Duo two-factor authentication to be required Jan. 23
More than 86,000 University of Michigan community members have turned on Duo two-factor authentication for Weblogin and are helping to increase IT security on the Ann Arbor, Dearborn and Flint campuses, and at Michigan Medicine.
The university will turn on Duo on Jan. 23 for faculty, staff, student employees and sponsored affiliates who have not yet enrolled.
“We want faculty and staff to have uninterrupted access to U-M services when the deadline arrives,” said DePriest Dockins, director of identity and access management in Information and Technology Services Information Assurance, and the Duo@Weblogin project lead.
“Individuals who wait until the last minute or who have not turned on two-factor by the go-live date will experience delays accessing services and could negatively impact their school, college, or unit’s business that day and the days that follow.”
Since the “Turn on Two-Factor for Weblogin” campaign began in October, several steps have been taken to encourage individuals to turn on the tool before the deadline:
• Targeted emails have been sent regularly to those not enrolled in Duo, as well as those who have enrolled but not turned on two-factor for Weblogin.
• Expanded help documentation and videos were published on the Safe Computing website.
• Prize drawings were held for those who turned on Duo before the winter break.
• A U-M Duo tool was launched to help individuals determine whether they were using two-factor and, if not, assist them with turning it on.
• The U-M Weblogin page touted a banner reminding people to turn on two-factor. As of January, those not using Duo are encountering an interrupt screen encouraging them to do so.
• A Duo dashboard was shared with deans, directors, department heads and unit IT staff, which allowed them to track their unit’s progress.
Services that reside behind Weblogin include, but aren’t limited to, Box at U-M, Canvas, eResearch, Google Apps at U-M, MCommunity, MReports, Tableau, WebNow, and Wolverine Access, which includes Concur, Employee Self-Service, Faculty Business, Travel Registration, and University Business.
The overwhelming majority of university community members prefer using the Duo Mobile app on their smartphone, but other options are available to address individual circumstances and needs.
Employees who are quickly becoming familiar with Duo are taking advantage of the seven-day “Remember me” function, offline passcodes, and tips for traveling with two-factor.
Advice on two-factor options and tips for using the tool are available on the Safe Computing website, by contacting the ITS Service Center and by reaching out to IT staff in schools, colleges or units.
“For faculty and staff who have not turned on two-factor, the best way to avoid disruptions is to enroll in Duo right away,” Dockins said.