College to enact new IT security procedure

by Emily Sun | 4/9/19 2:10am

4-4-computers-lorraineliu-campus-it

Dartmouth will transfer to a two-factor authentication IT security system by the end of this summer.

by Lorraine Liu / The Dartmouth

In a campus-wide email sent on March 28, Dartmouth’s chief information security officer Steve Nyman announced the implementation of two-factor authentication through the security company Duo for all Dartmouth systems. Information, Technology and Consulting plans to use Duo 2FA for all users’ email services beginning on May 13; the rest of Dartmouth’s web-based services will migrate to 2FA by the end of summer.

According to Matthew Brabazon, an application infrastructure administrator for ITC, Duo 2FA was chosen to replace the current system, which relies heavily on security questions, because of concerns that the questions themselves did not provide enough security. He added that the goal is to complete this transition by the beginning of the next school year.

2FA is a system that increases the security of Dartmouth online services by requiring two factors — such as a password for the account as well as a code sent to a cell phone — to confirm the user’s identity. ITC hopes that this change will lead to better security and improve user experiences.

Duo’s 2FA is not only easy to set up and use, but it also offers a variety of second-factor solutions, according to Andrew Johnson, a member of ITC’s database administration team. These solutions include Duo’s mobile app, Touch ID, phone callbacks and one-time passcodes.

“Duo is great [in] that it offers all these different options for all these second factors,” Johnson said. “Google Authenticator and [others] don’t offer that many different options.”

Many other universities — including Harvard University and Cornell University — as well as financial and healthcare companies utilize two-factor authentication, Johnson said. 

Some students think that the added security bonus outweighs the extra effort to authenticate their accounts.

“I think two-factor authentication systems in general take a lot of time to coordinate,” Manuel Patino ’22 said. “But in the end if it’s worth it [for] someone’s security, then it’s worth it.”

Devanshi Udeshi ’22 said that she thinks the new system will help prevent College accounts from being hacked.

“Personally, I’ve never used any two-factor authentication services offered by other platforms, so it wouldn’t mean very much to me,” Devanshi Udeshi ’22 said. “But it’s still overall a good preventative measure for hacking cases.”

As of now, roughly 3,000 Dartmouth students, staff, and faculty have pre-enrolled in Duo services in advance of their mandatory implementation, according to Johnson. He added that while the faculty and staff were given presentations that guided them through the Duo enrollment process, students were expected to enroll themselves. However, Johnson said staff members will be intermittently stationed at tables around campus to help students enroll their accounts over the course of the term. 

In an effort to increase the number of enrollees, ITC will be conducting a raffle every Monday in the following weeks for those who have already signed up for Duo. Prizes include a $100 Amazon, Computer Store or Coop Food Store gift card.

“The whole goal is to get people pre-enrolled, so the day we do the cut-over for the first service, it’s not a surprise to anybody,” Johnson said. “The 2FA enroll page that we have actually allows [people] to verify that it’s working. We’re hoping that that will be helpful.”

Udeshi is a former member of The Dartmouth staff.