UBIT will launch a two-step verification for HUB in October, as it looks to prevent student account breaches by asking users to verify their identity on another device before logging in.
The measure is UBIT’s response to a non-UB website getting hacked in May 2018, when a hacker unsuccessfully attempted to gain access to students’ refund checks. There has also been an increase in attempts to gain access to university accounts around the globe, according to UB Information Security Officer Mark Herron. With the security of the two-step verification, UB hopes to reduce those chances.
“Two-step verification reduces the chances of something like this happening again to virtually zero — because, with two-step verification, a stolen password is not enough,” Herron said. “The scammers would also need access to your phone, or other verification device, to log in and do any damage.”
Once launched, students will receive an email or can go to the Duo two-step verification website to enroll. UBIT will then ask students to register a second device to protect their UBITName account. If students don’t want to register a phone, they can print backup codes from the website to use for the second step.
“The bottom line is that, if a student needs an additional way to log in, we will work with them to find a solution,” Herron said. “We invite students to look at the list of options once the open enrollment period begins, then contact the UBIT Help Center if additional solutions are needed.”
UBIT said students may be “annoyed” by the extra step to access their accounts, but the measure is to ensure their security. UBIT administered a survey of Master of Business Administration students about the verification, and found that most students feel the measure is worth it. For students who find it inconvenient, Herron says the process is “as simple as protecting your car,” take a “few seconds to click the button or turn the key” and “carry your keys around.”
“Students may not be used to this new way of locking their accounts yet,” Herron said. “But our hope is that once the process of using your second step to log in becomes more of a habit, students will appreciate knowing their identities and personal information are safe.”
Alexandra Moyen is the assistant news editor and can be reached at alexandra.moyen@ubspectrum.com and on Twitter @AlexandraMoyen.
CORRECTION: The May 2018 security breach was via a non-UB website.
Alexandra Moyen is the senior features editor of The Spectrum.
