CPP mandates 2-step authentication for all campus logins

By Conny Chavez, Mar. 2, 2021

Cal Poly Pomona is implementing two-factor authentication, adding a second layer of security to access all CPP online accounts. It is mandatory for the campus community to enroll in two-step authentication using the Duo Mobile app by April 8.

In compliance with the Chancellor’s Office Information Security Audit of 2012, the Chancellor’s Office purchased Duo Security services for all California State University campuses to utilize as an additional layer of cybersecurity. It is expected that all CSU campuses will transition to two-step authentication by the end of the current term.

“Higher education institutions are a top target for cyber criminals who are attracted to our thousands of employee and student identities, as well as research data,” said Carol Gonzalez, chief information security officer at CPP.

According to Gonzalez, 2-step authentication, or multi-factor authentication, is the top recommendation to secure online accounts. Multi-factor authentication reduces the risk of data loss and identity theft by providing proof of identity with multiple avenues of verification. This makes it more difficult for hackers to gain access to accounts.

“It only takes one account to compromise the infrastructure,” said Gonzalez. “If something were to happen, it would be negligence if the university weren’t to have two-step. It would be the first question (the Department of Education) would ask is if we had two-step.”

According to Gonzalez, CPP has been implementing multi-factor authentication since May 2019. The initiative began with enrolling staff that hold access to high level information and data.

Afterward, students who wished to change their direct deposit information were required to enroll in two-step authentication.

Yet, according to Gonzalez, as of Feb. 20, only 20% of CPP students are active on Duo Security.

Duo Security was founded in Ann Arbor, Michigan, in 2010 and quickly established offices across the United States and in London. Duo is popular among private companies and institutions such as Facebook, Duke University and Paramount for its various cybersecurity measures.

Duo reduces the risk of credential theft, something higher education systems constantly face as students are often targeted.

“Criminals watch the news too, so when they see that there is a COVID stimulus package going to students they think, ‘Hey, that’s an easy target to get lots and lots of money.’ So, it’s not specific to us; it’s across every institution across the country,” said David Drivdahl, executive

director of Cloud and Support Services and adjunct professor in the information science department at CPP.

Cybersecurity threats across the university system have spurred quicker implementation of the security protocols. CSU San Marcos was hacked on Oct.1, 2020, resulting in the university’s directory information being stolen. The hacker was able to access personal information of students and staff including phone numbers, names and email addresses. Soon after the attack, San Marcos implemented its two-step authentication through Duo Security.

Phishing emails are one of the most common cyberattacks. Phishing emails steal user data, swipe login credentials and even import a virus or malware through links or deceptive messages that claim familiar scenarios such as job opportunities or giveaways. CPP students often warn the campus community about these suspicious emails in the CPP subreddit.

Megan Stan, associate vice president of Student Affairs, appreciates the extra layer of cybersecurity that comes with the implementation of the Duo app as she has experienced phishing scam emails and was told by others that they have received phishing emails falsely using her identity.

“It’s convenient, and now it is an expectation for not just CPP but for other areas in life like finances and credit cards,” said Stan. “You know if any of us have been victims of breaches or frauds these types of things are reassuring.”

The entire CPP campus community is required to sign up for a two-step authentication using the Duo app by April 8. According to Drivdahl, after the entire campus community signs up for the two-step authentication, anything that is using a single sign on system will lock users out until they set up a multi-factor authentication.

To learn more about signing up for two-step authentication, students can visit the university’s two-step authentication webpage or contact the Bronco Advising Center during eService hours on Thursdays from 9:30 a.m. to 10:30 a.m.

Feature image courtesy of Franck. 

Verified by MonsterInsights