Like most of our peers, Carleton is placing a greater emphasis on two-factor authentication as an essential part of our overall security posture in the face of growing threats. Duo, our two-factor authentication solution, will become required for all Carleton faculty, staff, and students on March 30, 2018.
What is this?
Two-factor authentication is a way of combining a password — something you know — with another form of identification — something you have — like a smartphone or hardware token. The basic idea is that passwords are easy to steal and easy to guess; if your password is compromised, the attacker can access your financial data, your academic records, your email, and pretty much anything else at Carleton. Duo creates a second layer of security that is almost impossible for an attacker to break directly. It is the single best improvement you can make to the security of your Carleton account. By extension, universal two-factor is the single best security-related improvement we can make for Carleton as a whole.
What’s in it for me?
In addition to better protection for your data, once you enroll in Duo you will no longer be required to change your password every year. You can also take advantage of relaxed password policies for Duo users (but you’ll have to change your password once more to do so).
Okay… what do I need to do?
If you haven’t already done so, you should enroll in Duo. Enrollment only takes a few minutes, but you’ll want to have your preferred second-factor device close at hand. Most Carls use a smartphone; Duo provides a great App (for Android, iOS, and Windows phones) and we generally consider it the best and easiest option. Duo can also send you text messages or call you directly. The app can also generate codes, even if you don’t have an internet connection. ITS recommends that you configure more than one device. For Carleton faculty and staff, it is common to use your office landline as a secondary device in addition to your smartphone. If you don’t have a smartphone, ITS can provide hardware tokens (keychain-sized devices that generate a code on demand) for free upon request. You can also generate one-time passcodes from Duo that you can write down and take with you just in case.
What if I have questions?
Start with our main documentation article in Carlpedia or check out the FAQ (which we’re updating all the time). You can also call the ITS helpdesk at x5999, stop by in person at the CMC or Libe, or email us at firstname.lastname@example.org. We’re also hosting drop-in sessions every week from now through March 30th and we’ll be doing some additional outreach throughout the next month.