UNIVERSITY PARK, Pa. — Penn State’s Office of Information Security (OIS) is reminding students who haven’t enrolled in Two-Factor Authentication (2FA), the University’s identity-verification system that protects accounts from cyberattacks, to do so immediately for safe, secure access to Penn State sites and services.
Enrolling in 2FA is easy and should take less than 10 minutes. It can help stop cyberattacks by adding a second level of identity verification via a push notification sent to a device authorized by the user. This additional security is more important than ever, since OIS has detected a surge in malicious activity in recent weeks as Penn State has shifted to remote learning. Last year, OIS detected 3,500 compromised accounts for the year. This year, the number of accounts compromised is already at 2,500.
“Our responsibility to safeguard University data and information is especially vital in this remote learning environment,” Penn State Acting Chief Information Security Officer Rich Sparrow said. “Students, faculty and staff are relying on IT services more and more, and 2FA’s ability to correctly identify authorized Penn State affiliates can help deter phishing attacks and will continue to prevent cyberattackers from gaining access to Penn State accounts, systems and networks.”
The effects of account compromise can be particularly harmful for students. Attackers who gain access to student accounts could drop classes, alter enrollment and tuition, and attempt to acquire important financial information.
“2FA really is what prevents a lot of the negative impacts of account compromise,” Sparrow said. “The sooner you enroll, the sooner your account and all the information within it is safer.”
Already, more than 30,000 students have enrolled in 2FA, which uses the Duo Mobile application to send the verification push to their mobile devices.
Users who download the Duo Mobile app will receive a push notification each time they attempt to log in to their Penn State account. After entering login credentials, Duo will send a message to the user’s mobile device notifying them of the attempt to log in. Users may then approve the request on their mobile devices to complete the login process.
You may enroll more than one device in case your primary device is lost or damaged. Additional device options are also available for those who do not have access to a mobile phone.
Users can reduce the number of times they have to use 2FA when logging in to WebAccess by checking the “Remember me for 24 hours” checkbox. With this feature, users won’t be prompted to re-authenticate via 2FA for a period of 24 hours from the same device and web browser.