Penn State community encouraged to enroll in two-factor authentication

New system will add an extra layer of protection to University accounts, services

A Penn State employee uses two-factor authentication on a smartphone. Credit: Tom FlachAll Rights Reserved.

Your personal data and research are at risk now more than ever before.

According to international digital security company Gemalto, 1 billion records were compromised globally in 2014, an increase of almost 80 percent over 2013. The main motive was identity theft, and the continent targeted the most was North America, with 76 percent of all breaches.

With so much personal and institutional information to safeguard, Penn State is expanding and accelerating its two-factor authentication system, which uses two steps to identify individuals online. At Penn State, the first step is verifying a person’s Penn State user ID and password. The second is a randomly generated passcode that only that person has access to or a notification that’s sent to his or her mobile or landline phone. Together with the Penn State user ID and password, two-factor authentication provides an extra layer of protection to accounts, databases and servers.

All Penn State students, faculty and staff are encouraged to enroll in the two-factor authentication system to help protect their data and the University. Signing up now ensures information will have an enhanced level of protection as soon as services are integrated with two-factor authentication.

SIGN UP NOW: To learn more about two-factor authentication and for information on how to enroll, visit

At Penn State, access to many online systems is tied to a Penn State Access Account — the key to logging in to email, ESSIC and many other services students, faculty and staff commonly use. To implement and improve two-factor authentication across the University, Penn State has partnered with Duo Security, a cloud security company. The Duo Security app can be used on a variety of mobile devices as well as on landline phones and tokens.

“With the increasing risk of cyber attacks, two-factor authentication has become an essential component of keeping information safe,” said Renee Shuey, director of Penn State Identity Services. “It’s our responsibility to our students, faculty and staff to ensure that only the people who should have access to our systems do have access. It protects their safety and the reputation of the University.”

Even if you’ve never heard of two-factor authentication, you’ve almost certainly used it. An ATM is a simple example — you supply your PIN (something you know) along with your ATM card (something you have).

As hackers and hacking software become more sophisticated, two-factor authentication has become essential. Nick Roy, technical manager in Identity Services, said passwords aren’t enough anymore — even strong passwords can be hacked by the right password-cracking tool.

“There’s a lot of critical information exchanged here at the University,” said Roy. “The Applied Research Laboratory does extremely sensitive research, and the Penn State Milton S. Hershey Medical Center retains private information, as well. Plus, the University is responsible for safeguarding all the personal information of its employees. It is critically important to keep all of that information safe.”

Two-factor authentication has been implemented in pilot groups — Penn State Outreach and Online Education, and Penn State Undergraduate Admissions — as well as across all of Penn State Milton S. Hershey Medical Center, including all remote access services.

Jeff Campbell, a member of Penn State Hershey’s cyber security team, said implementing two-factor authentication was important due to the sensitive information stored there.

“Not only is there patient information that needs to be protected, but research data, and student and employee information, as well,” Campbell said.

Campbell says two-factor authentication also protects users from phishing attacks — a scam in which you receive an email claiming to be from an institution you trust, like Penn State’s Office of the University Registrar, and prompting you to enter your log-in information. With two-factor authentication, even if you reveal your password, the hacker won’t have your enabled device to complete the log in.

Having this extra barrier of protection provides many benefits to both the University and each individual user.

For the end-user, there’s the confidence of knowing that access to essential Penn State resources is protected by an additional layer of security. The service also takes minimal time to set up and use.

“It’s true that two-factor authentication does require an extra step or two,” said Kevin Morooney, vice provost for Information Technology at Penn State. “But the benefits of additional security far outweigh any inconveniences in our daily work lives.”

Within the coming months, Penn State will enable two-factor authentication on many systems and services across the University. Signing up now means you’ll be prepared and protected as soon as services are integrated with two-factor authentication.

To learn more about two-factor authentication and for information on how to enroll, visit

Last Updated July 22, 2015