New information security system coming soon
A message from Roger Gair about the launch of Duo Security, a two-factor authentication system.
This information was sent to all colleagues in an all staff email on Thursday 26 November 2020.
Last year over 3,200 University accounts were compromised, putting the University’s data and reputation at risk and causing a lot of inconvenience to the users whose accounts were compromised. To improve security and help you protect your account, we are introducing Duo Security, a two-factor authentication system and some staff are already using it. It is the same kind of system that is used for online banking and services like Google and Amazon. Rather than just needing your password (something you know), you also need another factor (something you have). This second factor is commonly an app on your phone. This means that even if someone knows your password they won’t be able to access your account. It only takes a few extra seconds to log on, but your account is much more secure.
Why do I need this?
Passwords are increasingly easy to compromise. They can often be stolen, guessed, or hacked — you might not even know if someone is accessing your account.
Two-factor authentication provides a second layer of security to any type of login, by requiring two types of information before you can log in. These two types include entering your password (as you already do) and then confirming your login, usually through an app on your phone or through a different device.
This means that even if someone knows your password, they won’t be able to access your account. By using Duo Security, you'll be alerted right away if someone is trying to log in as you.
When it is rolled out, Duo two factor authentication will be mandatory for all University staff.
What systems will be covered by Duo?
Initially, Office 365 and the Virtual Windows Desktop (VWD) will be protected by Duo. This does not affect how you first log on to your computer.
This means when you login to Office 365 or VWD you will still enter your username and password, but will then be asked to complete second-factor authentication. Duo does not replace your password or require you to change your username and password – it is an extra layer of security.
What do I need to do?
The easiest way to use Duo is to install the Duo Mobile app on your mobile phone or tablet, and we recommend you do that now. It is available from the Apple App Store and in the Google Play store for Android phones. You can find a list of supported operating systems on the Duo website (guide.duo.com). The mobile app may also work on some older operating systems, but you will receive a warning that you are using an older system when you use it.
If you do not have a smartphone, you can also use text messages to authenticate rather than the app.
If you do not have a mobile phone or tablet that you can use please contact the IT Service Desk
You will receive a reminder from the IT Service Desk one week before you need to enrol, followed by the enrolment email from Duo.
If you are already using Duo you will not receive the enrolment email and will not need to do anything.
Using email on your mobile devices
The native email client on most Android phones will not work with Duo two factor authentication.
We strongly recommend you use the Outlook app to access your University email account on your mobile device. This can be downloaded from the Google Play store.
We strongly recommend you use the Outlook app to access your University email account on your mobile device. This can be downloaded from the Apple App Store.
If you prefer to continue using the Apple native mail app you will need to re-configure it as described on the IT website