal back to Web Access to complete the login process.
After you have enrolled in 2FA, you will continue to log in to WebAccess with your Penn State user ID (i.e., xyz5000) and password (something you know). As part of the 2FA process, you also will need to confirm your identity using a device such as a mobile phone, tablet or desk phone (something you have).

To set up 2FA on mobile phone or tablet, users need to download a free Duo app. When signing in to Web Access, users will get a prompt to choose the method of 2FA to be used. Choosing Duo Push will send a signal to the Duo app on the registered phone or tablet, and the user then simply taps the screen to approve the request.

Another optional device for the 2FA process is a Duo Token. These are available for personal purchase through Software@PennState. Because there are other, free options, the College of Education has no plans to reimburse employees for purchase of this optional token. In addition, employees should note that the Duo token cannot be used as a substitute for any other Penn State security token, such as the Vasco Secure ID token.

Because 2FA uses two methods of authentication to verify your identity, it offers more than one layer of protection against the sophisticated tactics of cyber criminals and, therefore, makes Penn State information and your online identity less vulnerable to theft.

According to the 2015 Verizon Data Breach Investigations Report, 95 percent of breaches involve the exploitation of stolen credentials, many of which can be traced back to passwords stolen from company employees.

To guard against this type of theft, more than 20,000 Penn State students, faculty, and staff are already using 2FA to further safeguard personal and University information, intellectual property, research and data. Penn State is not alone in adopting 2FA. Amazon, Google+, Facebook, Twitter, and many other companies now offer 2FA to their customers, while students, faculty, and staff at such Big Ten universities as Michigan State University, University of Nebraska-Lincoln, and University of Minnesota are also using the method. In addition, President Obama recently endorsed 2FA as part of a national cybersecurity action plan.

How to get help

If you need assistance related to 2FA, contact the IT Service Desk at 2FAsupport@psu.edu. For instructions, enrollment tips and answers to commonly asked questions, visit Get2FA.psu.edu. Assistance also can be provided through the College IT Help Desk by going to help.educ.psu.edu online.

Annemarie Mountz (March 2016)