What is Two-factor Authentication?
Two-factor authentication uses two pieces of information to establish the identity of a user trying to access a service. One method, your Georgia Tech password, you have used for a long time. Some other factors used for verified identity are fingerprints, retina scans, numeric codes, and portable tokens. Using two of these verification factors together gives a much stronger identity process than just a password alone. You may be familiar with two-factor authentication as it is commonly used in banking, cloud solutions such as Dropbox, email services such as Gmail, or social/productivity sites such as Google+ or Facebook.
How Does Two-factor Authentication Work?
Two-factor authentication keeps information safe by requiring you to provide a second layer of security, usually in the form of a generated number, to a login screen before accessing a protected application. Because the second authentication is independent of your username and password, if your password is stolen, the web application using two-factor authentication is safe from attempted hackers.
Why Is Georgia Tech Implementing Two-factor Authentication?
The drive to provide additional protection to the campus was spurred on by a hacking attack in 2014 that occurred during the Thanksgiving weekend and affected the salaries of some Tech employees. After a thorough investigation, the FBI as well as Tech's own Cyber Security team, strongly recommended implementing two-factor authentication to better protect Tech’s assets and service.
Two-factor authentication is Georgia Tech’s effort to further secure our network application data, intellectual property, and user accounts by requiring a second level of authentication when accessing Georgia Tech network resources. The upgraded CAS service will continue to offer a first layer of security when entering a username and password. Additionally, it will now require a "second" - the two-factor- layer when accessing Georgia Tech applications and services.
What is Duo?
Duo Security, a cloud-based security company provides an additional layer of security through its app, "DUO". Georgia Tech has partnered with Duo Security to provide the two-factor authentication service to campus. Once your IT support team has enabled two-factor authentication on your Georgia Tech account, in addition to using your usual username and password to log in, you will need to authenticate your identity by using the Duo app through one of your devices or a secure telephone. The use of Duo will be required to access protected sites including TechWorks and Office365 as well as the Virtual Private Network (VPN) via Cisco.
What Other Institutions Are Using Two-factor Authentication?
Georgia Tech isn't alone in requiring its faculty and staff to use a second source of authentication to keep its assets and data safe. Here are just a few peer universities using two-factor authentication.
NC State University
Pennsylvania State University
University of Michigan
University of Minnesota
University of Texas