Augsburg University is improving account security by implementing Multi-factor authentication (MFA) using a product called Duo as a requirement of our cybersecurity insurance renewal.
Multi-factor authentication strengthens account security by using a second source of validation, like a phone or token, to verify your identity before granting access. Augsburg University is implementing multi-factor authentication for remote access to minimize the risk of a security breach and reduce information security insurance costs.
To meet our cybersecurity insurance requirements, MFA will be implemented prior to March 1, 2021.
Who does this affect?
Users connecting to Remote Work or the VPN will be required to verify their identity using multi-factor authentication. These services are used for off-campus access to
- Augsburg University network drives
At the moment, users will still be able to access these resources from on-campus without multi-factor authentication.
The protection of the private information of Augsburg University community members is of critical importance to Information Technology (IT). As data breaches become more sophisticated and common, our approach to information security must also evolve. Multi-factor authentication has been on the IT roadmap for some time, though this recent change in cybersecurity insurance requirements has sped up the timeline. Implementing multi-factor authentication is one way to satisfy regulatory and insurance requirements for data protection.
How does it work?
You’ll be invited by email to enroll a smartphone, tablet, or other device with Duo.
- The smartphone application offers quick notifications and authentication. You’ll download the Duo Mobile app from your device’s app store and follow the instructions to connect it to your Augnet account.
- If you do not have a smart phone, you can contact your LFC about other options for authenticating.
When you connect to Remote Work or the VPN, you’ll be asked to choose an authentication method.
- Duo Push – open the notification on your phone and choose Accept
- Passcode – you can generate a one-time use access code within the Duo mobile app. To login, you’ll enter your username and then “password, access code” in the password field.
Why is Augsburg using Duo?
Duo is a two-factor authentication provider that helps to secure access to applications. Due to the global prevalence of security breaches in recent years, Duo is being used as an additional measure to protect Augsburg services. Adding a second factor of authentication for logins greatly improves security. It would be much more difficult for a hacker to both know your password and have possession of your phone or another device.
Do I need to use a smartphone with Duo?
The Duo Mobile smartphone app is the recommended method since it is flexible and easy to use to authenticate. If you don’t have a smart phone, please contact your LFC to discuss alternative methods.
How does Duo work with my phone?
When you login to a MFA protected service (Remote Work or VPN), Augsburg’s system sends an encrypted message to Duo asking for the a “second factor” of authentication. Duo then sends a push notification to your smartphone app asking you to Accept or Deny the login attempt. Tapping accept on your phone let’s Duo know it is you, and then replies to Augsburg’s system that the login is secure. With good network connection, this all happens in a matter of seconds.
Does Duo make any changes to my smartphone or allow Augsburg University to control other information on my phone?
No, installing the Duo Mobile app only serves to provide a second layer of authentication for Augsburg University services. Permissions used by the application are limited to those required for this purpose and to ensure that the device is not already compromised.
Is the Duo app going to drain my phone’s battery?
The Duo Mobile app does not significantly affect battery usage when operating in the background because it does not persistently query for authentication requests.
What if I don’t have a screen lock or passcode on my phone?
In order to add a device to support Duo logins, you will need to first set up a screen lock, passcode, or biometric security on your phone before authenticating to Augsburg University services.
What devices can I use with Duo?
Duo supports authentication through Android (8+) and IOS (11+) smartphones and tablets, as well as physical authentication tokens. The Duo Mobile app on smartphones and tablets is the easiest, quickest, and most flexible method to use and is therefore recommended. The other options are more difficult requiring manual generation and entry of a changing passcode, and also incur additional costs to the University upon each authentication.
Will Augsburg be making additional security changes?
Yes. Augsburg IT will continue to track cybersecurity trends and make necessary changes to help ensure the security of the data you have access to (your own and potentially our students). In the months to come, more changes will be made including the retirement of outdated systems (Network file access via Apple File Protocol (AFP), old RDP servers) and integrating more systems into our MFA environment.