BYU is now implementing MFA (multi-factor authentication) across the board, for both students and faculty. They are using a service called Duo, but it has caused some to complain. Is the app it worth it?
Brigham Young University is a well-known private university in Utah, known for being associated with the LDS Church and their “Holy War” rivalry with the University of Utah. Fibernet sits just a few mile away from its campus. However, they are getting put on the map again for recent phishing attacks. In fact, the attacks have grown in scale, and BYU has implemented two-factor authentication called Duo and done it system-wide.
For the 36,000 BYU 9students and almost 2,000 faculty members, this means a new requirement of downloading the Duo app and using it to log in to sensitive data, including grades and financial information. Mixed feelings about the required use of the app have brought its implementation in question, but believe me when I say that the benefits outweigh the costs.
What is Duo?
According to their website, Duo is a “comprehensive security solution confirms the identity of users and health of their devices before they connect to your applications. Duo makes security painless, so you can focus on what’s important.” At its heart, Duo is an app that connects to the login of a service, like BYU’s LearningSuite. It requires the user to log in normally, and then sends a request to the user’s device. The app notifies the user and sends an “approve/deny” request. It then replies back with the approved request to the sign-in, granting access.
This isn’t all Duo does. Besides functioning as a multi-factor authenticator, it also filters the information your device receives based on its security. From their website, Duo says “Our device access policies allow you to block any risky devices from accessing your data and apps, protecting your organization against software vulnerabilities. Plus, you can notify and/or require users to update their devices at login.”
Why Does BYU Use It?
A recent push in cyber security and an onslaught of phishing attacks has pushed BYU to action. In an email to students and users, they stated the following: “BYU has been targeted by real phishing attacks in the past where scammers have attempted to gain access to paychecks and personal information. Don’t be a victim. Use strong passwords, enroll in Duo, and be safe.” They created a website to educate users called besafe.byu.edu.
The website offers information on Duo and other security services used and offered by BYU, and also proprietary instructional videos on how to “BeSafe at BYU” with personal information. “Protect yourself and your virtual identity with better passwords, system updates, security software, phishing and spam detection skills, and more. Start learning how you can improve your safety with these videos from BYU’s Office of Information Technology.”
The Bottom Line
If you’re a BYU student or faculty member, you are strongly encouraged to implement the MFA by downloading Duo and using it for secure login to the different tools and services the university offers. If you like the idea of being more secure or a single sign-on service that provides MFA and group access with unique credentials, check out Fibernet’s suite of security services here.