Information and Technology Services is encouraging students to turn on Duo two-factor login authentication before Jan. 29, 2020, when all students on U-M’s Ann Arbor, Dearborn and Flint campuses will be required to use Duo at Weblogin.

“Use of two-factor authentication is a worldwide IT security best practice,” said Sol Bermann, executive director of the ITS Information Assurance team and campus chief information security officer. “Having all students use Duo — along with faculty and staff — helps the university protect its data and systems, as well as protect each individual’s personal information.” 

Faculty, staff, student employees and sponsored affiliates across all campuses and in Michigan Medicine have been required to use two-factor authentication since January. Nearly 100,000 individuals voluntarily turned on two-factor for Weblogin before the deadline. 

ITS launched a campaign this month encouraging students to turn on Duo two-factor authentication before 2020. More than half of students on the Ann Arbor campus are already using Duo — some because of their role as student employees, and others because they recognize the importance of online safety and security. 

“Simply put, one of the best options we have to protect ourselves and the institution against the time, reputation and resource costs associated with compromised accounts, identity theft and inappropriate access to data is two-factor authentication,” said DePriest Dockins, director of identity and access management in ITS Information Assurance. 

“Duo provides the university and students with the most options when it comes to using two-factor,” he said.

Most people prefer push notifications to the Duo mobile app on their phone or device, or obtaining app or text passcodes. Hardware tokens or YubiKeys are also an option and can be obtained from the Computer Showcase at no cost. 

ITS IA is collaborating with schools, colleges and units, as well as university groups and organizations that work closely with students, to communicate the benefits of two-factor authentication and to get nonusers to turn it on before the January deadline.  

“We are also engaging with student organizations and groups to make certain the university is responding to the unique and individualized needs of students,” Dockins said. 

An advisory group consisting of university representatives will provide input and recommendations throughout the Duo-for-students implementation process. Information and details about Duo two-factor authentication can be found on the ITS Safe Computing website. 

“It will take effort from every member of the Michigan community working collaboratively to protect our information assets,” said Ravi Pendse, vice president for information technology and chief information officer. “I am grateful to each one of you for your enthusiastic support as we provide our amazing students with resources such as two-factor authentication, which will enhance our overall security posture.”